From 50085caebe3bec6de07ed94e601cf3a797bf3dda Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Mon, 3 Aug 2020 14:50:14 -0700 Subject: [PATCH 1/2] vendor: Vendor in github.com/kata-containers/agent Shortlog: 96d8dd3 actions: Add action to perform checks for pull requests 5dc7ae4 device: Ease device access for rootfs device to allow node creation b08eb7e release: Kata Containers 1.12.0-alpha0 abb006c RFC: namespaces: Allow container with agent PID namespace c01192e device: Allow to use the predicted 'VmPath' when adding blk devices a88af32 device: Do not allow container access to the nvdimm rootfs Signed-off-by: Archana Shinde --- Gopkg.lock | 4 +- Gopkg.toml | 2 +- .../agent/protocols/grpc/agent.pb.go | 418 ++++++++++-------- 3 files changed, 235 insertions(+), 189 deletions(-) diff --git a/Gopkg.lock b/Gopkg.lock index 193b2c04ba..62a3f626e4 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -427,7 +427,7 @@ revision = "6c3315ba8a4262df4300b735b2c53ce3b15d21dd" [[projects]] - digest = "1:dc74f6b065e6204ee3a90ce4209dae99126a110a4cd318f696a69a781916c849" + digest = "1:f03425555be45830e86903bba35dd82a1b76e322beff9873e6b888d2b054c217" name = "github.com/kata-containers/agent" packages = [ "pkg/types", @@ -435,7 +435,7 @@ "protocols/grpc", ] pruneopts = "NUT" - revision = "906f7e2e4c52c568f0d990b3c049f863546df848" + revision = "e921aa3d0fa39cbd7933c15bd6ae7f0a1d7ab757" [[projects]] digest = "1:58999a98719fddbac6303cb17e8d85b945f60b72f48e3a2df6b950b97fa926f1" diff --git a/Gopkg.toml b/Gopkg.toml index be8459e87e..f1058f6bc0 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -52,7 +52,7 @@ [[constraint]] name = "github.com/kata-containers/agent" - revision = "906f7e2e4c52c568f0d990b3c049f863546df848" + revision = "e921aa3d0fa39cbd7933c15bd6ae7f0a1d7ab757" [[constraint]] name = "github.com/containerd/cri-containerd" diff --git a/vendor/github.com/kata-containers/agent/protocols/grpc/agent.pb.go b/vendor/github.com/kata-containers/agent/protocols/grpc/agent.pb.go index 9d036d60f9..775f313330 100644 --- a/vendor/github.com/kata-containers/agent/protocols/grpc/agent.pb.go +++ b/vendor/github.com/kata-containers/agent/protocols/grpc/agent.pb.go @@ -141,6 +141,11 @@ type CreateContainerRequest struct { // The agent would receive an OCI spec with PID namespace cleared // out altogether and not just the pid ns path. SandboxPidns bool `protobuf:"varint,7,opt,name=sandbox_pidns,json=sandboxPidns,proto3" json:"sandbox_pidns,omitempty"` + // This field is used to indicate if container should just join the + // the pid namespace of the agent. This functionality is added to + // allow debug containers/sidecars to have access to the main pid + // namespace. + AgentPidns bool `protobuf:"varint,8,opt,name=agent_pidns,json=agentPidns,proto3" json:"agent_pidns,omitempty"` } func (m *CreateContainerRequest) Reset() { *m = CreateContainerRequest{} } @@ -197,6 +202,13 @@ func (m *CreateContainerRequest) GetSandboxPidns() bool { return false } +func (m *CreateContainerRequest) GetAgentPidns() bool { + if m != nil { + return m.AgentPidns + } + return false +} + type StartContainerRequest struct { ContainerId string `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"` } @@ -3154,6 +3166,16 @@ func (m *CreateContainerRequest) MarshalTo(dAtA []byte) (int, error) { } i++ } + if m.AgentPidns { + dAtA[i] = 0x40 + i++ + if m.AgentPidns { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i++ + } return i, nil } @@ -5345,6 +5367,9 @@ func (m *CreateContainerRequest) Size() (n int) { if m.SandboxPidns { n += 2 } + if m.AgentPidns { + n += 2 + } return n } @@ -6516,6 +6541,26 @@ func (m *CreateContainerRequest) Unmarshal(dAtA []byte) error { } } m.SandboxPidns = bool(v != 0) + case 8: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field AgentPidns", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAgent + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + m.AgentPidns = bool(v != 0) default: iNdEx = preIndex skippy, err := skipAgent(dAtA[iNdEx:]) @@ -13415,190 +13460,191 @@ var ( func init() { proto.RegisterFile("agent.proto", fileDescriptorAgent) } var fileDescriptorAgent = []byte{ - // 2957 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x39, 0x4b, 0x6f, 0x1c, 0xc7, - 0xd1, 0xd8, 0x07, 0x97, 0xbb, 0xb5, 0x2f, 0x6e, 0x93, 0xa2, 0x56, 0x2b, 0x5b, 0x9f, 0x3c, 0xb6, - 0x65, 0xfa, 0xf3, 0xe7, 0xa5, 0x2d, 0x1b, 0x96, 0x1f, 0xf0, 0x27, 0x88, 0x14, 0x4d, 0xd2, 0xb6, - 0x2c, 0x66, 0x28, 0xc1, 0x01, 0x82, 0x60, 0x30, 0x9c, 0x69, 0xee, 0xb6, 0xb9, 0x33, 0x3d, 0xee, - 0xe9, 0xa1, 0xb8, 0x0e, 0x90, 0x63, 0x72, 0xcb, 0x2d, 0xb9, 0xe5, 0x0f, 0x04, 0xb9, 0xe5, 0x98, - 0x6b, 0x0e, 0x46, 0x4e, 0xf9, 0x05, 0x41, 0xe0, 0x9f, 0x90, 0x5f, 0x10, 0xf4, 0x6b, 0x1e, 0xbb, - 0xcb, 0x75, 0x42, 0x10, 0xc8, 0x65, 0x30, 0x5d, 0x5d, 0x5d, 0xaf, 0xee, 0xaa, 0xae, 0xaa, 0x86, - 0xa6, 0x3b, 0xc2, 0x21, 0x1f, 0x46, 0x8c, 0x72, 0x8a, 0xaa, 0x23, 0x16, 0x79, 0x83, 0x06, 0xf5, - 0x88, 0x02, 0x0c, 0x3e, 0x18, 0x11, 0x3e, 0x4e, 0x4e, 0x86, 0x1e, 0x0d, 0xb6, 0xcf, 0x5c, 0xee, - 0xbe, 0xed, 0xd1, 0x90, 0xbb, 0x24, 0xc4, 0x2c, 0xde, 0x96, 0x0b, 0xb7, 0xa3, 0xb3, 0xd1, 0x36, - 0x9f, 0x46, 0x38, 0x56, 0x5f, 0xbd, 0xee, 0xf6, 0x88, 0xd2, 0xd1, 0x04, 0x6f, 0xcb, 0xd1, 0x49, - 0x72, 0xba, 0x8d, 0x83, 0x88, 0x4f, 0xd5, 0xa4, 0xf5, 0xfb, 0x32, 0x6c, 0xee, 0x32, 0xec, 0x72, - 0xbc, 0x6b, 0xa8, 0xd9, 0xf8, 0xdb, 0x04, 0xc7, 0x1c, 0xbd, 0x02, 0xad, 0x94, 0x83, 0x43, 0xfc, - 0x7e, 0xe9, 0x6e, 0x69, 0xab, 0x61, 0x37, 0x53, 0xd8, 0xa1, 0x8f, 0x6e, 0xc2, 0x2a, 0xbe, 0xc0, - 0x9e, 0x98, 0x2d, 0xcb, 0xd9, 0x9a, 0x18, 0x1e, 0xfa, 0xe8, 0x5d, 0x68, 0xc6, 0x9c, 0x91, 0x70, - 0xe4, 0x24, 0x31, 0x66, 0xfd, 0xca, 0xdd, 0xd2, 0x56, 0xf3, 0xfe, 0xda, 0x50, 0xa8, 0x34, 0x3c, - 0x96, 0x13, 0xcf, 0x63, 0xcc, 0x6c, 0x88, 0xd3, 0x7f, 0x74, 0x0f, 0x56, 0x7d, 0x7c, 0x4e, 0x3c, - 0x1c, 0xf7, 0xab, 0x77, 0x2b, 0x5b, 0xcd, 0xfb, 0x2d, 0x85, 0xfe, 0x58, 0x02, 0x6d, 0x33, 0x89, - 0xde, 0x84, 0x7a, 0xcc, 0x29, 0x73, 0x47, 0x38, 0xee, 0xaf, 0x48, 0xc4, 0xb6, 0xa1, 0x2b, 0xa1, - 0x76, 0x3a, 0x8d, 0x5e, 0x82, 0xca, 0xd3, 0xdd, 0xc3, 0x7e, 0x4d, 0x72, 0x07, 0x8d, 0x15, 0x61, - 0xcf, 0x16, 0x60, 0xf4, 0x2a, 0xb4, 0x63, 0x37, 0xf4, 0x4f, 0xe8, 0x85, 0x13, 0x11, 0x3f, 0x8c, - 0xfb, 0xab, 0x77, 0x4b, 0x5b, 0x75, 0xbb, 0xa5, 0x81, 0x47, 0x02, 0x66, 0x7d, 0x0c, 0x37, 0x8e, - 0xb9, 0xcb, 0xf8, 0x15, 0xac, 0x63, 0x3d, 0x87, 0x4d, 0x1b, 0x07, 0xf4, 0xfc, 0x4a, 0xa6, 0xed, - 0xc3, 0x2a, 0x27, 0x01, 0xa6, 0x09, 0x97, 0xa6, 0x6d, 0xdb, 0x66, 0x68, 0xfd, 0xb1, 0x04, 0x68, - 0xef, 0x02, 0x7b, 0x47, 0x8c, 0x7a, 0x38, 0x8e, 0xff, 0x4b, 0xdb, 0xf5, 0x06, 0xac, 0x46, 0x4a, - 0x80, 0x7e, 0x55, 0xa2, 0xeb, 0x5d, 0x30, 0x52, 0x99, 0x59, 0xeb, 0x1b, 0xd8, 0x38, 0x26, 0xa3, - 0xd0, 0x9d, 0x5c, 0xa3, 0xbc, 0x9b, 0x50, 0x8b, 0x25, 0x4d, 0x29, 0x6a, 0xdb, 0xd6, 0x23, 0xeb, - 0x08, 0xd0, 0xd7, 0x2e, 0xe1, 0xd7, 0xc7, 0xc9, 0x7a, 0x1b, 0xd6, 0x0b, 0x14, 0xe3, 0x88, 0x86, - 0x31, 0x96, 0x02, 0x70, 0x97, 0x27, 0xb1, 0x24, 0xb6, 0x62, 0xeb, 0x91, 0x85, 0x61, 0xe3, 0x4b, - 0x12, 0x1b, 0x74, 0xfc, 0x9f, 0x88, 0xb0, 0x09, 0xb5, 0x53, 0xca, 0x02, 0x97, 0x1b, 0x09, 0xd4, - 0x08, 0x21, 0xa8, 0xba, 0x6c, 0x14, 0xf7, 0x2b, 0x77, 0x2b, 0x5b, 0x0d, 0x5b, 0xfe, 0x8b, 0x53, - 0x39, 0xc3, 0x46, 0xcb, 0xf5, 0x0a, 0xb4, 0xb4, 0xdd, 0x9d, 0x09, 0x89, 0xb9, 0xe4, 0xd3, 0xb2, - 0x9b, 0x1a, 0x26, 0xd6, 0x58, 0x14, 0x36, 0x9f, 0x47, 0xfe, 0x15, 0x1d, 0xfe, 0x3e, 0x34, 0x18, - 0x8e, 0x69, 0xc2, 0x84, 0x9b, 0x96, 0xe5, 0xbe, 0x6f, 0xa8, 0x7d, 0xff, 0x92, 0x84, 0xc9, 0x85, - 0x6d, 0xe6, 0xec, 0x0c, 0x4d, 0xbb, 0x10, 0x8f, 0xaf, 0xe2, 0x42, 0x1f, 0xc3, 0x8d, 0x23, 0x37, - 0x89, 0xaf, 0x22, 0xab, 0xf5, 0x89, 0x70, 0xbf, 0x38, 0x09, 0xae, 0xb4, 0xf8, 0x0f, 0x25, 0xa8, - 0xef, 0x46, 0xc9, 0xf3, 0xd8, 0x1d, 0x61, 0xf4, 0x3f, 0xd0, 0xe4, 0x94, 0xbb, 0x13, 0x27, 0x11, - 0x43, 0x89, 0x5e, 0xb5, 0x41, 0x82, 0x14, 0x82, 0x30, 0x3b, 0x66, 0x5e, 0x94, 0x68, 0x8c, 0xf2, - 0xdd, 0xca, 0x56, 0xd5, 0x6e, 0x2a, 0x98, 0x42, 0x19, 0xc2, 0xba, 0x9c, 0x73, 0x48, 0xe8, 0x9c, - 0x61, 0x16, 0xe2, 0x49, 0x40, 0x7d, 0x2c, 0xcf, 0x6f, 0xd5, 0xee, 0xc9, 0xa9, 0xc3, 0xf0, 0x8b, - 0x74, 0x02, 0xfd, 0x2f, 0xf4, 0x52, 0x7c, 0xe1, 0x94, 0x12, 0xbb, 0x2a, 0xb1, 0xbb, 0x1a, 0xfb, - 0xb9, 0x06, 0x5b, 0xbf, 0x84, 0xce, 0xb3, 0x31, 0xa3, 0x9c, 0x4f, 0x48, 0x38, 0x7a, 0xec, 0x72, - 0x57, 0x44, 0x8f, 0x08, 0x33, 0x42, 0xfd, 0x58, 0x4b, 0x6b, 0x86, 0xe8, 0x2d, 0xe8, 0x71, 0x85, - 0x8b, 0x7d, 0xc7, 0xe0, 0x94, 0x25, 0xce, 0x5a, 0x3a, 0x71, 0xa4, 0x91, 0x5f, 0x87, 0x4e, 0x86, - 0x2c, 0xe2, 0x8f, 0x96, 0xb7, 0x9d, 0x42, 0x9f, 0x91, 0x00, 0x5b, 0xe7, 0xd2, 0x56, 0x72, 0x93, - 0xd1, 0x5b, 0xd0, 0xc8, 0xec, 0x50, 0x92, 0x27, 0xa4, 0xa3, 0x4e, 0x88, 0x31, 0xa7, 0x5d, 0x4f, - 0x8d, 0xf2, 0x29, 0x74, 0x79, 0x2a, 0xb8, 0xe3, 0xbb, 0xdc, 0x2d, 0x1e, 0xaa, 0xa2, 0x56, 0x76, - 0x87, 0x17, 0xc6, 0xd6, 0x27, 0xd0, 0x38, 0x22, 0x7e, 0xac, 0x18, 0xf7, 0x61, 0xd5, 0x4b, 0x18, - 0xc3, 0x21, 0x37, 0x2a, 0xeb, 0x21, 0xda, 0x80, 0x95, 0x09, 0x09, 0x08, 0xd7, 0x6a, 0xaa, 0x81, - 0x45, 0x01, 0x9e, 0xe0, 0x80, 0xb2, 0xa9, 0x34, 0xd8, 0x06, 0xac, 0xe4, 0x37, 0x57, 0x0d, 0xd0, - 0x6d, 0x68, 0x04, 0xee, 0x45, 0xba, 0xa9, 0x62, 0xa6, 0x1e, 0xb8, 0x17, 0x4a, 0xf8, 0x3e, 0xac, - 0x9e, 0xba, 0x64, 0xe2, 0x85, 0x5c, 0x5b, 0xc5, 0x0c, 0x33, 0x86, 0xd5, 0x3c, 0xc3, 0xbf, 0x94, - 0xa1, 0xa9, 0x38, 0x2a, 0x81, 0x37, 0x60, 0xc5, 0x73, 0xbd, 0x71, 0xca, 0x52, 0x0e, 0xd0, 0x3d, - 0x23, 0x48, 0x39, 0x1f, 0x84, 0x33, 0x49, 0x8d, 0x68, 0xdb, 0x00, 0xf1, 0x0b, 0x37, 0xd2, 0xb2, - 0x55, 0x2e, 0x41, 0x6e, 0x08, 0x1c, 0x25, 0xee, 0x7b, 0xd0, 0x52, 0xe7, 0x4e, 0x2f, 0xa9, 0x5e, - 0xb2, 0xa4, 0xa9, 0xb0, 0xd4, 0xa2, 0x57, 0xa1, 0x9d, 0xc4, 0xd8, 0x19, 0x13, 0xcc, 0x5c, 0xe6, - 0x8d, 0xa7, 0xfd, 0x15, 0x75, 0x47, 0x26, 0x31, 0x3e, 0x30, 0x30, 0x74, 0x1f, 0x56, 0x44, 0xf8, - 0x8b, 0xfb, 0x35, 0x79, 0x1d, 0xbf, 0x94, 0x27, 0x29, 0x55, 0x1d, 0xca, 0xef, 0x5e, 0xc8, 0xd9, - 0xd4, 0x56, 0xa8, 0x83, 0x0f, 0x01, 0x32, 0x20, 0x5a, 0x83, 0xca, 0x19, 0x9e, 0x6a, 0x3f, 0x14, - 0xbf, 0xc2, 0x38, 0xe7, 0xee, 0x24, 0x31, 0x56, 0x57, 0x83, 0x8f, 0xcb, 0x1f, 0x96, 0x2c, 0x0f, - 0xba, 0x3b, 0x93, 0x33, 0x42, 0x73, 0xcb, 0x37, 0x60, 0x25, 0x70, 0xbf, 0xa1, 0xcc, 0x58, 0x52, - 0x0e, 0x24, 0x94, 0x84, 0x94, 0x19, 0x12, 0x72, 0x80, 0x3a, 0x50, 0xa6, 0x91, 0xb4, 0x57, 0xc3, - 0x2e, 0xd3, 0x28, 0x63, 0x54, 0xcd, 0x31, 0xb2, 0xfe, 0x5e, 0x05, 0xc8, 0xb8, 0x20, 0x1b, 0x06, - 0x84, 0x3a, 0x31, 0x66, 0x22, 0x05, 0x71, 0x4e, 0xa6, 0x1c, 0xc7, 0x0e, 0xc3, 0x5e, 0xc2, 0x62, - 0x72, 0x2e, 0xf6, 0x4f, 0xa8, 0x7d, 0x43, 0xa9, 0x3d, 0x23, 0x9b, 0x7d, 0x93, 0xd0, 0x63, 0xb5, - 0x6e, 0x47, 0x2c, 0xb3, 0xcd, 0x2a, 0x74, 0x08, 0x37, 0x32, 0x9a, 0x7e, 0x8e, 0x5c, 0x79, 0x19, - 0xb9, 0xf5, 0x94, 0x9c, 0x9f, 0x91, 0xda, 0x83, 0x75, 0x42, 0x9d, 0x6f, 0x13, 0x9c, 0x14, 0x08, - 0x55, 0x96, 0x11, 0xea, 0x11, 0xfa, 0x13, 0xb9, 0x20, 0x23, 0x73, 0x04, 0xb7, 0x72, 0x5a, 0x0a, - 0x77, 0xcf, 0x11, 0xab, 0x2e, 0x23, 0xb6, 0x99, 0x4a, 0x25, 0xe2, 0x41, 0x46, 0xf1, 0x73, 0xd8, - 0x24, 0xd4, 0x79, 0xe1, 0x12, 0x3e, 0x4b, 0x6e, 0xe5, 0x47, 0x94, 0x14, 0x97, 0x6e, 0x91, 0x96, - 0x52, 0x32, 0xc0, 0x6c, 0x54, 0x50, 0xb2, 0xf6, 0x23, 0x4a, 0x3e, 0x91, 0x0b, 0x32, 0x32, 0x8f, - 0xa0, 0x47, 0xe8, 0xac, 0x34, 0xab, 0xcb, 0x88, 0x74, 0x09, 0x2d, 0x4a, 0xb2, 0x03, 0xbd, 0x18, - 0x7b, 0x9c, 0xb2, 0xfc, 0x21, 0xa8, 0x2f, 0x23, 0xb1, 0xa6, 0xf1, 0x53, 0x1a, 0xd6, 0xcf, 0xa0, - 0x75, 0x90, 0x8c, 0x30, 0x9f, 0x9c, 0xa4, 0xc1, 0xe0, 0xda, 0xe2, 0x8f, 0xf5, 0xcf, 0x32, 0x34, - 0x77, 0x47, 0x8c, 0x26, 0x51, 0x21, 0x26, 0x2b, 0x27, 0x9d, 0x8d, 0xc9, 0x12, 0x45, 0xc6, 0x64, - 0x85, 0xfc, 0x3e, 0xb4, 0x02, 0xe9, 0xba, 0x1a, 0x5f, 0xc5, 0xa1, 0xde, 0x9c, 0x53, 0xdb, 0xcd, - 0x20, 0x17, 0xcc, 0x86, 0x00, 0x11, 0xf1, 0x63, 0xbd, 0x46, 0x85, 0xa3, 0xae, 0xce, 0x08, 0x4d, - 0x88, 0xb6, 0x1b, 0x51, 0x1a, 0xad, 0xdf, 0x85, 0xe6, 0x89, 0x30, 0x92, 0x5e, 0x50, 0x08, 0x46, - 0x99, 0xf5, 0x6c, 0x38, 0xc9, 0x9c, 0xf0, 0x00, 0xda, 0x63, 0x65, 0x32, 0xbd, 0x48, 0x9d, 0xa1, - 0x57, 0xb5, 0x26, 0x99, 0xbe, 0xc3, 0xbc, 0x65, 0xd5, 0x06, 0xb4, 0xc6, 0x39, 0xd0, 0xe0, 0x18, - 0x7a, 0x73, 0x28, 0x0b, 0x62, 0xd0, 0x56, 0x3e, 0x06, 0x35, 0xef, 0x23, 0xc5, 0x28, 0xbf, 0x32, - 0x1f, 0x97, 0x7e, 0x53, 0x86, 0xd6, 0x57, 0x98, 0xbf, 0xa0, 0xec, 0x4c, 0xc9, 0x8b, 0xa0, 0x1a, - 0xba, 0x01, 0xd6, 0x14, 0xe5, 0x3f, 0xba, 0x05, 0x75, 0x76, 0xa1, 0x02, 0x88, 0xde, 0xcf, 0x55, - 0x76, 0x21, 0x03, 0x03, 0x7a, 0x19, 0x80, 0x5d, 0x38, 0x91, 0xeb, 0x9d, 0x61, 0x6d, 0xc1, 0xaa, - 0xdd, 0x60, 0x17, 0x47, 0x0a, 0x20, 0x8e, 0x02, 0xbb, 0x70, 0x30, 0x63, 0x94, 0xc5, 0x3a, 0x56, - 0xd5, 0xd9, 0xc5, 0x9e, 0x1c, 0xeb, 0xb5, 0x3e, 0xa3, 0x51, 0x84, 0x7d, 0x19, 0xa3, 0xe5, 0xda, - 0xc7, 0x0a, 0x20, 0xb8, 0x72, 0xc3, 0xb5, 0xa6, 0xb8, 0xf2, 0x8c, 0x2b, 0xcf, 0xb8, 0xae, 0xaa, - 0x95, 0x3c, 0xcf, 0x95, 0xa7, 0x5c, 0xeb, 0x8a, 0x2b, 0xcf, 0x71, 0xe5, 0x19, 0xd7, 0x86, 0x59, - 0xab, 0xb9, 0x5a, 0xbf, 0x2e, 0xc1, 0xe6, 0x6c, 0xe2, 0xa7, 0xd3, 0xd4, 0xf7, 0xa1, 0xe5, 0xc9, - 0xfd, 0x2a, 0x9c, 0xc9, 0xde, 0xdc, 0x4e, 0xda, 0x4d, 0x2f, 0x77, 0x8c, 0x1f, 0x40, 0x3b, 0x54, - 0x06, 0x4e, 0x8f, 0x66, 0x25, 0xdb, 0x97, 0xbc, 0xed, 0xed, 0x56, 0x98, 0x1b, 0x59, 0x3e, 0xa0, - 0xaf, 0x19, 0xe1, 0xf8, 0x98, 0x33, 0xec, 0x06, 0xd7, 0x51, 0x80, 0x20, 0xa8, 0xca, 0x6c, 0xa5, - 0x22, 0xf3, 0x6b, 0xf9, 0x6f, 0xbd, 0x01, 0xeb, 0x05, 0x2e, 0x5a, 0xd7, 0x35, 0xa8, 0x4c, 0x70, - 0x28, 0xa9, 0xb7, 0x6d, 0xf1, 0x6b, 0xb9, 0xd0, 0xb3, 0xb1, 0xeb, 0x5f, 0x9f, 0x34, 0x9a, 0x45, - 0x25, 0x63, 0xb1, 0x05, 0x28, 0xcf, 0x42, 0x8b, 0x62, 0xa4, 0x2e, 0xe5, 0xa4, 0x7e, 0x0a, 0xbd, - 0xdd, 0x09, 0x8d, 0xf1, 0x31, 0xf7, 0x49, 0x78, 0x1d, 0x15, 0xd3, 0x2f, 0x60, 0xfd, 0x19, 0x9f, - 0x7e, 0x2d, 0x88, 0xc5, 0xe4, 0x3b, 0x7c, 0x4d, 0xfa, 0x31, 0xfa, 0xc2, 0xe8, 0xc7, 0xe8, 0x0b, - 0x51, 0x2c, 0x79, 0x74, 0x92, 0x04, 0xa1, 0x74, 0x85, 0xb6, 0xad, 0x47, 0xd6, 0x0e, 0xb4, 0x54, - 0x0e, 0xfd, 0x84, 0xfa, 0xc9, 0x04, 0x2f, 0xf4, 0xc1, 0x3b, 0x00, 0x91, 0xcb, 0xdc, 0x00, 0x73, - 0xcc, 0xd4, 0x19, 0x6a, 0xd8, 0x39, 0x88, 0xf5, 0xbb, 0x32, 0x6c, 0xa8, 0x96, 0xc8, 0xb1, 0xea, - 0x04, 0x18, 0x15, 0x06, 0x50, 0x1f, 0xd3, 0x98, 0xe7, 0x08, 0xa6, 0x63, 0x21, 0xa2, 0x1f, 0x1a, - 0x6a, 0xe2, 0xb7, 0xd0, 0xa7, 0xa8, 0x2c, 0xef, 0x53, 0xcc, 0x75, 0x22, 0xaa, 0xf3, 0x9d, 0x08, - 0xe1, 0x6d, 0x06, 0x89, 0x28, 0x1f, 0x6f, 0xd8, 0x0d, 0x0d, 0x39, 0xf4, 0xd1, 0x3d, 0xe8, 0x8e, - 0x84, 0x94, 0xce, 0x98, 0xd2, 0x33, 0x27, 0x72, 0xf9, 0x58, 0xba, 0x7a, 0xc3, 0x6e, 0x4b, 0xf0, - 0x01, 0xa5, 0x67, 0x47, 0x2e, 0x1f, 0xa3, 0x8f, 0xa0, 0xa3, 0xd3, 0xc0, 0x40, 0x9a, 0x28, 0xd6, - 0x97, 0x9f, 0xf6, 0xa2, 0xbc, 0xf5, 0xec, 0xf6, 0x59, 0x6e, 0x14, 0x5b, 0x37, 0xe1, 0xc6, 0x63, - 0x1c, 0x73, 0x46, 0xa7, 0x45, 0xc3, 0x58, 0xff, 0x0f, 0x70, 0x18, 0x72, 0xcc, 0x4e, 0x5d, 0x0f, - 0xc7, 0xe8, 0x9d, 0xfc, 0x48, 0x27, 0x47, 0x6b, 0x43, 0xd5, 0x91, 0x4a, 0x27, 0xec, 0x1c, 0x8e, - 0x35, 0x84, 0x9a, 0x4d, 0x13, 0x11, 0x8e, 0x5e, 0x33, 0x7f, 0x7a, 0x5d, 0x4b, 0xaf, 0x93, 0x40, - 0x5b, 0xcf, 0x59, 0x07, 0xa6, 0x84, 0xcd, 0xc8, 0xe9, 0x2d, 0x1a, 0x42, 0x83, 0x18, 0x98, 0x8e, - 0x2a, 0xf3, 0xac, 0x33, 0x14, 0xeb, 0x13, 0x58, 0x57, 0x94, 0x14, 0x65, 0x43, 0xe6, 0x35, 0xa8, - 0x31, 0x23, 0x46, 0x29, 0x6b, 0x45, 0x69, 0x24, 0x3d, 0x27, 0xec, 0x21, 0x2a, 0xea, 0x4c, 0x11, - 0x63, 0x8f, 0x75, 0xe8, 0x89, 0x89, 0x02, 0x4d, 0xeb, 0x33, 0x68, 0x3d, 0xb2, 0x8f, 0xbe, 0xc2, - 0x64, 0x34, 0x3e, 0x11, 0xd1, 0xf3, 0x83, 0xe2, 0x58, 0x2b, 0x8c, 0xb4, 0xb4, 0xb9, 0x29, 0xbb, - 0x80, 0x67, 0x7d, 0x0e, 0x9b, 0x8f, 0x7c, 0x3f, 0x0f, 0x32, 0x52, 0xbf, 0x03, 0x8d, 0x30, 0x47, - 0x2e, 0x77, 0x67, 0x15, 0xb0, 0x33, 0x24, 0xeb, 0xe7, 0xb0, 0xfe, 0x34, 0x9c, 0x90, 0x10, 0xef, - 0x1e, 0x3d, 0x7f, 0x82, 0xd3, 0x58, 0x84, 0xa0, 0x2a, 0x72, 0x36, 0x49, 0xa3, 0x6e, 0xcb, 0x7f, - 0xe1, 0x9c, 0xe1, 0x89, 0xe3, 0x45, 0x49, 0xac, 0xfb, 0x51, 0xb5, 0xf0, 0x64, 0x37, 0x4a, 0x62, - 0x71, 0xb9, 0x88, 0xe4, 0x82, 0x86, 0x93, 0xa9, 0xf4, 0xd0, 0xba, 0xbd, 0xea, 0x45, 0xc9, 0xd3, - 0x70, 0x32, 0xb5, 0xfe, 0x4f, 0x56, 0xe0, 0x18, 0xfb, 0xb6, 0x1b, 0xfa, 0x34, 0x78, 0x8c, 0xcf, - 0x73, 0x1c, 0xd2, 0x6a, 0xcf, 0x44, 0xa2, 0xef, 0x4b, 0xd0, 0x7a, 0x34, 0xc2, 0x21, 0x7f, 0x8c, - 0xb9, 0x4b, 0x26, 0xb2, 0xa2, 0x3b, 0xc7, 0x2c, 0x26, 0x34, 0xd4, 0xee, 0x66, 0x86, 0xa2, 0x20, - 0x27, 0x21, 0xe1, 0x8e, 0xef, 0xe2, 0x80, 0x86, 0x92, 0x4a, 0xdd, 0x06, 0x01, 0x7a, 0x2c, 0x21, - 0xe8, 0x0d, 0xe8, 0xaa, 0x7e, 0xa1, 0x33, 0x76, 0x43, 0x7f, 0x22, 0x1c, 0x5d, 0xf5, 0x4f, 0x3a, - 0x0a, 0x7c, 0xa0, 0xa1, 0xe8, 0x4d, 0x58, 0xd3, 0x6e, 0x98, 0x61, 0x56, 0x25, 0x66, 0x57, 0xc3, - 0x0b, 0xa8, 0x49, 0x14, 0x51, 0xc6, 0x63, 0x27, 0xc6, 0x9e, 0x47, 0x83, 0x48, 0x97, 0x43, 0x5d, - 0x03, 0x3f, 0x56, 0x60, 0x6b, 0x04, 0xeb, 0xfb, 0x42, 0x4f, 0xad, 0x49, 0x76, 0xac, 0x3a, 0x01, - 0x0e, 0x9c, 0x93, 0x09, 0xf5, 0xce, 0x1c, 0x11, 0x1c, 0xb5, 0x85, 0x45, 0xc2, 0xb5, 0x23, 0x80, - 0xc7, 0xe4, 0x3b, 0x59, 0xf9, 0x0b, 0xac, 0x31, 0xe5, 0xd1, 0x24, 0x19, 0x39, 0x11, 0xa3, 0x27, - 0x58, 0xab, 0xd8, 0x0d, 0x70, 0x70, 0xa0, 0xe0, 0x47, 0x02, 0x6c, 0xfd, 0xb9, 0x04, 0x1b, 0x45, - 0x4e, 0x3a, 0xd4, 0x6f, 0xc3, 0x46, 0x91, 0x95, 0xbe, 0xfe, 0x55, 0x7a, 0xd9, 0xcb, 0x33, 0x54, - 0x89, 0xc0, 0x03, 0x68, 0xcb, 0x26, 0xb2, 0xe3, 0x2b, 0x4a, 0xc5, 0xa4, 0x27, 0xbf, 0x2f, 0x76, - 0xcb, 0xcd, 0xef, 0xd2, 0x47, 0x70, 0x4b, 0xab, 0xef, 0xcc, 0x8b, 0xad, 0x0e, 0xc4, 0xa6, 0x46, - 0x78, 0x32, 0x23, 0xfd, 0x97, 0xd0, 0xcf, 0x40, 0x3b, 0x53, 0x09, 0xcc, 0x0e, 0xf3, 0xfa, 0x8c, - 0xb2, 0x8f, 0x7c, 0x9f, 0x49, 0x2f, 0xa9, 0xda, 0x8b, 0xa6, 0xac, 0x87, 0x70, 0xf3, 0x18, 0x73, - 0x65, 0x0d, 0x97, 0xeb, 0x4a, 0x44, 0x11, 0x5b, 0x83, 0xca, 0x31, 0xf6, 0xa4, 0xf2, 0x15, 0x5b, - 0xfc, 0x8a, 0x03, 0xf8, 0x3c, 0xc6, 0x9e, 0xd4, 0xb2, 0x62, 0xcb, 0x7f, 0xeb, 0x4f, 0x25, 0x58, - 0xd5, 0xc1, 0x59, 0x5c, 0x30, 0x3e, 0x23, 0xe7, 0x98, 0xe9, 0xa3, 0xa7, 0x47, 0xe8, 0x75, 0xe8, - 0xa8, 0x3f, 0x87, 0x46, 0x9c, 0xd0, 0x34, 0xe4, 0xb7, 0x15, 0xf4, 0xa9, 0x02, 0xca, 0xfe, 0xa0, - 0x6c, 0x7f, 0xe9, 0x4a, 0x53, 0x8f, 0x64, 0x93, 0x2f, 0x16, 0x1e, 0x2e, 0x43, 0x7c, 0xc3, 0xd6, - 0x23, 0x71, 0xd4, 0x0d, 0xbd, 0x15, 0x49, 0xcf, 0x0c, 0xc5, 0x51, 0x0f, 0x68, 0x12, 0x72, 0x27, - 0xa2, 0x24, 0xe4, 0x3a, 0xa6, 0x83, 0x04, 0x1d, 0x09, 0x88, 0xf5, 0xab, 0x12, 0xd4, 0x54, 0x8f, - 0x5c, 0xd4, 0xb6, 0xe9, 0xcd, 0x5a, 0x26, 0x32, 0x4b, 0x91, 0xbc, 0xd4, 0x6d, 0x2a, 0xff, 0x85, - 0x1f, 0x9f, 0x07, 0xea, 0x7e, 0xd0, 0xa2, 0x9d, 0x07, 0xf2, 0x62, 0x78, 0x1d, 0x3a, 0xd9, 0x05, - 0x2d, 0xe7, 0x95, 0x88, 0xed, 0x14, 0x2a, 0xd1, 0x2e, 0x95, 0xd4, 0xfa, 0xa9, 0x28, 0xe9, 0xd3, - 0xfe, 0xf0, 0x1a, 0x54, 0x92, 0x54, 0x18, 0xf1, 0x2b, 0x20, 0xa3, 0xf4, 0x6a, 0x17, 0xbf, 0xe8, - 0x1e, 0x74, 0x5c, 0xdf, 0x27, 0x62, 0xb9, 0x3b, 0xd9, 0x27, 0x7e, 0xea, 0xa4, 0x45, 0xa8, 0xf5, - 0xd7, 0x12, 0x74, 0x77, 0x69, 0x34, 0xfd, 0x8c, 0x4c, 0x70, 0x2e, 0x82, 0x48, 0x21, 0xf5, 0xcd, - 0x2e, 0xfe, 0x45, 0xb6, 0x7a, 0x4a, 0x26, 0x58, 0xb9, 0x96, 0xda, 0xd9, 0xba, 0x00, 0x48, 0xb7, - 0x32, 0x93, 0x69, 0xdb, 0xad, 0xad, 0x26, 0x9f, 0x50, 0x5f, 0xe6, 0xe5, 0x3e, 0x61, 0x4e, 0xda, - 0x64, 0x6b, 0xdb, 0xab, 0x3e, 0x61, 0x72, 0x4a, 0x2b, 0xb2, 0x22, 0xfb, 0xbc, 0x79, 0x45, 0x6a, - 0x0a, 0x22, 0x14, 0xd9, 0x84, 0x1a, 0x3d, 0x3d, 0x8d, 0x31, 0x97, 0x19, 0x74, 0xc5, 0xd6, 0xa3, - 0x34, 0xcc, 0xd5, 0x73, 0x61, 0xee, 0x06, 0xac, 0xcb, 0x17, 0x85, 0x67, 0xcc, 0xf5, 0x48, 0x38, - 0x32, 0xd7, 0xc3, 0x06, 0xa0, 0x63, 0x4e, 0xa3, 0x79, 0xe8, 0x3e, 0xe6, 0x4f, 0x9f, 0x3e, 0xd9, - 0x3b, 0xc7, 0x21, 0x37, 0xd0, 0xb7, 0xa1, 0x6e, 0x40, 0xff, 0x46, 0x5e, 0x75, 0xff, 0xb7, 0x3d, - 0x1d, 0x58, 0x75, 0x8d, 0x8e, 0xf6, 0xa1, 0x3b, 0xf3, 0xe6, 0x83, 0x74, 0xd3, 0x66, 0xf1, 0x53, - 0xd0, 0x60, 0x73, 0xa8, 0xde, 0x90, 0x86, 0xe6, 0x0d, 0x69, 0xb8, 0x17, 0x44, 0x7c, 0x8a, 0xf6, - 0xa0, 0x53, 0x7c, 0x1d, 0x41, 0xb7, 0x4d, 0x8e, 0xb3, 0xe0, 0xcd, 0xe4, 0x52, 0x32, 0xfb, 0xd0, - 0x9d, 0x79, 0x28, 0x31, 0xf2, 0x2c, 0x7e, 0x3f, 0xb9, 0x94, 0xd0, 0x43, 0x68, 0xe6, 0x5e, 0x46, - 0x50, 0x5f, 0x11, 0x99, 0x7f, 0x2c, 0xb9, 0x94, 0xc0, 0x2e, 0xb4, 0x0b, 0x8f, 0x15, 0x68, 0xa0, - 0xf5, 0x59, 0xf0, 0x82, 0x71, 0x29, 0x91, 0x1d, 0x68, 0xe6, 0xde, 0x0c, 0x8c, 0x14, 0xf3, 0x0f, - 0x13, 0x83, 0x5b, 0x0b, 0x66, 0x74, 0xfc, 0x3e, 0x80, 0x76, 0xa1, 0xc3, 0x6f, 0x04, 0x59, 0xf4, - 0xba, 0x30, 0xb8, 0xbd, 0x70, 0x4e, 0x53, 0xda, 0x87, 0xee, 0x4c, 0xbf, 0xdf, 0x18, 0x77, 0xf1, - 0x33, 0xc0, 0xa5, 0x6a, 0x7d, 0x21, 0x37, 0x3b, 0x57, 0xce, 0xe5, 0x36, 0x7b, 0xbe, 0xbb, 0x3f, - 0x78, 0x69, 0xf1, 0xa4, 0x96, 0x6a, 0x0f, 0x3a, 0xc5, 0xc6, 0xbe, 0x21, 0xb6, 0xb0, 0xdd, 0xbf, - 0xfc, 0xe4, 0x14, 0x7a, 0xfc, 0xd9, 0xc9, 0x59, 0xd4, 0xfa, 0xbf, 0x94, 0xd0, 0x23, 0x00, 0x5d, - 0xbc, 0xf9, 0x24, 0x4c, 0xb7, 0x6c, 0xae, 0x68, 0x4c, 0xb7, 0x6c, 0x41, 0xa1, 0xf7, 0x10, 0x40, - 0xd5, 0x5c, 0x3e, 0x4d, 0x38, 0xba, 0x69, 0xc4, 0x98, 0x29, 0xf4, 0x06, 0xfd, 0xf9, 0x89, 0x39, - 0x02, 0x98, 0xb1, 0xab, 0x10, 0xf8, 0x14, 0x20, 0xab, 0xe5, 0x0c, 0x81, 0xb9, 0xea, 0x6e, 0x89, - 0x0d, 0x5a, 0xf9, 0xca, 0x0d, 0x69, 0x5d, 0x17, 0x54, 0x73, 0x4b, 0x48, 0x74, 0x67, 0x32, 0xf3, - 0xe2, 0x61, 0x9b, 0x4d, 0xd8, 0x07, 0x73, 0xd9, 0x39, 0x7a, 0x00, 0xad, 0x7c, 0x4a, 0x6e, 0xa4, - 0x58, 0x90, 0xa6, 0x0f, 0x0a, 0x69, 0x39, 0x7a, 0x08, 0x9d, 0x62, 0x3a, 0x8e, 0x72, 0x7e, 0x31, - 0x97, 0xa4, 0x0f, 0x74, 0xb3, 0x29, 0x87, 0xfe, 0x1e, 0x40, 0x96, 0xb6, 0x1b, 0xf3, 0xcd, 0x25, - 0xf2, 0x33, 0x5c, 0xf7, 0xa1, 0x3b, 0x93, 0x8e, 0x1b, 0x8d, 0x17, 0x67, 0xe9, 0xcb, 0xac, 0x9f, - 0xbf, 0x17, 0x8c, 0xde, 0x0b, 0xee, 0x8a, 0x65, 0xe1, 0x2f, 0x77, 0x87, 0x98, 0x53, 0x3c, 0x7f, - 0xad, 0x2c, 0x0b, 0x7f, 0x85, 0xca, 0xd7, 0x44, 0x9d, 0x45, 0xe5, 0xf0, 0xb2, 0x4b, 0xa1, 0x58, - 0x26, 0x9a, 0x7d, 0x58, 0x58, 0x3c, 0x2e, 0xb3, 0x47, 0xbe, 0x36, 0x31, 0xf6, 0x58, 0x50, 0xaf, - 0xfc, 0x48, 0x74, 0xc8, 0xd7, 0x1f, 0xb9, 0xe8, 0xb0, 0xa0, 0x2c, 0xb9, 0x94, 0xd0, 0x01, 0x74, - 0xf7, 0x4d, 0x6a, 0xa9, 0xd3, 0x5e, 0x2d, 0xce, 0x82, 0x34, 0x7f, 0x30, 0x58, 0x34, 0xa5, 0x5d, - 0xf4, 0x0b, 0xe8, 0xcd, 0xa5, 0xbc, 0xe8, 0x4e, 0xda, 0x5c, 0x5d, 0x98, 0x0b, 0x5f, 0x2a, 0xd6, - 0x21, 0xac, 0xcd, 0x66, 0xbc, 0xe8, 0x65, 0xbd, 0xe9, 0x8b, 0x33, 0xe1, 0x4b, 0x49, 0x7d, 0x04, - 0x75, 0x93, 0x61, 0x21, 0xdd, 0xc4, 0x9e, 0xc9, 0xb8, 0x2e, 0x5d, 0xfa, 0x00, 0x9a, 0xb9, 0x1c, - 0xc5, 0x9c, 0xba, 0xf9, 0xb4, 0x65, 0xa0, 0x7b, 0xce, 0x06, 0xbc, 0xd3, 0xfa, 0xfe, 0x87, 0x3b, - 0xa5, 0xbf, 0xfd, 0x70, 0xa7, 0xf4, 0x8f, 0x1f, 0xee, 0x94, 0x4e, 0x6a, 0x92, 0xec, 0x7b, 0xff, - 0x0a, 0x00, 0x00, 0xff, 0xff, 0xe8, 0x9e, 0x94, 0x1d, 0x05, 0x23, 0x00, 0x00, + // 2967 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x39, 0x4b, 0x6f, 0x23, 0xc7, + 0xd1, 0xe0, 0x43, 0x14, 0x59, 0x7c, 0x89, 0x23, 0xad, 0x96, 0xcb, 0xb5, 0xf7, 0x5b, 0x8f, 0xed, + 0xb5, 0xfc, 0xf9, 0x33, 0x65, 0xaf, 0x0d, 0xaf, 0x1f, 0xf0, 0xb7, 0x58, 0x3d, 0x2c, 0xc9, 0xb6, + 0x2c, 0x65, 0xb4, 0x82, 0x03, 0x04, 0xc1, 0x60, 0x34, 0xd3, 0x22, 0xdb, 0xe2, 0x4c, 0x8f, 0x7b, + 0x7a, 0xb4, 0xa2, 0x03, 0xe4, 0x98, 0xdc, 0x72, 0x4b, 0x7e, 0x44, 0x90, 0x5b, 0x8e, 0x01, 0x72, + 0xca, 0xc1, 0xc8, 0x29, 0xbf, 0x20, 0x08, 0xfc, 0x13, 0xf2, 0x0b, 0x82, 0x7e, 0xcd, 0x83, 0x1c, + 0xd1, 0x89, 0x20, 0x20, 0x97, 0xc1, 0x54, 0x75, 0x75, 0xbd, 0xba, 0xbb, 0xba, 0xaa, 0x1a, 0x9a, + 0xce, 0x08, 0x05, 0x6c, 0x18, 0x52, 0xc2, 0x88, 0x51, 0x1d, 0xd1, 0xd0, 0x1d, 0x34, 0x88, 0x8b, + 0x25, 0x62, 0xf0, 0xc1, 0x08, 0xb3, 0x71, 0x7c, 0x36, 0x74, 0x89, 0xbf, 0x79, 0xe1, 0x30, 0xe7, + 0x6d, 0x97, 0x04, 0xcc, 0xc1, 0x01, 0xa2, 0xd1, 0xa6, 0x98, 0xb8, 0x19, 0x5e, 0x8c, 0x36, 0xd9, + 0x34, 0x44, 0x91, 0xfc, 0xaa, 0x79, 0xf7, 0x47, 0x84, 0x8c, 0x26, 0x68, 0x53, 0x40, 0x67, 0xf1, + 0xf9, 0x26, 0xf2, 0x43, 0x36, 0x95, 0x83, 0xe6, 0x9f, 0xcb, 0xb0, 0xbe, 0x4d, 0x91, 0xc3, 0xd0, + 0xb6, 0xe6, 0x66, 0xa1, 0x6f, 0x63, 0x14, 0x31, 0xe3, 0x15, 0x68, 0x25, 0x12, 0x6c, 0xec, 0xf5, + 0x4b, 0x0f, 0x4b, 0x1b, 0x0d, 0xab, 0x99, 0xe0, 0x0e, 0x3c, 0xe3, 0x2e, 0x2c, 0xa3, 0x2b, 0xe4, + 0xf2, 0xd1, 0xb2, 0x18, 0xad, 0x71, 0xf0, 0xc0, 0x33, 0xde, 0x85, 0x66, 0xc4, 0x28, 0x0e, 0x46, + 0x76, 0x1c, 0x21, 0xda, 0xaf, 0x3c, 0x2c, 0x6d, 0x34, 0x1f, 0xaf, 0x0c, 0xb9, 0x49, 0xc3, 0x13, + 0x31, 0x70, 0x1a, 0x21, 0x6a, 0x41, 0x94, 0xfc, 0x1b, 0x8f, 0x60, 0xd9, 0x43, 0x97, 0xd8, 0x45, + 0x51, 0xbf, 0xfa, 0xb0, 0xb2, 0xd1, 0x7c, 0xdc, 0x92, 0xe4, 0x3b, 0x02, 0x69, 0xe9, 0x41, 0xe3, + 0x4d, 0xa8, 0x47, 0x8c, 0x50, 0x67, 0x84, 0xa2, 0xfe, 0x92, 0x20, 0x6c, 0x6b, 0xbe, 0x02, 0x6b, + 0x25, 0xc3, 0xc6, 0x4b, 0x50, 0x39, 0xda, 0x3e, 0xe8, 0xd7, 0x84, 0x74, 0x50, 0x54, 0x21, 0x72, + 0x2d, 0x8e, 0x36, 0x5e, 0x85, 0x76, 0xe4, 0x04, 0xde, 0x19, 0xb9, 0xb2, 0x43, 0xec, 0x05, 0x51, + 0x7f, 0xf9, 0x61, 0x69, 0xa3, 0x6e, 0xb5, 0x14, 0xf2, 0x98, 0xe3, 0x8c, 0xff, 0x51, 0x8b, 0xa2, + 0x48, 0xea, 0x82, 0x04, 0x04, 0x4a, 0x10, 0x98, 0x1f, 0xc3, 0x9d, 0x13, 0xe6, 0x50, 0x76, 0x03, + 0xf7, 0x99, 0xa7, 0xb0, 0x6e, 0x21, 0x9f, 0x5c, 0xde, 0xc8, 0xf7, 0x7d, 0x58, 0x66, 0xd8, 0x47, + 0x24, 0x66, 0xc2, 0xf7, 0x6d, 0x4b, 0x83, 0xe6, 0x1f, 0x4a, 0x60, 0xec, 0x5e, 0x21, 0xf7, 0x98, + 0x12, 0x17, 0x45, 0xd1, 0x7f, 0x69, 0x3d, 0xdf, 0x80, 0xe5, 0x50, 0x2a, 0xd0, 0xaf, 0x0a, 0x72, + 0xb5, 0x4c, 0x5a, 0x2b, 0x3d, 0x6a, 0x7e, 0x03, 0x6b, 0x27, 0x78, 0x14, 0x38, 0x93, 0x5b, 0xd4, + 0x77, 0x1d, 0x6a, 0x91, 0xe0, 0x29, 0x54, 0x6d, 0x5b, 0x0a, 0x32, 0x8f, 0xc1, 0xf8, 0xda, 0xc1, + 0xec, 0xf6, 0x24, 0x99, 0x6f, 0xc3, 0x6a, 0x8e, 0x63, 0x14, 0x92, 0x20, 0x42, 0x42, 0x01, 0xe6, + 0xb0, 0x38, 0x12, 0xcc, 0x96, 0x2c, 0x05, 0x99, 0x08, 0xd6, 0xbe, 0xc4, 0x91, 0x26, 0x47, 0xff, + 0x89, 0x0a, 0xeb, 0x50, 0x3b, 0x27, 0xd4, 0x77, 0x98, 0xd6, 0x40, 0x42, 0x86, 0x01, 0x55, 0x87, + 0x8e, 0xa2, 0x7e, 0xe5, 0x61, 0x65, 0xa3, 0x61, 0x89, 0x7f, 0xbe, 0x2b, 0x67, 0xc4, 0x28, 0xbd, + 0x5e, 0x81, 0x96, 0xf2, 0xbb, 0x3d, 0xc1, 0x11, 0x13, 0x72, 0x5a, 0x56, 0x53, 0xe1, 0xf8, 0x1c, + 0x93, 0xc0, 0xfa, 0x69, 0xe8, 0xdd, 0x30, 0x22, 0x3c, 0x86, 0x06, 0x45, 0x11, 0x89, 0x29, 0x3f, + 0xc7, 0x65, 0xb1, 0xee, 0x6b, 0x72, 0xdd, 0xbf, 0xc4, 0x41, 0x7c, 0x65, 0xe9, 0x31, 0x2b, 0x25, + 0x53, 0x47, 0x88, 0x45, 0x37, 0x39, 0x42, 0x1f, 0xc3, 0x9d, 0x63, 0x27, 0x8e, 0x6e, 0xa2, 0xab, + 0xf9, 0x09, 0x3f, 0x7e, 0x51, 0xec, 0xdf, 0x68, 0xf2, 0xef, 0x4b, 0x50, 0xdf, 0x0e, 0xe3, 0xd3, + 0xc8, 0x19, 0x21, 0x1e, 0x25, 0x18, 0x61, 0xce, 0xc4, 0x8e, 0x39, 0x28, 0xc8, 0xab, 0x16, 0x08, + 0x94, 0x24, 0xe0, 0x6e, 0x47, 0xd4, 0x0d, 0x63, 0x45, 0x51, 0x7e, 0x58, 0xd9, 0xa8, 0x5a, 0x4d, + 0x89, 0x93, 0x24, 0x43, 0x58, 0x15, 0x63, 0x36, 0x0e, 0xec, 0x0b, 0x44, 0x03, 0x34, 0xf1, 0x89, + 0x87, 0xc4, 0xfe, 0xad, 0x5a, 0x3d, 0x31, 0x74, 0x10, 0x7c, 0x91, 0x0c, 0x18, 0xff, 0x0b, 0xbd, + 0x84, 0x9e, 0x1f, 0x4a, 0x41, 0x5d, 0x15, 0xd4, 0x5d, 0x45, 0x7d, 0xaa, 0xd0, 0xe6, 0x2f, 0xa1, + 0xf3, 0x7c, 0x4c, 0x09, 0x63, 0x13, 0x1c, 0x8c, 0x76, 0x1c, 0xe6, 0xf0, 0xe8, 0x11, 0x22, 0x8a, + 0x89, 0x17, 0x29, 0x6d, 0x35, 0x68, 0xbc, 0x05, 0x3d, 0x26, 0x69, 0x91, 0x67, 0x6b, 0x9a, 0xb2, + 0xa0, 0x59, 0x49, 0x06, 0x8e, 0x15, 0xf1, 0xeb, 0xd0, 0x49, 0x89, 0x79, 0xfc, 0x51, 0xfa, 0xb6, + 0x13, 0xec, 0x73, 0xec, 0x23, 0xf3, 0x52, 0xf8, 0x4a, 0x2c, 0xb2, 0xf1, 0x16, 0x34, 0x52, 0x3f, + 0x94, 0xc4, 0x0e, 0xe9, 0xc8, 0x1d, 0xa2, 0xdd, 0x69, 0xd5, 0x13, 0xa7, 0x7c, 0x0a, 0x5d, 0x96, + 0x28, 0x6e, 0x7b, 0x0e, 0x73, 0xf2, 0x9b, 0x2a, 0x6f, 0x95, 0xd5, 0x61, 0x39, 0xd8, 0xfc, 0x04, + 0x1a, 0xc7, 0xd8, 0x8b, 0xa4, 0xe0, 0x3e, 0x2c, 0xbb, 0x31, 0xa5, 0x28, 0x60, 0xda, 0x64, 0x05, + 0x1a, 0x6b, 0xb0, 0x34, 0xc1, 0x3e, 0x66, 0xca, 0x4c, 0x09, 0x98, 0x04, 0xe0, 0x10, 0xf9, 0x84, + 0x4e, 0x85, 0xc3, 0xd6, 0x60, 0x29, 0xbb, 0xb8, 0x12, 0x30, 0xee, 0x43, 0xc3, 0x77, 0xae, 0x92, + 0x45, 0xe5, 0x23, 0x75, 0xdf, 0xb9, 0x92, 0xca, 0xf7, 0x61, 0xf9, 0xdc, 0xc1, 0x13, 0x37, 0x60, + 0xca, 0x2b, 0x1a, 0x4c, 0x05, 0x56, 0xb3, 0x02, 0xff, 0x52, 0x86, 0xa6, 0x94, 0x28, 0x15, 0x5e, + 0x83, 0x25, 0xd7, 0x71, 0xc7, 0x89, 0x48, 0x01, 0x18, 0x8f, 0xb4, 0x22, 0xe5, 0x6c, 0x10, 0x4e, + 0x35, 0xd5, 0xaa, 0x6d, 0x02, 0x44, 0x2f, 0x9c, 0x50, 0xe9, 0x56, 0xb9, 0x86, 0xb8, 0xc1, 0x69, + 0xa4, 0xba, 0xef, 0x41, 0x4b, 0xee, 0x3b, 0x35, 0xa5, 0x7a, 0xcd, 0x94, 0xa6, 0xa4, 0x92, 0x93, + 0x5e, 0x85, 0x76, 0x1c, 0x21, 0x7b, 0x8c, 0x11, 0x75, 0xa8, 0x3b, 0x9e, 0xf6, 0x97, 0xe4, 0x25, + 0x1a, 0x47, 0x68, 0x5f, 0xe3, 0x8c, 0xc7, 0xb0, 0xc4, 0xc3, 0x5f, 0xd4, 0xaf, 0x89, 0xfb, 0xfa, + 0xa5, 0x2c, 0x4b, 0x61, 0xea, 0x50, 0x7c, 0x77, 0x03, 0x46, 0xa7, 0x96, 0x24, 0x1d, 0x7c, 0x08, + 0x90, 0x22, 0x8d, 0x15, 0xa8, 0x5c, 0xa0, 0xa9, 0x3a, 0x87, 0xfc, 0x97, 0x3b, 0xe7, 0xd2, 0x99, + 0xc4, 0xda, 0xeb, 0x12, 0xf8, 0xb8, 0xfc, 0x61, 0xc9, 0x74, 0xa1, 0xbb, 0x35, 0xb9, 0xc0, 0x24, + 0x33, 0x7d, 0x0d, 0x96, 0x7c, 0xe7, 0x1b, 0x42, 0xb5, 0x27, 0x05, 0x20, 0xb0, 0x38, 0x20, 0x54, + 0xb3, 0x10, 0x80, 0xd1, 0x81, 0x32, 0x09, 0x85, 0xbf, 0x1a, 0x56, 0x99, 0x84, 0xa9, 0xa0, 0x6a, + 0x46, 0x90, 0xf9, 0xf7, 0x2a, 0x40, 0x2a, 0xc5, 0xb0, 0x60, 0x80, 0x89, 0x1d, 0x21, 0xca, 0x73, + 0x14, 0xfb, 0x6c, 0xca, 0x50, 0x64, 0x53, 0xe4, 0xc6, 0x34, 0xc2, 0x97, 0x7c, 0xfd, 0xb8, 0xd9, + 0x77, 0xa4, 0xd9, 0x33, 0xba, 0x59, 0x77, 0x31, 0x39, 0x91, 0xf3, 0xb6, 0xf8, 0x34, 0x4b, 0xcf, + 0x32, 0x0e, 0xe0, 0x4e, 0xca, 0xd3, 0xcb, 0xb0, 0x2b, 0x2f, 0x62, 0xb7, 0x9a, 0xb0, 0xf3, 0x52, + 0x56, 0xbb, 0xb0, 0x8a, 0x89, 0xfd, 0x6d, 0x8c, 0xe2, 0x1c, 0xa3, 0xca, 0x22, 0x46, 0x3d, 0x4c, + 0x7e, 0x22, 0x26, 0xa4, 0x6c, 0x8e, 0xe1, 0x5e, 0xc6, 0x4a, 0x7e, 0xdc, 0x33, 0xcc, 0xaa, 0x8b, + 0x98, 0xad, 0x27, 0x5a, 0xf1, 0x78, 0x90, 0x72, 0xfc, 0x1c, 0xd6, 0x31, 0xb1, 0x5f, 0x38, 0x98, + 0xcd, 0xb2, 0x5b, 0xfa, 0x11, 0x23, 0xf9, 0xa5, 0x9b, 0xe7, 0x25, 0x8d, 0xf4, 0x11, 0x1d, 0xe5, + 0x8c, 0xac, 0xfd, 0x88, 0x91, 0x87, 0x62, 0x42, 0xca, 0xe6, 0x19, 0xf4, 0x30, 0x99, 0xd5, 0x66, + 0x79, 0x11, 0x93, 0x2e, 0x26, 0x79, 0x4d, 0xb6, 0xa0, 0x17, 0x21, 0x97, 0x11, 0x9a, 0xdd, 0x04, + 0xf5, 0x45, 0x2c, 0x56, 0x14, 0x7d, 0xc2, 0xc3, 0xfc, 0x19, 0xb4, 0xf6, 0xe3, 0x11, 0x62, 0x93, + 0xb3, 0x24, 0x18, 0xdc, 0x5a, 0xfc, 0x31, 0xff, 0x59, 0x86, 0xe6, 0xf6, 0x88, 0x92, 0x38, 0xcc, + 0xc5, 0x64, 0x79, 0x48, 0x67, 0x63, 0xb2, 0x20, 0x11, 0x31, 0x59, 0x12, 0xbf, 0x0f, 0x2d, 0x5f, + 0x1c, 0x5d, 0x45, 0x2f, 0xe3, 0x50, 0x6f, 0xee, 0x50, 0x5b, 0x4d, 0x3f, 0x13, 0xcc, 0x86, 0x00, + 0x21, 0xf6, 0x22, 0x35, 0x47, 0x86, 0xa3, 0xae, 0xca, 0x08, 0x75, 0x88, 0xb6, 0x1a, 0x61, 0x12, + 0xad, 0xdf, 0x85, 0xe6, 0x19, 0x77, 0x92, 0x9a, 0x90, 0x0b, 0x46, 0xa9, 0xf7, 0x2c, 0x38, 0x4b, + 0x0f, 0xe1, 0x3e, 0xb4, 0xc7, 0xd2, 0x65, 0x6a, 0x92, 0xdc, 0x43, 0xaf, 0x2a, 0x4b, 0x52, 0x7b, + 0x87, 0x59, 0xcf, 0xca, 0x05, 0x68, 0x8d, 0x33, 0xa8, 0xc1, 0x09, 0xf4, 0xe6, 0x48, 0x0a, 0x62, + 0xd0, 0x46, 0x36, 0x06, 0x35, 0x1f, 0x1b, 0x52, 0x50, 0x76, 0x66, 0x36, 0x2e, 0xfd, 0xa6, 0x0c, + 0xad, 0xaf, 0x10, 0x7b, 0x41, 0xe8, 0x85, 0xd4, 0xd7, 0x80, 0x6a, 0xe0, 0xf8, 0x48, 0x71, 0x14, + 0xff, 0xc6, 0x3d, 0xa8, 0xd3, 0x2b, 0x19, 0x40, 0xd4, 0x7a, 0x2e, 0xd3, 0x2b, 0x11, 0x18, 0x8c, + 0x97, 0x01, 0xe8, 0x95, 0x1d, 0x3a, 0xee, 0x05, 0x52, 0x1e, 0xac, 0x5a, 0x0d, 0x7a, 0x75, 0x2c, + 0x11, 0x7c, 0x2b, 0xd0, 0x2b, 0x1b, 0x51, 0x4a, 0x68, 0xa4, 0x62, 0x55, 0x9d, 0x5e, 0xed, 0x0a, + 0x58, 0xcd, 0xf5, 0x28, 0x09, 0x43, 0xe4, 0x89, 0x18, 0x2d, 0xe6, 0xee, 0x48, 0x04, 0x97, 0xca, + 0xb4, 0xd4, 0x9a, 0x94, 0xca, 0x52, 0xa9, 0x2c, 0x95, 0xba, 0x2c, 0x67, 0xb2, 0xac, 0x54, 0x96, + 0x48, 0xad, 0x4b, 0xa9, 0x2c, 0x23, 0x95, 0xa5, 0x52, 0x1b, 0x7a, 0xae, 0x92, 0x6a, 0xfe, 0xba, + 0x04, 0xeb, 0xb3, 0x89, 0x9f, 0x4a, 0x53, 0xdf, 0x87, 0x96, 0x2b, 0xd6, 0x2b, 0xb7, 0x27, 0x7b, + 0x73, 0x2b, 0x69, 0x35, 0xdd, 0xcc, 0x36, 0x7e, 0x02, 0xed, 0x40, 0x3a, 0x38, 0xd9, 0x9a, 0x95, + 0x74, 0x5d, 0xb2, 0xbe, 0xb7, 0x5a, 0x41, 0x06, 0x32, 0x3d, 0x30, 0xbe, 0xa6, 0x98, 0xa1, 0x13, + 0x46, 0x91, 0xe3, 0xdf, 0x46, 0x01, 0x62, 0x40, 0x55, 0x64, 0x2b, 0x15, 0x91, 0x5f, 0x8b, 0x7f, + 0xf3, 0x0d, 0x58, 0xcd, 0x49, 0x51, 0xb6, 0xae, 0x40, 0x65, 0x82, 0x02, 0xc1, 0xbd, 0x6d, 0xf1, + 0x5f, 0xd3, 0x81, 0x9e, 0x85, 0x1c, 0xef, 0xf6, 0xb4, 0x51, 0x22, 0x2a, 0xa9, 0x88, 0x0d, 0x30, + 0xb2, 0x22, 0x94, 0x2a, 0x5a, 0xeb, 0x52, 0x46, 0xeb, 0x23, 0xe8, 0x6d, 0x4f, 0x48, 0x84, 0x4e, + 0x98, 0x87, 0x83, 0xdb, 0xa8, 0x98, 0x7e, 0x01, 0xab, 0xcf, 0xd9, 0xf4, 0x6b, 0xce, 0x2c, 0xc2, + 0xdf, 0xa1, 0x5b, 0xb2, 0x8f, 0x92, 0x17, 0xda, 0x3e, 0x4a, 0x5e, 0xf0, 0x62, 0xc9, 0x25, 0x93, + 0xd8, 0x0f, 0xc4, 0x51, 0x68, 0x5b, 0x0a, 0x32, 0xb7, 0xa0, 0x25, 0x73, 0xe8, 0x43, 0xe2, 0xc5, + 0x13, 0x54, 0x78, 0x06, 0x1f, 0x00, 0x84, 0x0e, 0x75, 0x7c, 0xc4, 0x10, 0x95, 0x7b, 0xa8, 0x61, + 0x65, 0x30, 0xe6, 0xef, 0xca, 0xb0, 0x26, 0x7b, 0x26, 0x27, 0xb2, 0x55, 0xa0, 0x4d, 0x18, 0x40, + 0x7d, 0x4c, 0x22, 0x96, 0x61, 0x98, 0xc0, 0x5c, 0x45, 0x2f, 0xd0, 0xdc, 0xf8, 0x6f, 0xae, 0x91, + 0x51, 0x59, 0xdc, 0xc8, 0x98, 0x6b, 0x55, 0x54, 0x0b, 0x5a, 0x15, 0x2f, 0x03, 0x68, 0x22, 0x2c, + 0xcf, 0x78, 0xc3, 0x6a, 0x28, 0xcc, 0x81, 0x67, 0x3c, 0x82, 0xee, 0x88, 0x6b, 0x69, 0x8f, 0x09, + 0xb9, 0xb0, 0x43, 0x87, 0x8d, 0xc5, 0x51, 0x6f, 0x58, 0x6d, 0x81, 0xde, 0x27, 0xe4, 0xe2, 0xd8, + 0x61, 0x63, 0xe3, 0x23, 0xe8, 0xa8, 0x34, 0xd0, 0x17, 0x2e, 0x8a, 0xd4, 0xe5, 0xa7, 0x4e, 0x51, + 0xd6, 0x7b, 0x56, 0xfb, 0x22, 0x03, 0x45, 0xe6, 0x5d, 0xb8, 0xb3, 0x83, 0x22, 0x46, 0xc9, 0x34, + 0xef, 0x18, 0xf3, 0xff, 0x01, 0x0e, 0x02, 0x86, 0xe8, 0xb9, 0xe3, 0xa2, 0xc8, 0x78, 0x27, 0x0b, + 0xa9, 0xe4, 0x68, 0x65, 0x28, 0x5b, 0x56, 0xc9, 0x80, 0x95, 0xa1, 0x31, 0x87, 0x50, 0xb3, 0x48, + 0xcc, 0xc3, 0xd1, 0x6b, 0xfa, 0x4f, 0xcd, 0x6b, 0xa9, 0x79, 0x02, 0x69, 0xa9, 0x31, 0x73, 0x5f, + 0x97, 0xb0, 0x29, 0x3b, 0xb5, 0x44, 0x43, 0x68, 0x60, 0x8d, 0x53, 0x51, 0x65, 0x5e, 0x74, 0x4a, + 0x62, 0x7e, 0x02, 0xab, 0x92, 0x93, 0xe4, 0xac, 0xd9, 0xbc, 0x06, 0x35, 0xaa, 0xd5, 0x28, 0xa5, + 0xbd, 0x2a, 0x45, 0xa4, 0xc6, 0xb8, 0x3f, 0x78, 0x45, 0x9d, 0x1a, 0xa2, 0xfd, 0xb1, 0x0a, 0x3d, + 0x3e, 0x90, 0xe3, 0x69, 0x7e, 0x06, 0xad, 0x67, 0xd6, 0xf1, 0x57, 0x08, 0x8f, 0xc6, 0x67, 0x3c, + 0x7a, 0x7e, 0x90, 0x87, 0x95, 0xc1, 0x86, 0xd2, 0x36, 0x33, 0x64, 0xe5, 0xe8, 0xcc, 0xcf, 0x61, + 0xfd, 0x99, 0xe7, 0x65, 0x51, 0x5a, 0xeb, 0x77, 0xa0, 0x11, 0x64, 0xd8, 0x65, 0xee, 0xac, 0x1c, + 0x75, 0x4a, 0x64, 0xfe, 0x1c, 0x56, 0x8f, 0x82, 0x09, 0x0e, 0xd0, 0xf6, 0xf1, 0xe9, 0x21, 0x4a, + 0x62, 0x91, 0x01, 0x55, 0x9e, 0xb3, 0x09, 0x1e, 0x75, 0x4b, 0xfc, 0xf3, 0xc3, 0x19, 0x9c, 0xd9, + 0x6e, 0x18, 0x47, 0xaa, 0x1f, 0x55, 0x0b, 0xce, 0xb6, 0xc3, 0x38, 0xe2, 0x97, 0x0b, 0x4f, 0x2e, + 0x48, 0x30, 0x99, 0x8a, 0x13, 0x5a, 0xb7, 0x96, 0xdd, 0x30, 0x3e, 0x0a, 0x26, 0x53, 0xf3, 0xff, + 0x44, 0x05, 0x8e, 0x90, 0x67, 0x39, 0x81, 0x47, 0xfc, 0x1d, 0x74, 0x99, 0x91, 0x90, 0x54, 0x7b, + 0x3a, 0x12, 0x7d, 0x5f, 0x82, 0xd6, 0xb3, 0x11, 0x0a, 0xd8, 0x0e, 0x62, 0x0e, 0x9e, 0x88, 0x8a, + 0xee, 0x12, 0xd1, 0x08, 0x93, 0x40, 0x1d, 0x37, 0x0d, 0xf2, 0x82, 0x1c, 0x07, 0x98, 0xd9, 0x9e, + 0x83, 0x7c, 0x12, 0x08, 0x2e, 0x75, 0x0b, 0x38, 0x6a, 0x47, 0x60, 0x8c, 0x37, 0xa0, 0x2b, 0x1b, + 0x8a, 0xf6, 0xd8, 0x09, 0xbc, 0x09, 0x3f, 0xe8, 0xb2, 0x7f, 0xd2, 0x91, 0xe8, 0x7d, 0x85, 0x35, + 0xde, 0x84, 0x15, 0x75, 0x0c, 0x53, 0xca, 0xaa, 0xa0, 0xec, 0x2a, 0x7c, 0x8e, 0x34, 0x0e, 0x43, + 0x42, 0x59, 0x64, 0x47, 0xc8, 0x75, 0x89, 0x1f, 0xaa, 0x72, 0xa8, 0xab, 0xf1, 0x27, 0x12, 0x6d, + 0x8e, 0x60, 0x75, 0x8f, 0xdb, 0xa9, 0x2c, 0x49, 0xb7, 0x55, 0xc7, 0x47, 0xbe, 0x7d, 0x36, 0x21, + 0xee, 0x85, 0xcd, 0x83, 0xa3, 0xf2, 0x30, 0x4f, 0xb8, 0xb6, 0x38, 0xf2, 0x04, 0x7f, 0x27, 0x2a, + 0x7f, 0x4e, 0x35, 0x26, 0x2c, 0x9c, 0xc4, 0x23, 0x3b, 0xa4, 0xe4, 0x0c, 0x29, 0x13, 0xbb, 0x3e, + 0xf2, 0xf7, 0x25, 0xfe, 0x98, 0xa3, 0xcd, 0x3f, 0x95, 0x60, 0x2d, 0x2f, 0x49, 0x85, 0xfa, 0x4d, + 0x58, 0xcb, 0x8b, 0x52, 0xd7, 0xbf, 0x4c, 0x2f, 0x7b, 0x59, 0x81, 0x32, 0x11, 0x78, 0x02, 0x6d, + 0xd9, 0x09, 0xf5, 0x24, 0xa7, 0x7c, 0xd2, 0x93, 0x5d, 0x17, 0xab, 0xe5, 0x64, 0x57, 0xe9, 0x23, + 0xb8, 0xa7, 0xcc, 0xb7, 0xe7, 0xd5, 0x96, 0x1b, 0x62, 0x5d, 0x11, 0x1c, 0xce, 0x68, 0xff, 0x25, + 0xf4, 0x53, 0xd4, 0xd6, 0x54, 0x20, 0xd3, 0xcd, 0xbc, 0x3a, 0x63, 0xec, 0x33, 0xcf, 0xa3, 0xe2, + 0x94, 0x54, 0xad, 0xa2, 0x21, 0xf3, 0x29, 0xdc, 0x3d, 0x41, 0x4c, 0x7a, 0xc3, 0x61, 0xaa, 0x12, + 0x91, 0xcc, 0x56, 0xa0, 0x72, 0x82, 0x5c, 0x61, 0x7c, 0xc5, 0xe2, 0xbf, 0x7c, 0x03, 0x9e, 0x46, + 0xc8, 0x15, 0x56, 0x56, 0x2c, 0xf1, 0x6f, 0xfe, 0xb1, 0x04, 0xcb, 0x2a, 0x38, 0xf3, 0x0b, 0xc6, + 0xa3, 0xf8, 0x12, 0x51, 0xb5, 0xf5, 0x14, 0x64, 0xbc, 0x0e, 0x1d, 0xf9, 0x67, 0x93, 0x90, 0x61, + 0x92, 0x84, 0xfc, 0xb6, 0xc4, 0x1e, 0x49, 0xa4, 0xe8, 0x0f, 0x8a, 0xf6, 0x97, 0xaa, 0x34, 0x15, + 0x24, 0x9a, 0x7c, 0x11, 0x3f, 0xe1, 0x22, 0xc4, 0x37, 0x2c, 0x05, 0xf1, 0xad, 0xae, 0xf9, 0x2d, + 0x09, 0x7e, 0x1a, 0xe4, 0x5b, 0xdd, 0x27, 0x71, 0xc0, 0xec, 0x90, 0xe0, 0x80, 0xa9, 0x98, 0x0e, + 0x02, 0x75, 0xcc, 0x31, 0xe6, 0xaf, 0x4a, 0x50, 0x93, 0x4d, 0x74, 0x5e, 0xdb, 0x26, 0x37, 0x6b, + 0x19, 0x8b, 0x2c, 0x45, 0xc8, 0x92, 0xb7, 0xa9, 0xf8, 0xe7, 0xe7, 0xf8, 0xd2, 0x97, 0xf7, 0x83, + 0x52, 0xed, 0xd2, 0x17, 0x17, 0xc3, 0xeb, 0xd0, 0x49, 0x2f, 0x68, 0x31, 0x2e, 0x55, 0x6c, 0x27, + 0x58, 0x41, 0x76, 0xad, 0xa6, 0xe6, 0x4f, 0x79, 0x49, 0x9f, 0xf4, 0x87, 0x57, 0xa0, 0x12, 0x27, + 0xca, 0xf0, 0x5f, 0x8e, 0x19, 0x25, 0x57, 0x3b, 0xff, 0x35, 0x1e, 0x41, 0xc7, 0xf1, 0x3c, 0xcc, + 0xa7, 0x3b, 0x93, 0x3d, 0xec, 0x25, 0x87, 0x34, 0x8f, 0x35, 0xff, 0x5a, 0x82, 0xee, 0x36, 0x09, + 0xa7, 0x9f, 0xe1, 0x09, 0xca, 0x44, 0x10, 0xa1, 0xa4, 0xba, 0xd9, 0xf9, 0x3f, 0xcf, 0x56, 0xcf, + 0xf1, 0x04, 0xc9, 0xa3, 0x25, 0x57, 0xb6, 0xce, 0x11, 0xe2, 0x58, 0xe9, 0xc1, 0xa4, 0xed, 0xd6, + 0x96, 0x83, 0x87, 0xc4, 0x13, 0x79, 0xb9, 0x87, 0xa9, 0x9d, 0x34, 0xd9, 0xda, 0xd6, 0xb2, 0x87, + 0xa9, 0x18, 0x52, 0x86, 0x2c, 0x89, 0x3e, 0x6f, 0xd6, 0x90, 0x9a, 0xc4, 0x70, 0x43, 0xd6, 0xa1, + 0x46, 0xce, 0xcf, 0x23, 0xc4, 0x44, 0x06, 0x5d, 0xb1, 0x14, 0x94, 0x84, 0xb9, 0x7a, 0x26, 0xcc, + 0xdd, 0x81, 0x55, 0xf1, 0xa2, 0xf0, 0x9c, 0x3a, 0x2e, 0x0e, 0x46, 0xfa, 0x7a, 0x58, 0x03, 0xe3, + 0x84, 0x91, 0x70, 0x1e, 0xbb, 0x87, 0xd8, 0xd1, 0xd1, 0xe1, 0xee, 0x25, 0x0a, 0x98, 0xc6, 0xbe, + 0x0d, 0x75, 0x8d, 0xfa, 0x37, 0xf2, 0xaa, 0xc7, 0xbf, 0xed, 0xa9, 0xc0, 0xaa, 0x6a, 0x74, 0x63, + 0x0f, 0xba, 0x33, 0x8f, 0x42, 0x86, 0x6a, 0xda, 0x14, 0xbf, 0x15, 0x0d, 0xd6, 0x87, 0xf2, 0x91, + 0x69, 0xa8, 0x1f, 0x99, 0x86, 0xbb, 0x7e, 0xc8, 0xa6, 0xc6, 0x2e, 0x74, 0xf2, 0xaf, 0x23, 0xc6, + 0x7d, 0x9d, 0xe3, 0x14, 0xbc, 0x99, 0x5c, 0xcb, 0x66, 0x0f, 0xba, 0x33, 0x0f, 0x25, 0x5a, 0x9f, + 0xe2, 0xf7, 0x93, 0x6b, 0x19, 0x3d, 0x85, 0x66, 0xe6, 0x65, 0xc4, 0xe8, 0x4b, 0x26, 0xf3, 0x8f, + 0x25, 0xd7, 0x32, 0xd8, 0x86, 0x76, 0xee, 0xb1, 0xc2, 0x18, 0x28, 0x7b, 0x0a, 0x5e, 0x30, 0xae, + 0x65, 0xb2, 0x05, 0xcd, 0xcc, 0x9b, 0x81, 0xd6, 0x62, 0xfe, 0x61, 0x62, 0x70, 0xaf, 0x60, 0x44, + 0xc5, 0xef, 0x7d, 0x68, 0xe7, 0x3a, 0xfc, 0x5a, 0x91, 0xa2, 0xd7, 0x85, 0xc1, 0xfd, 0xc2, 0x31, + 0xc5, 0x69, 0x0f, 0xba, 0x33, 0xfd, 0x7e, 0xed, 0xdc, 0xe2, 0x67, 0x80, 0x6b, 0xcd, 0xfa, 0x42, + 0x2c, 0x76, 0xa6, 0x9c, 0xcb, 0x2c, 0xf6, 0x7c, 0x77, 0x7f, 0xf0, 0x52, 0xf1, 0xa0, 0xd2, 0x6a, + 0x17, 0x3a, 0xf9, 0xc6, 0xbe, 0x66, 0x56, 0xd8, 0xee, 0x5f, 0xbc, 0x73, 0x72, 0x3d, 0xfe, 0x74, + 0xe7, 0x14, 0xb5, 0xfe, 0xaf, 0x65, 0xf4, 0x0c, 0x40, 0x15, 0x6f, 0x1e, 0x0e, 0x92, 0x25, 0x9b, + 0x2b, 0x1a, 0x93, 0x25, 0x2b, 0x28, 0xf4, 0x9e, 0x02, 0xc8, 0x9a, 0xcb, 0x23, 0x31, 0x33, 0xee, + 0x6a, 0x35, 0x66, 0x0a, 0xbd, 0x41, 0x7f, 0x7e, 0x60, 0x8e, 0x01, 0xa2, 0xf4, 0x26, 0x0c, 0x3e, + 0x05, 0x48, 0x6b, 0x39, 0xcd, 0x60, 0xae, 0xba, 0x5b, 0xe0, 0x83, 0x56, 0xb6, 0x72, 0x33, 0x94, + 0xad, 0x05, 0xd5, 0xdc, 0x02, 0x16, 0xdd, 0x99, 0xcc, 0x3c, 0xbf, 0xd9, 0x66, 0x13, 0xf6, 0xc1, + 0x5c, 0x76, 0x6e, 0x3c, 0x81, 0x56, 0x36, 0x25, 0xd7, 0x5a, 0x14, 0xa4, 0xe9, 0x83, 0x5c, 0x5a, + 0x6e, 0x3c, 0x85, 0x4e, 0x3e, 0x1d, 0x37, 0x32, 0xe7, 0x62, 0x2e, 0x49, 0x1f, 0xa8, 0x66, 0x53, + 0x86, 0xfc, 0x3d, 0x80, 0x34, 0x6d, 0xd7, 0xee, 0x9b, 0x4b, 0xe4, 0x67, 0xa4, 0xee, 0x41, 0x77, + 0x26, 0x1d, 0xd7, 0x16, 0x17, 0x67, 0xe9, 0x8b, 0xbc, 0x9f, 0xbd, 0x17, 0xb4, 0xdd, 0x05, 0x77, + 0xc5, 0xa2, 0xf0, 0x97, 0xb9, 0x43, 0xf4, 0x2e, 0x9e, 0xbf, 0x56, 0x16, 0x85, 0xbf, 0x5c, 0xe5, + 0xab, 0xa3, 0x4e, 0x51, 0x39, 0xbc, 0xe8, 0x52, 0xc8, 0x97, 0x89, 0x7a, 0x1d, 0x0a, 0x8b, 0xc7, + 0x45, 0xfe, 0xc8, 0xd6, 0x26, 0xda, 0x1f, 0x05, 0xf5, 0xca, 0x8f, 0x44, 0x87, 0x6c, 0xfd, 0x91, + 0x89, 0x0e, 0x05, 0x65, 0xc9, 0xb5, 0x8c, 0xf6, 0xa1, 0xbb, 0xa7, 0x53, 0x4b, 0x95, 0xf6, 0x2a, + 0x75, 0x0a, 0xd2, 0xfc, 0xc1, 0xa0, 0x68, 0x48, 0x1d, 0xd1, 0x2f, 0xa0, 0x37, 0x97, 0xf2, 0x1a, + 0x0f, 0x92, 0xe6, 0x6a, 0x61, 0x2e, 0x7c, 0xad, 0x5a, 0x07, 0xb0, 0x32, 0x9b, 0xf1, 0x1a, 0x2f, + 0xab, 0x45, 0x2f, 0xce, 0x84, 0xaf, 0x65, 0xf5, 0x11, 0xd4, 0x75, 0x86, 0x65, 0xa8, 0x26, 0xf6, + 0x4c, 0xc6, 0x75, 0xed, 0xd4, 0x27, 0xd0, 0xcc, 0xe4, 0x28, 0x7a, 0xd7, 0xcd, 0xa7, 0x2d, 0x03, + 0xd5, 0x73, 0xd6, 0xe8, 0xad, 0xd6, 0xf7, 0x3f, 0x3c, 0x28, 0xfd, 0xed, 0x87, 0x07, 0xa5, 0x7f, + 0xfc, 0xf0, 0xa0, 0x74, 0x56, 0x13, 0x6c, 0xdf, 0xfb, 0x57, 0x00, 0x00, 0x00, 0xff, 0xff, 0x6b, + 0xf7, 0x2a, 0xe8, 0x26, 0x23, 0x00, 0x00, } From cb49a5710ea3263d725643b309503d7bb4c94b66 Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Mon, 3 Aug 2020 14:53:07 -0700 Subject: [PATCH 2/2] namespace: Allow container to join pid namespace of agent This is a debug-only feature and is disabled by default reflected by the value of "enable_agent_pidns" in the configuration.toml which is set to false by default. Allow a container to join the pid namespace of the agent. This is allowed using an environment variable "AGENT_PIDNS". Only if this variable is set and configuration explicitly enabled to allow this, does the runtime set the "agentPidNs" flag in the CreateContainer grpc request sent to the agent. Fixes #2633 Signed-off-by: Archana Shinde --- cli/config/configuration-acrn.toml.in | 7 +++++++ cli/config/configuration-clh.toml.in | 7 +++++++ cli/config/configuration-fc.toml.in | 7 +++++++ cli/config/configuration-qemu.toml.in | 9 +++++++++ pkg/katatestutils/utils.go | 4 +++- pkg/katautils/config.go | 6 ++++++ pkg/katautils/config_test.go | 5 ++++- virtcontainers/kata_agent.go | 29 +++++++++++++++++++++++++++ virtcontainers/persist.go | 2 ++ virtcontainers/persist/api/config.go | 3 +++ virtcontainers/persist_test.go | 7 +++++-- virtcontainers/pkg/oci/utils.go | 5 +++++ virtcontainers/sandbox.go | 3 +++ 13 files changed, 90 insertions(+), 4 deletions(-) diff --git a/cli/config/configuration-acrn.toml.in b/cli/config/configuration-acrn.toml.in index d1c581243c..cd6eb78860 100644 --- a/cli/config/configuration-acrn.toml.in +++ b/cli/config/configuration-acrn.toml.in @@ -235,3 +235,10 @@ sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY@ # Supported experimental features: # (default: []) experimental=@DEFAULTEXPFEATURES@ + +# If enabled, containers are allowed to join the pid namespace of the agent +# when the env variable KATA_AGENT_PIDNS is set for a container. +# Use this with caution and only when required, as this option allows the container +# to access the agent process. It is recommended to enable this option +# only in debug scenarios and with containers with lowered priveleges. +#enable_agent_pidns = true diff --git a/cli/config/configuration-clh.toml.in b/cli/config/configuration-clh.toml.in index 6718f4a0df..e249bdd267 100644 --- a/cli/config/configuration-clh.toml.in +++ b/cli/config/configuration-clh.toml.in @@ -236,3 +236,10 @@ sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY@ # Supported experimental features: # (default: []) experimental=@DEFAULTEXPFEATURES@ + +# If enabled, containers are allowed to join the pid namespace of the agent +# when the env variable KATA_AGENT_PIDNS is set for a container. +# Use this with caution and only when required, as this option allows the container +# to access the agent process. It is recommended to enable this option +# only in debug scenarios and with containers with lowered priveleges. +#enable_agent_pidns = true diff --git a/cli/config/configuration-fc.toml.in b/cli/config/configuration-fc.toml.in index 4bbb19aeb1..b92873cee4 100644 --- a/cli/config/configuration-fc.toml.in +++ b/cli/config/configuration-fc.toml.in @@ -344,3 +344,10 @@ sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY@ # Supported experimental features: # (default: []) experimental=@DEFAULTEXPFEATURES@ + +# If enabled, containers are allowed to join the pid namespace of the agent +# when the env variable KATA_AGENT_PIDNS is set for a container. +# Use this with caution and only when required, as this option allows the container +# to access the agent process. It is recommended to enable this option +# only in debug scenarios and with containers with lowered priveleges. +#enable_agent_pidns = true diff --git a/cli/config/configuration-qemu.toml.in b/cli/config/configuration-qemu.toml.in index 095ce566c7..9c7af06fab 100644 --- a/cli/config/configuration-qemu.toml.in +++ b/cli/config/configuration-qemu.toml.in @@ -470,3 +470,12 @@ sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY@ # Supported experimental features: # (default: []) experimental=@DEFAULTEXPFEATURES@ + + +# If enabled, containers are allowed to join the pid namespace of the agent +# when the env variable KATA_AGENT_PIDNS is set for a container. +# Use this with caution and only when required, as this option allows the container +# to access the agent process. It is recommended to enable this option +# only in debug scenarios and with containers with lowered priveleges. +#enable_agent_pidns = true + diff --git a/pkg/katatestutils/utils.go b/pkg/katatestutils/utils.go index 999ab64b2f..9560cf48c8 100644 --- a/pkg/katatestutils/utils.go +++ b/pkg/katatestutils/utils.go @@ -34,6 +34,7 @@ type RuntimeConfigOptions struct { EnableIOThreads bool HotplugVFIOOnRootBus bool DisableNewNetNs bool + EnableAgentPidNs bool HypervisorDebug bool RuntimeDebug bool RuntimeTrace bool @@ -89,5 +90,6 @@ func MakeRuntimeConfigFileData(config RuntimeConfigOptions) string { [runtime] enable_debug = ` + strconv.FormatBool(config.RuntimeDebug) + ` enable_tracing = ` + strconv.FormatBool(config.RuntimeTrace) + ` - disable_new_netns= ` + strconv.FormatBool(config.DisableNewNetNs) + disable_new_netns= ` + strconv.FormatBool(config.DisableNewNetNs) + ` + enable_agent_pidns= ` + strconv.FormatBool(config.EnableAgentPidNs) } diff --git a/pkg/katautils/config.go b/pkg/katautils/config.go index fbfba881ba..f909127f61 100644 --- a/pkg/katautils/config.go +++ b/pkg/katautils/config.go @@ -144,6 +144,7 @@ type runtime struct { DisableNewNetNs bool `toml:"disable_new_netns"` DisableGuestSeccomp bool `toml:"disable_guest_seccomp"` SandboxCgroupOnly bool `toml:"sandbox_cgroup_only"` + EnableAgentPidNs bool `toml:"enable_agent_pidns"` Experimental []string `toml:"experimental"` InterNetworkModel string `toml:"internetworking_model"` } @@ -1220,6 +1221,11 @@ func LoadConfiguration(configPath string, ignoreLogging, builtIn bool) (resolved config.SandboxCgroupOnly = tomlConf.Runtime.SandboxCgroupOnly config.DisableNewNetNs = tomlConf.Runtime.DisableNewNetNs + config.EnableAgentPidNs = tomlConf.Runtime.EnableAgentPidNs + if config.EnableAgentPidNs { + kataUtilsLogger.Warn("Feature to allow containers to share PID namespace with the agent has been enabled. Please understand this has security implications and should only be used for debug purposes") + } + for _, f := range tomlConf.Runtime.Experimental { feature := exp.Get(f) if feature == nil { diff --git a/pkg/katautils/config_test.go b/pkg/katautils/config_test.go index 4136107f60..f396f2ca73 100644 --- a/pkg/katautils/config_test.go +++ b/pkg/katautils/config_test.go @@ -86,6 +86,7 @@ func createAllRuntimeConfigFiles(dir, hypervisor string) (config testRuntimeConf disableNewNetNs := false sharedFS := "virtio-9p" virtioFSdaemon := path.Join(dir, "virtiofsd") + enableAgentPidNs := true configFileOptions := ktu.RuntimeConfigOptions{ Hypervisor: "qemu", @@ -119,6 +120,7 @@ func createAllRuntimeConfigFiles(dir, hypervisor string) (config testRuntimeConf AgentTrace: agentTrace, SharedFS: sharedFS, VirtioFSDaemon: virtioFSdaemon, + EnableAgentPidNs: enableAgentPidNs, } runtimeConfigFileData := ktu.MakeRuntimeConfigFileData(configFileOptions) @@ -210,7 +212,8 @@ func createAllRuntimeConfigFiles(dir, hypervisor string) (config testRuntimeConf NetmonConfig: netmonConfig, DisableNewNetNs: disableNewNetNs, - FactoryConfig: factoryConfig, + EnableAgentPidNs: enableAgentPidNs, + FactoryConfig: factoryConfig, } err = SetKernelParams(&runtimeConfig) diff --git a/virtcontainers/kata_agent.go b/virtcontainers/kata_agent.go index c604115924..3ba4e3541e 100644 --- a/virtcontainers/kata_agent.go +++ b/virtcontainers/kata_agent.go @@ -54,6 +54,8 @@ const ( // path to vfio devices vfioPath = "/dev/vfio/" + + agentPidEnv = "KATA_AGENT_PIDNS" ) var ( @@ -1468,6 +1470,15 @@ func (k *kataAgent) createContainer(sandbox *Sandbox, c *Container) (p *Process, sharedPidNs := k.handlePidNamespace(grpcSpec, sandbox) + agentPidNs := k.checkAgentPidNs(c) + if agentPidNs { + if !sandbox.config.EnableAgentPidNs { + agentPidNs = false + k.Logger().Warn("Env variable for sharing container pid namespace with the agent set, but the runtime configuration does not allow this") + } else { + k.Logger().Warn("Container will share PID namespace with the agent") + } + } passSeccomp := !sandbox.config.DisableGuestSeccomp && sandbox.seccompSupported // We need to constraint the spec to make sure we're not passing @@ -1481,6 +1492,7 @@ func (k *kataAgent) createContainer(sandbox *Sandbox, c *Container) (p *Process, Devices: ctrDevices, OCI: grpcSpec, SandboxPidns: sharedPidNs, + AgentPidns: agentPidNs, } if _, err = k.sendReq(req); err != nil { @@ -1706,6 +1718,23 @@ func (k *kataAgent) handlePidNamespace(grpcSpec *grpc.Spec, sandbox *Sandbox) bo return sharedPidNs } +// checkAgentPidNs checks if environment variable KATA_AGENT_PIDNS has been set for a containers +// This variable is used to indicate if the containers pid namespace should be shared +// with the agent pidns. This approach was taken due to the lack of support for container level annotations. +func (k *kataAgent) checkAgentPidNs(container *Container) bool { + agentPidNs := false + + for _, env := range container.config.Cmd.Envs { + if env.Var == agentPidEnv { + if val, err := strconv.ParseBool(env.Value); err == nil { + agentPidNs = val + } + } + } + + return agentPidNs +} + func (k *kataAgent) startContainer(sandbox *Sandbox, c *Container) error { span, _ := k.trace("startContainer") defer span.Finish() diff --git a/virtcontainers/persist.go b/virtcontainers/persist.go index 6759ed5ce2..9bac39106a 100644 --- a/virtcontainers/persist.go +++ b/virtcontainers/persist.go @@ -198,6 +198,7 @@ func (s *Sandbox) dumpConfig(ss *persistapi.SandboxState) { Stateful: sconfig.Stateful, SystemdCgroup: sconfig.SystemdCgroup, SandboxCgroupOnly: sconfig.SandboxCgroupOnly, + EnableAgentPidNs: sconfig.EnableAgentPidNs, DisableGuestSeccomp: sconfig.DisableGuestSeccomp, Cgroups: sconfig.Cgroups, } @@ -487,6 +488,7 @@ func loadSandboxConfig(id string) (*SandboxConfig, error) { Stateful: savedConf.Stateful, SystemdCgroup: savedConf.SystemdCgroup, SandboxCgroupOnly: savedConf.SandboxCgroupOnly, + EnableAgentPidNs: savedConf.EnableAgentPidNs, DisableGuestSeccomp: savedConf.DisableGuestSeccomp, Cgroups: savedConf.Cgroups, } diff --git a/virtcontainers/persist/api/config.go b/virtcontainers/persist/api/config.go index d68eae9b12..45534c1891 100644 --- a/virtcontainers/persist/api/config.go +++ b/virtcontainers/persist/api/config.go @@ -254,6 +254,9 @@ type SandboxConfig struct { // SandboxCgroupOnly enables cgroup only at podlevel in the host SandboxCgroupOnly bool + // Determines if containers are allowed to join the pid namespace of the kata agent + EnableAgentPidNs bool + DisableGuestSeccomp bool // Experimental enables experimental features diff --git a/virtcontainers/persist_test.go b/virtcontainers/persist_test.go index 52e38ce523..cddd8d93df 100644 --- a/virtcontainers/persist_test.go +++ b/virtcontainers/persist_test.go @@ -22,8 +22,9 @@ func TestSandboxRestore(t *testing.T) { var err error assert := assert.New(t) sconfig := SandboxConfig{ - ID: "test-exp", - Experimental: []exp.Feature{persist.NewStoreFeature}, + ID: "test-exp", + Experimental: []exp.Feature{persist.NewStoreFeature}, + EnableAgentPidNs: true, } container := make(map[string]*Container) container["test-exp"] = &Container{} @@ -56,6 +57,7 @@ func TestSandboxRestore(t *testing.T) { assert.Equal(sandbox.state.State, types.StateString("")) assert.Equal(sandbox.state.GuestMemoryBlockSizeMB, uint32(0)) assert.Equal(len(sandbox.state.BlockIndexMap), 0) + assert.Equal(sandbox.config.EnableAgentPidNs, true) // set state data and save again sandbox.state.State = types.StateString("running") @@ -78,4 +80,5 @@ func TestSandboxRestore(t *testing.T) { assert.Equal(sandbox.state.GuestMemoryBlockSizeMB, uint32(1024)) assert.Equal(len(sandbox.state.BlockIndexMap), 1) assert.Equal(sandbox.state.BlockIndexMap[2], struct{}{}) + assert.Equal(sandbox.config.EnableAgentPidNs, true) } diff --git a/virtcontainers/pkg/oci/utils.go b/virtcontainers/pkg/oci/utils.go index f80c3cc096..99e9a6f554 100644 --- a/virtcontainers/pkg/oci/utils.go +++ b/virtcontainers/pkg/oci/utils.go @@ -123,6 +123,9 @@ type RuntimeConfig struct { //Determines kata processes are managed only in sandbox cgroup SandboxCgroupOnly bool + //Determines if containers are allowed to join the pid namespace of the kata agent + EnableAgentPidNs bool + //Experimental features enabled Experimental []exp.Feature } @@ -852,6 +855,8 @@ func SandboxConfig(ocispec specs.Spec, runtime RuntimeConfig, bundlePath, cid, c SandboxCgroupOnly: runtime.SandboxCgroupOnly, + EnableAgentPidNs: runtime.EnableAgentPidNs, + DisableGuestSeccomp: runtime.DisableGuestSeccomp, // Q: Is this really necessary? @weizhang555 diff --git a/virtcontainers/sandbox.go b/virtcontainers/sandbox.go index 92aa0c12c5..cdd2aff9d4 100644 --- a/virtcontainers/sandbox.go +++ b/virtcontainers/sandbox.go @@ -123,6 +123,9 @@ type SandboxConfig struct { // SandboxCgroupOnly enables cgroup only at podlevel in the host SandboxCgroupOnly bool + // EnableAgentPidNs allows containers to share pid namespace with the agent + EnableAgentPidNs bool + DisableGuestSeccomp bool // Experimental features enabled