New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libs: protection: x86_64: drop root requirement for querying #8549
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jodh-intel, just one comment, but overall lgtm.
@@ -13,7 +13,7 @@ use std::path::Path; | |||
use std::path::PathBuf; | |||
use thiserror::Error; | |||
|
|||
#[cfg(any(target_arch = "s390x", target_arch = "x86_64"))] | |||
#[cfg(any(target_arch = "s390x", target_arch = "powerpc64le"))] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Out of curiosity, why powerpc64le was added here?
It seems not related to this commit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added a comment to the commit. Basically PPC64 needs this import fwics but it was previously missing.
It is no longer necessary to be `root` to query the guest protection (TDX) on `x86_64` systems, so drop the requirement. > **Note:** > > This change drops the `nix` `Uid` import required for the `root` check. > But at the same time it adds it for PPC64le since that implementation of > `available_guest_protection()` needs it and it was previously missing. Fixes: kata-containers#8548. Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Remove the redundant `kata-ctl` `root` check when running the `env` command. This check duplicated the `GuestProtection` check, and that check is now no longer necessary anyway. Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
487b1c3
to
e1caca3
Compare
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jodh-intel LGTM.
It is no longer necessary to be
root
to query the guest protection(TDX) on
x86_64
systems, so drop the requirement.Also update
kata-ctl
to remove the duplicate, and now redundant, root check.Fixes: #8548.
Signed-off-by: James O. D. Hunt james.o.hunt@intel.com