Skip to content

microsoft/hcsshim

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
39 branches 136 tags
Code

Latest commit

@helsaawy
helsaawy Build components in CodeQL pipeline (#1970)
5c75f29 Nov 14, 2023
Build components in CodeQL pipeline (#1970) 
Need to build binaries for CodeQL to work:

> For the compiled languages C/C++, C#, Go, Java, and Swift, the process of populating
> this database involves building the code and extracting data.

docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#about-the-codeql-analysis-workflow-and-compiled-languages

Without explicit build commands between CodeQL `init` and `analyze`
steps, CodeQL will attempt to automatically build go code using the
following logic:
docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#autobuild-for-go

This can be see in the `CodeQL Analyze` step in out pipelines:

```
Attempting to automatically build go code
  Autobuilder was built with go1.21.3, environment has go1.20.10
  LGTM_SRC is /home/runner/work/hcsshim/hcsshim
  Found go.mod, enabling go modules
  Import path is 'github.com/microsoft/hcsshim'
  Makefile found.
  Trying build command make []
  make: *** No rule to make target 'base.tar.gz', needed by 'out/initrd.img'.  Stop.
  Running /usr/bin/make failed, continuing anyway: exit status 2
  Build failed, continuing to install dependencies.
  Skipping dependency installation because a Go vendor directory was found.
  Running extractor command '/opt/hostedtoolcache/CodeQL/2.15.2/x64/codeql/go/tools/linux64/go-extractor [-mod=vendor ./...]' from directory '.'.
  <...>
```

Rather than rely on autobuild, explicitly configure CodeQL and build
necessary targets.

Skip running CodeQL on PRs if no code is changed.

Based on workflow:
github.com/github/codeql/blob/0342b3eba242476cea815e601942021092d0bc10/.github/workflows/codeql-analysis.yml

Signed-off-by: Hamza El-Saawy <hamzaelsaawy@microsoft.com>
5c75f29

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github
Build components in CodeQL pipeline (#1970)
November 14, 2023 14:52
cmd
Update build tags, lint entire repo for Linux (#1968)
November 13, 2023 16:13
computestorage
computestorage: Fix incorrect syscall in DestroyLayer
August 14, 2023 23:11
ext4
Update tar2ext4 to convert forward slashes (#1847)
July 26, 2023 13:43
hack
Remove godeps from makefile (#1750)
May 4, 2023 16:07
hcn
Add new "DisableHostPort" network flag
November 2, 2023 13:52
init
Move all non gcs code to top level
May 17, 2021 15:13
internal
Check for SNP before fetching SNP report (#1967)
November 14, 2023 11:59
osversion
Use RtlGetVersion instead of GetVersion (#1846)
July 28, 2023 10:09
pkg
Check for SNP before fetching SNP report (#1967)
November 14, 2023 11:59
scripts
[test] Log to ETW for benchmarks; retry layer removal (#1947)
October 25, 2023 11:07
test
uvmboot and gcs.test bug fix (#1966)
November 10, 2023 14:58
tools
Create tools package to isolate dependencies (#1840)
July 18, 2023 11:39
vendor
Add additional registry values to uVM via annotation (#1963)
November 10, 2023 14:42
vsockexec
lf line endings opengcs files
May 21, 2021 16:48
.gitattributes
Unset text attribute for vendored files in gitattributes
May 9, 2022 17:16
.gitignore
Use gh cli to download releases (#1792)
May 30, 2023 13:34
.golangci.yml
Add more go vet checks (#1849)
August 17, 2023 17:45
CODEOWNERS
Take off hcn package codeowners line
May 4, 2021 17:07
LICENSE
Remove whitespace from LICENSE
April 6, 2017 12:04
Makefile
Remove godeps from makefile (#1750)
May 4, 2023 16:07
Protobuild.toml
Updated containerd1.7; google.golang.org/protobuf (#1706)
July 10, 2023 11:25
README.md
Remove vendor dir in /test (#1417)
June 3, 2022 16:30
SECURITY.md
Microsoft mandatory file
June 7, 2022 10:08
container.go
spelling (#1365)
April 22, 2022 11:46
errors.go
Adding build constraints (#1340)
April 5, 2022 01:07
go.mod
Add additional registry values to uVM via annotation (#1963)
November 10, 2023 14:42
go.sum
Add additional registry values to uVM via annotation (#1963)
November 10, 2023 14:42
hcsshim.go
Switch to go-winio/tools/mkwinsyscall (#1409)
September 26, 2022 15:56
hnsendpoint.go
gofmt -s the world
August 15, 2022 23:53
hnsglobals.go
Adding build constraints (#1340)
April 5, 2022 01:07
hnsnetwork.go
Adding build constraints (#1340)
April 5, 2022 01:07
hnspolicy.go
Expose the Proxy policy types for Endpoint
February 5, 2020 17:22
hnspolicylist.go
Adding build constraints (#1340)
April 5, 2022 01:07
hnssupport.go
Adding build constraints (#1340)
April 5, 2022 01:07
interface.go
Adding build constraints (#1340)
April 5, 2022 01:07
layer.go
cimfs: Add a LayerWriter for writing cim layers (#1873)
November 1, 2023 11:11
process.go
Adding build constraints (#1340)
April 5, 2022 01:07
zsyscall_windows.go
Switch to go-winio/tools/mkwinsyscall (#1409)
September 26, 2022 15:56
hcsshim Building Linux Hyper-V Container Guest Agent Containerd Shim Contributing Code of Conduct Dependencies Reporting Security Issues

README.md

hcsshim

Build status

This package contains the Golang interface for using the Windows Host Compute Service (HCS) to launch and manage Windows Containers. It also contains other helpers and functions for managing Windows Containers such as the Golang interface for the Host Network Service (HNS), as well as code for the guest agent (commonly referred to as the GCS or Guest Compute Service in the codebase) used to support running Linux Hyper-V containers.

It is primarily used in the Moby and Containerd projects, but it can be freely used by other projects as well.

Building

While this repository can be used as a library of sorts to call the HCS apis, there are a couple binaries built out of the repository as well. The main ones being the Linux guest agent, and an implementation of the runtime v2 containerd shim api.

Linux Hyper-V Container Guest Agent

To build the Linux guest agent itself all that's needed is to set your GOOS to "Linux" and build out of ./cmd/gcs.

C:\> $env:GOOS="linux"
C:\> go build .\cmd\gcs\

or on a Linux machine

> go build ./cmd/gcs

If you want it to be packaged inside of a rootfs to boot with alongside all of the other tools then you'll need to provide a rootfs that it can be packaged inside of. An easy way is to export the rootfs of a container.

docker pull busybox
docker run --name base_image_container busybox
docker export base_image_container | gzip > base.tar.gz
BASE=./base.tar.gz
make all

If the build is successful, in the ./out folder you should see:

> ls ./out/
delta.tar.gz  initrd.img  rootfs.tar.gz

Containerd Shim

For info on the Runtime V2 API: https://github.com/containerd/containerd/blob/master/runtime/v2/README.md.

Contrary to the typical Linux architecture of shim -> runc, the runhcs shim is used both to launch and manage the lifetime of containers.

C:\> $env:GOOS="windows"
C:\> go build .\cmd\containerd-shim-runhcs-v1

Then place the binary in the same directory that Containerd is located at in your environment. A default Containerd configuration file can be generated by running:

.\containerd.exe config default | Out-File "C:\Program Files\containerd\config.toml" -Encoding ascii

This config file will already have the shim set as the default runtime for cri interactions.

To trial using the shim out with ctr.exe:

C:\> ctr.exe run --runtime io.containerd.runhcs.v1 --rm mcr.microsoft.com/windows/nanoserver:2004 windows-test cmd /c "echo Hello World!"

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

We also require that contributors sign their commits using git commit -s or git commit --signoff to certify they either authored the work themselves or otherwise have permission to use it in this project. Please see https://developercertificate.org/ for more info, as well as to make sure that you can attest to the rules listed. Our CI uses the DCO Github app to ensure that all commits in a given PR are signed-off.

Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Dependencies

This project requires Golang 1.17 or newer to build.

For system requirements to run this project, see the Microsoft docs on Windows Container requirements.

Reporting Security Issues

Security issues and bugs should be reported privately, via email, to the Microsoft Security Response Center (MSRC) at secure@microsoft.com. You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Further information, including the MSRC PGP key, can be found in the Security TechCenter.

For additional details, see Report a Computer Security Vulnerability on Technet

Copyright (c) 2018 Microsoft Corp. All rights reserved.

About

Windows - Host Compute Service Shim

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity

Stars

503 stars

Watchers

74 watching

Forks

233 forks
Report repository

Releases 124

v0.11.4 Latest
Nov 2, 2023
+ 123 releases

Packages

No packages published

Used by 11.6k

  • @Arlet2
  • @mheers
  • @Sam12121
  • @NatYou345
  • @konstantinfoerster
  • @Sam12121
  • @sp1999
  • @Sam12121
+ 11,602

Contributors 100

+ 89 contributors

Languages