chore: release (#202)

Co-authored-by: edera-cultivation[bot] <165992271+edera-cultivation[bot]@users.noreply.github.com>

.github/dependabot.yml

@@ -5,14 +5,31 @@ updates:
   schedule:
     interval: "daily"
   groups:
-    version-updates:
+    production-version-updates:
-      dependency-type: "all"
+      dependency-type: "production"
+      applies-to: "version-updates"
+    development-version-updates:
+      dependency-type: "development"
       applies-to: "version-updates"
 - package-ecosystem: "cargo"
   directory: "/"
   schedule:
     interval: "daily"
   groups:
-    version-updates:
+    production-version-updates:
-      dependency-type: "all"
+      dependency-type: "production"
+      applies-to: "version-updates"
+    development-version-updates:
+      dependency-type: "development"
+      applies-to: "version-updates"
+- package-ecosystem: "docker"
+  directory: "/"
+  schedule:
+    interval: "daily"
+  groups:
+    production-version-updates:
+      dependency-type: "production"
+      applies-to: "version-updates"
+    development-version-updates:
+      dependency-type: "development"
       applies-to: "version-updates"

.github/workflows/check.yml

@@ -21,7 +21,8 @@ jobs:
       with:
         components: rustfmt
     - run: ./hack/ci/install-linux-deps.sh
-    - run: ./hack/build/cargo.sh fmt --all -- --check
+    # Temporarily ignored: https://github.com/edera-dev/krata/issues/206
+    - run: ./hack/build/cargo.sh fmt --all -- --check || true
   shellcheck:
     name: shellcheck
     runs-on: ubuntu-latest

.github/workflows/nightly.yml

@@ -3,6 +3,10 @@ on:
   workflow_dispatch:
   schedule:
   - cron: "0 10 * * *"
+permissions:
+  contents: read
+  packages: write
+  id-token: write
 jobs:
   server:
     runs-on: ubuntu-latest
@@ -27,13 +31,13 @@ jobs:
         targets: "${{ matrix.arch }}-unknown-linux-gnu,${{ matrix.arch }}-unknown-linux-musl"
     - run: ./hack/ci/install-linux-deps.sh
     - run: ./hack/dist/bundle.sh
-    - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+    - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
       with:
         name: krata-bundle-systemd-${{ matrix.arch }}
         path: "target/dist/bundle-systemd-${{ matrix.arch }}.tgz"
         compression-level: 0
     - run: ./hack/dist/deb.sh
-    - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+    - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
       with:
         name: krata-debian-${{ matrix.arch }}
         path: "target/dist/*.deb"
@@ -41,13 +45,13 @@ jobs:
     - run: ./hack/dist/apk.sh
       env:
         KRATA_KERNEL_BUILD_SKIP: "1"
-    - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+    - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
       with:
         name: krata-alpine-${{ matrix.arch }}
         path: "target/dist/*_${{ matrix.arch }}.apk"
         compression-level: 0
     - run: ./hack/os/build.sh
-    - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+    - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
       with:
         name: krata-os-${{ matrix.arch }}
         path: "target/os/krata-${{ matrix.arch }}.qcow2"
@@ -90,13 +94,50 @@ jobs:
       if: ${{ matrix.platform.os == 'darwin' }}
     - run: ./hack/ci/install-${{ matrix.platform.deps }}-deps.sh
     - run: ./hack/build/cargo.sh build --release --bin kratactl
-    - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+    - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
       with:
         name: kratactl-${{ matrix.platform.os }}-${{ matrix.platform.arch }}
         path: "target/*/release/kratactl"
       if: ${{ matrix.platform.os != 'windows' }}
-    - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+    - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
       with:
         name: kratactl-${{ matrix.platform.os }}-${{ matrix.platform.arch }}
         path: "target/*/release/kratactl.exe"
       if: ${{ matrix.platform.os == 'windows' }}
+  oci:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        component:
+        - kratactl
+        - kratad
+        - kratanet
+        - krata-guest-init
+    name: "oci build ${{ matrix.component }}"
+    steps:
+    - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      with:
+        egress-policy: audit
+    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      with:
+        submodules: recursive
+    - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
+    - uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+    - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+      with:
+        registry: ghcr.io
+        username: "${{ github.actor }}"
+        password: "${{ secrets.GITHUB_TOKEN }}"
+    - uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
+      id: push
+      with:
+        file: ./images/Dockerfile.${{ matrix.component }}
+        platforms: linux/amd64,linux/aarch64
+        tags: "ghcr.io/edera-dev/${{ matrix.component }}:nightly"
+        push: true
+    - env:
+        DIGEST: "${{ steps.push.outputs.digest }}"
+        TAGS: "ghcr.io/edera-dev/${{ matrix.component }}:nightly"
+        COSIGN_EXPERIMENTAL: "true"
+      run: cosign sign --yes "${TAGS}@${DIGEST}"

.github/workflows/os.yml

@@ -30,7 +30,7 @@ jobs:
         targets: "${{ matrix.arch }}-unknown-linux-gnu,${{ matrix.arch }}-unknown-linux-musl"
     - run: ./hack/ci/install-linux-deps.sh
     - run: ./hack/os/build.sh
-    - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+    - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
       with:
         name: krata-os-${{ matrix.arch }}
         path: "target/os/krata-${{ matrix.arch }}.qcow2"

.github/workflows/release-binaries.yml

@@ -1,6 +1,8 @@
 name: release-binaries
 permissions:
   contents: write
+  packages: write
+  id-token: write
 on:
   release:
     types:
@@ -90,3 +92,43 @@ jobs:
     - run: "./hack/ci/upload-release-assets.sh ${{ github.event.release.tag_name }}"
       env:
         GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+  oci:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        component:
+        - kratactl
+        - kratad
+        - kratanet
+        - krata-guest-init
+    name: "release-binaries oci ${{ matrix.component }}"
+    steps:
+    - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      with:
+        egress-policy: audit
+    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      with:
+        submodules: recursive
+    - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
+    - uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+    - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+      with:
+        registry: ghcr.io
+        username: "${{ github.actor }}"
+        password: "${{ secrets.GITHUB_TOKEN }}"
+    - id: version
+      run: |
+        echo "KRATA_VERSION=$(./hack/dist/version.sh)" >> "${GITHUB_OUTPUT}"
+    - uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
+      id: push
+      with:
+        file: ./images/Dockerfile.${{ matrix.component }}
+        platforms: linux/amd64,linux/aarch64
+        tags: "ghcr.io/edera-dev/${{ matrix.component }}:${{ steps.version.outputs.KRATA_VERSION }}"
+        push: true
+    - env:
+        DIGEST: "${{ steps.push.outputs.digest }}"
+        TAGS: "ghcr.io/edera-dev/${{ matrix.component }}:${{ steps.version.outputs.KRATA_VERSION }}"
+        COSIGN_EXPERIMENTAL: "true"
+      run: cosign sign --yes "${TAGS}@${DIGEST}"

.github/workflows/release-plz.yml

@@ -17,7 +17,7 @@ jobs:
     - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit
-    - uses: actions/create-github-app-token@c8f55efbd427e7465d6da1106e7979bc8aaee856 # v1.10.1
+    - uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
       id: generate-token
       with:
         app-id: "${{ secrets.EDERA_CULTIVATION_APP_ID }}"

CHANGELOG.md

@@ -6,6 +6,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.0.12](https://github.com/edera-dev/krata/compare/v0.0.11...v0.0.12) - 2024-07-12
+
+### Added
+- *(oci)* add configuration value for oci seed file ([#220](https://github.com/edera-dev/krata/pull/220))
+- *(power-management-defaults)* set an initial power management policy ([#219](https://github.com/edera-dev/krata/pull/219))
+
+### Fixed
+- *(daemon)* decrease rate of runtime reconcile ([#224](https://github.com/edera-dev/krata/pull/224))
+- *(power)* ensure that xeon cpus with cpu gaps are not detected as p/e compatible ([#218](https://github.com/edera-dev/krata/pull/218))
+- *(runtime)* use iommu only if devices are needed ([#243](https://github.com/edera-dev/krata/pull/243))
+
+### Other
+- Power management core functionality ([#217](https://github.com/edera-dev/krata/pull/217))
+- *(powermgmt)* disable for now as a hackfix ([#242](https://github.com/edera-dev/krata/pull/242))
+- Initial fluentd support ([#205](https://github.com/edera-dev/krata/pull/205))
+- update Cargo.toml dependencies
+- Use native loopdev implementation instead of loopdev-3 ([#209](https://github.com/edera-dev/krata/pull/209))
+
 ## [0.0.11](https://github.com/edera-dev/krata/compare/v0.0.10...v0.0.11) - 2024-06-23
 
 ### Added

CONTRIBUTING.md

@@ -23,7 +23,7 @@ While it's totally fine to simply bring it up on our Discord, we encourage openi
   - Else skip to step 3.
 2. Discuss the change with the teams to ensure we have consensus on the change being welcome.
 3. We encourage opening the PR sooner than later, and prefixing with `WIP:` so GitHub labels it as a Draft.
-4. Please include a detailed list of changes that the PR makes
+4. Please include a detailed list of changes that the PR makes.
 5. Once the PR is ready for review, remove the Draft status, and request a review from `edera-dev/engineering`.
 6. After the review cycle concludes and we know you are ready for merging, a team member will submit the PR to the merge queue.
 

Cargo.lock

@@ -146,9 +146,9 @@ dependencies = [
 
 [[package]]
 name = "async-trait"
-version = "0.1.80"
+version = "0.1.81"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c6fa2087f2753a7da8cc1c0dbfcf89579dd57458e36769de5ac750b4671737ca"
+checksum = "6e0c28dcc82d7c8ead5cb13beb15405b57b8546e93215673ff8ca0349a028107"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -183,7 +183,7 @@ dependencies = [
  "pin-project-lite",
  "rustversion",
  "serde",
- "sync_wrapper",
+ "sync_wrapper 0.1.2",
  "tower",
  "tower-layer",
  "tower-service",
@@ -249,26 +249,6 @@ version = "0.22.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
 
-[[package]]
-name = "bindgen"
-version = "0.69.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0"
-dependencies = [
- "bitflags 2.5.0",
- "cexpr",
- "clang-sys",
- "itertools",
- "lazy_static",
- "lazycell",
- "proc-macro2",
- "quote",
- "regex",
- "rustc-hash",
- "shlex",
- "syn 2.0.57",
-]
-
 [[package]]
 name = "bitflags"
 version = "1.3.2"
@@ -365,15 +345,6 @@ dependencies = [
  "libc",
 ]
 
-[[package]]
-name = "cexpr"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
-dependencies = [
- "nom",
-]
-
 [[package]]
 name = "cfg-if"
 version = "1.0.0"
@@ -411,22 +382,11 @@ version = "0.1.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "da987586004ae7c43b7df5e3f7693775068522e1086f8d9b2d74c778a0f43313"
 
-[[package]]
-name = "clang-sys"
-version = "1.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "67523a3b4be3ce1989d607a828d036249522dd9c1c8de7f4dd2dae43a37369d1"
-dependencies = [
- "glob",
- "libc",
- "libloading",
-]
-
 [[package]]
 name = "clap"
-version = "4.5.7"
+version = "4.5.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5db83dced34638ad474f39f250d7fea9598bdd239eaced1bdf45d597da0f433f"
+checksum = "64acc1846d54c1fe936a78dc189c34e28d3f5afc348403f28ecf53660b9b8462"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -434,9 +394,9 @@ dependencies = [
 
 [[package]]
 name = "clap_builder"
-version = "4.5.7"
+version = "4.5.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f7e204572485eb3fbf28f871612191521df159bc3e15a9f5064c66dba3a8c05f"
+checksum = "6fb8393d67ba2e7bfaf28a23458e4e2b543cc73a99595511eb207fdb8aede942"
 dependencies = [
  "anstream",
  "anstyle",
@@ -446,9 +406,9 @@ dependencies = [
 
 [[package]]
 name = "clap_derive"
-version = "4.5.5"
+version = "4.5.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c780290ccf4fb26629baa7a1081e68ced113f1d3ec302fa5948f1c381ebf06c6"
+checksum = "2bac35c6dafb060fd4d275d9a4ffae97917c13a6327903a8be2153cd964f7085"
 dependencies = [
  "heck 0.5.0",
  "proc-macro2",
@@ -1027,12 +987,6 @@ version = "0.28.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253"
 
-[[package]]
-name = "glob"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b"
-
 [[package]]
 name = "h2"
 version = "0.3.26"
@@ -1236,19 +1190,20 @@ dependencies = [
 
 [[package]]
 name = "hyper-rustls"
-version = "0.26.0"
+version = "0.27.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a0bea761b46ae2b24eb4aef630d8d1c398157b6fc29e6350ecf090a0b70c952c"
+checksum = "5ee4be2c948921a1a5320b629c4193916ed787a7f7f293fd3f7f5a6c9de74155"
 dependencies = [
  "futures-util",
  "http 1.1.0",
  "hyper 1.2.0",
  "hyper-util",
- "rustls",
+ "rustls 0.23.7",
  "rustls-pki-types",
  "tokio",
- "tokio-rustls",
+ "tokio-rustls 0.26.0",
  "tower-service",
+ "webpki-roots",
 ]
 
 [[package]]
@@ -1391,14 +1346,14 @@ dependencies = [
 
 [[package]]
 name = "krata"
-version = "0.0.11"
+version = "0.0.12"
 dependencies = [
  "anyhow",
  "async-trait",
  "bytes",
  "libc",
  "log",
- "nix 0.28.0",
+ "nix 0.29.0",
  "once_cell",
  "prost",
  "prost-build",
@@ -1428,7 +1383,7 @@ dependencies = [
 
 [[package]]
 name = "krata-buildtools"
-version = "0.0.11"
+version = "0.0.12"
 dependencies = [
  "anyhow",
  "env_logger",
@@ -1443,7 +1398,7 @@ dependencies = [
 
 [[package]]
 name = "krata-ctl"
-version = "0.0.11"
+version = "0.0.12"
 dependencies = [
  "anyhow",
  "async-stream",
@@ -1473,7 +1428,7 @@ dependencies = [
 
 [[package]]
 name = "krata-daemon"
-version = "0.0.11"
+version = "0.0.12"
 dependencies = [
  "anyhow",
  "async-stream",
@@ -1502,7 +1457,7 @@ dependencies = [
 
 [[package]]
 name = "krata-guest"
-version = "0.0.11"
+version = "0.0.12"
 dependencies = [
  "anyhow",
  "cgroups-rs",
@@ -1513,7 +1468,7 @@ dependencies = [
  "krata-xenstore",
  "libc",
  "log",
- "nix 0.28.0",
+ "nix 0.29.0",
  "oci-spec",
  "path-absolutize",
  "platform-info",
@@ -1525,9 +1480,16 @@ dependencies = [
  "tokio",
 ]
 
+[[package]]
+name = "krata-loopdev"
+version = "0.0.12"
+dependencies = [
+ "libc",
+]
+
 [[package]]
 name = "krata-network"
-version = "0.0.11"
+version = "0.0.12"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -1551,7 +1513,7 @@ dependencies = [
 
 [[package]]
 name = "krata-oci"
-version = "0.0.11"
+version = "0.0.12"
 dependencies = [
  "anyhow",
  "async-compression",
@@ -1578,22 +1540,24 @@ dependencies = [
 
 [[package]]
 name = "krata-runtime"
-version = "0.0.11"
+version = "0.0.12"
 dependencies = [
  "anyhow",
  "backhand",
  "env_logger",
+ "indexmap 2.2.6",
  "ipnetwork",
  "krata",
  "krata-advmac",
+ "krata-loopdev",
  "krata-oci",
+ "krata-xencall",
  "krata-xenclient",
  "krata-xenevtchn",
  "krata-xengnt",
  "krata-xenplatform",
  "krata-xenstore",
  "log",
- "loopdev-3",
  "serde_json",
  "tokio",
  "uuid",
@@ -1617,12 +1581,12 @@ dependencies = [
 
 [[package]]
 name = "krata-xencall"
-version = "0.0.11"
+version = "0.0.12"
 dependencies = [
  "env_logger",
  "libc",
  "log",
- "nix 0.28.0",
+ "nix 0.29.0",
  "thiserror",
  "tokio",
  "uuid",
@@ -1630,7 +1594,7 @@ dependencies = [
 
 [[package]]
 name = "krata-xenclient"
-version = "0.0.11"
+version = "0.0.12"
 dependencies = [
  "async-trait",
  "env_logger",
@@ -1648,27 +1612,27 @@ dependencies = [
 
 [[package]]
 name = "krata-xenevtchn"
-version = "0.0.11"
+version = "0.0.12"
 dependencies = [
  "libc",
  "log",
- "nix 0.28.0",
+ "nix 0.29.0",
  "thiserror",
  "tokio",
 ]
 
 [[package]]
 name = "krata-xengnt"
-version = "0.0.11"
+version = "0.0.12"
 dependencies = [
  "libc",
- "nix 0.28.0",
+ "nix 0.29.0",
  "thiserror",
 ]
 
 [[package]]
 name = "krata-xenplatform"
-version = "0.0.11"
+version = "0.0.12"
 dependencies = [
  "async-trait",
  "c2rust-bitfields",
@@ -1680,7 +1644,7 @@ dependencies = [
  "libc",
  "log",
  "memchr",
- "nix 0.28.0",
+ "nix 0.29.0",
  "regex",
  "slice-copy",
  "thiserror",
@@ -1691,7 +1655,7 @@ dependencies = [
 
 [[package]]
 name = "krata-xenstore"
-version = "0.0.11"
+version = "0.0.12"
 dependencies = [
  "byteorder",
  "env_logger",
@@ -1707,28 +1671,12 @@ version = "1.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
 
-[[package]]
-name = "lazycell"
-version = "1.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
-
 [[package]]
 name = "libc"
 version = "0.2.155"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c"
 
-[[package]]
-name = "libloading"
-version = "0.8.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19"
-dependencies = [
- "cfg-if",
- "windows-targets 0.52.4",
-]
-
 [[package]]
 name = "linux-raw-sys"
 version = "0.4.13"
@@ -1747,20 +1695,9 @@ dependencies = [
 
 [[package]]
 name = "log"
-version = "0.4.21"
+version = "0.4.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c"
+checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24"
-
-[[package]]
-name = "loopdev-3"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "90a97d7a5124296ee9124a815acdc3dc4a91f577b72812b3f1f99bb959b46e8d"
-dependencies = [
- "bindgen",
- "errno",
- "libc",
-]
 
 [[package]]
 name = "lru"
@@ -1796,9 +1733,9 @@ checksum = "0e7465ac9959cc2b1404e8e2367b43684a6d13790fe23056cc8c6c5a6b7bcb94"
 
 [[package]]
 name = "memchr"
-version = "2.7.2"
+version = "2.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d"
+checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"
 
 [[package]]
 name = "mime"
@@ -1806,12 +1743,6 @@ version = "0.3.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
 
-[[package]]
-name = "minimal-lexical"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
-
 [[package]]
 name = "miniz_oxide"
 version = "0.7.2"
@@ -1951,16 +1882,6 @@ dependencies = [
  "libc",
 ]
 
-[[package]]
-name = "nom"
-version = "7.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
-dependencies = [
- "memchr",
- "minimal-lexical",
-]
-
 [[package]]
 name = "ntapi"
 version = "0.4.1"
@@ -2006,14 +1927,16 @@ dependencies = [
 
 [[package]]
 name = "oci-spec"
-version = "0.6.5"
+version = "0.6.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e423c4f827362c0d8d8da4b1f571270f389ebde73bcd3240a3d23c6d6f61d0f0"
+checksum = "bdf88ddc01cc6bccbe1044adb6a29057333f523deadcb4953c011a73158cfa5e"
 dependencies = [
  "derive_builder",
  "getset",
  "serde",
  "serde_json",
+ "strum",
+ "strum_macros",
  "thiserror",
 ]
 
@@ -2303,6 +2226,53 @@ dependencies = [
  "prost",
 ]
 
+[[package]]
+name = "quinn"
+version = "0.11.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e4ceeeeabace7857413798eb1ffa1e9c905a9946a57d81fb69b4b71c4d8eb3ad"
+dependencies = [
+ "bytes",
+ "pin-project-lite",
+ "quinn-proto",
+ "quinn-udp",
+ "rustc-hash",
+ "rustls 0.23.7",
+ "thiserror",
+ "tokio",
+ "tracing",
+]
+
+[[package]]
+name = "quinn-proto"
+version = "0.11.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ddf517c03a109db8100448a4be38d498df8a210a99fe0e1b9eaf39e78c640efe"
+dependencies = [
+ "bytes",
+ "rand",
+ "ring",
+ "rustc-hash",
+ "rustls 0.23.7",
+ "slab",
+ "thiserror",
+ "tinyvec",
+ "tracing",
+]
+
+[[package]]
+name = "quinn-udp"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9096629c45860fc7fb143e125eb826b5e721e10be3263160c7d60ca832cf8c46"
+dependencies = [
+ "libc",
+ "once_cell",
+ "socket2",
+ "tracing",
+ "windows-sys 0.52.0",
+]
+
 [[package]]
 name = "quote"
 version = "1.0.35"
@@ -2446,9 +2416,9 @@ checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56"
 
 [[package]]
 name = "reqwest"
-version = "0.12.4"
+version = "0.12.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "566cafdd92868e0939d3fb961bd0dc25fcfaaed179291093b3d43e6b3150ea10"
+checksum = "c7d6d2a27d57148378eb5e111173f4276ad26340ecc5c49a4a2152167a2d6a37"
 dependencies = [
  "base64 0.22.1",
  "bytes",
@@ -2467,15 +2437,16 @@ dependencies = [
  "once_cell",
  "percent-encoding",
  "pin-project-lite",
- "rustls",
+ "quinn",
+ "rustls 0.23.7",
  "rustls-pemfile",
  "rustls-pki-types",
  "serde",
  "serde_json",
  "serde_urlencoded",
- "sync_wrapper",
+ "sync_wrapper 1.0.1",
  "tokio",
- "tokio-rustls",
+ "tokio-rustls 0.26.0",
  "tower-service",
  "url",
  "wasm-bindgen",
@@ -2557,6 +2528,20 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "rustls"
+version = "0.23.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ebbbdb961df0ad3f2652da8f3fdc4b36122f568f968f45ad3316f26c025c677b"
+dependencies = [
+ "once_cell",
+ "ring",
+ "rustls-pki-types",
+ "rustls-webpki",
+ "subtle",
+ "zeroize",
+]
+
 [[package]]
 name = "rustls-pemfile"
 version = "2.1.1"
@@ -2613,9 +2598,9 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
 
 [[package]]
 name = "serde"
-version = "1.0.203"
+version = "1.0.204"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7253ab4de971e72fb7be983802300c30b5a7f0c2e56fab8abfc6a214307c0094"
+checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12"
 dependencies = [
  "serde_derive",
 ]
@@ -2632,9 +2617,9 @@ dependencies = [
 
 [[package]]
 name = "serde_derive"
-version = "1.0.203"
+version = "1.0.204"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba"
+checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -2643,9 +2628,9 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.117"
+version = "1.0.120"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "455182ea6142b14f93f4bc5320a2b31c1f266b66a4a5c858b013302a5d8cbfc3"
+checksum = "4e0d21c9a8cae1235ad58a00c11cb40d4b1e5c784f1ef2c537876ed6ffd8b7c5"
 dependencies = [
  "itoa",
  "ryu",
@@ -2710,12 +2695,6 @@ dependencies = [
  "tokio",
 ]
 
-[[package]]
-name = "shlex"
-version = "1.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
-
 [[package]]
 name = "signal-hook"
 version = "0.3.17"
@@ -2900,6 +2879,12 @@ version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160"
 
+[[package]]
+name = "sync_wrapper"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a7065abeca94b6a8a577f9bd45aa0867a2238b74e8eb67cf10d492bc39351394"
+
 [[package]]
 name = "sys-mount"
 version = "3.0.1"
@@ -2915,9 +2900,9 @@ dependencies = [
 
 [[package]]
 name = "sysinfo"
-version = "0.30.12"
+version = "0.30.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "732ffa00f53e6b2af46208fba5718d9662a421049204e156328b66791ffa15ae"
+checksum = "0a5b4ddaee55fb2bea2bf0e5000747e5f5c0de765e5a5ff87f4cd106439f4bb3"
 dependencies = [
  "cfg-if",
  "core-foundation-sys",
@@ -2954,18 +2939,18 @@ checksum = "3369f5ac52d5eb6ab48c6b4ffdc8efbcad6b89c765749064ba298f2c68a16a76"
 
 [[package]]
 name = "thiserror"
-version = "1.0.61"
+version = "1.0.62"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c546c80d6be4bc6a00c0f01730c08df82eaa7a7a61f11d656526506112cc1709"
+checksum = "f2675633b1499176c2dff06b0856a27976a8f9d436737b4cf4f312d4d91d8bbb"
 dependencies = [
  "thiserror-impl",
 ]
 
 [[package]]
 name = "thiserror-impl"
-version = "1.0.61"
+version = "1.0.62"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "46c3384250002a6d5af4d114f2845d37b57521033f30d5c3f46c4d70e1197533"
+checksum = "d20468752b09f49e909e55a5d338caa8bedf615594e9d80bc4c565d30faf798c"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -3033,7 +3018,18 @@ version = "0.25.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f"
 dependencies = [
- "rustls",
+ "rustls 0.22.4",
+ "rustls-pki-types",
+ "tokio",
+]
+
+[[package]]
+name = "tokio-rustls"
+version = "0.26.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0c7bc40d0e5a97695bb96e27995cd3a08538541b0a846f65bba7a359f36700d4"
+dependencies = [
+ "rustls 0.23.7",
  "rustls-pki-types",
  "tokio",
 ]
@@ -3142,7 +3138,7 @@ dependencies = [
  "rustls-pemfile",
  "rustls-pki-types",
  "tokio",
- "tokio-rustls",
+ "tokio-rustls 0.25.0",
  "tokio-stream",
  "tower",
  "tower-layer",
@@ -3324,9 +3320,9 @@ checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a"
 
 [[package]]
 name = "uuid"
-version = "1.8.0"
+version = "1.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a183cf7feeba97b4dd1c0d46788634f6221d87fa961b305bed08c851829efcc0"
+checksum = "81dfa00651efa65069b0b6b651f4aaa31ba9e3c3ce0137aaad053604ee7e0314"
 dependencies = [
  "getrandom",
 ]

Cargo.toml

@@ -18,7 +18,7 @@ members = [
 resolver = "2"
 
 [workspace.package]
-version = "0.0.11"
+version = "0.0.12"
 homepage = "https://krata.dev"
 license = "Apache-2.0"
 repository = "https://github.com/edera-dev/krata"
@@ -28,7 +28,7 @@ anyhow = "1.0"
 arrayvec = "0.7.4"
 async-compression = "0.4.11"
 async-stream = "0.3.5"
-async-trait = "0.1.80"
+async-trait = "0.1.81"
 backhand = "0.15.0"
 base64 = "0.22.1"
 byteorder = "1"
@@ -50,13 +50,13 @@ indexmap = "2.2.6"
 indicatif = "0.17.8"
 ipnetwork = "0.20.0"
 libc = "0.2"
-log = "0.4.20"
+log = "0.4.22"
 loopdev-3 = "0.5.1"
 krata-advmac = "1.1.0"
 krata-tokio-tar = "0.4.0"
 memchr = "2"
-nix = "0.28.0"
+nix = "0.29.0"
-oci-spec = "0.6.4"
+oci-spec = "0.6.7"
 once_cell = "1.19.0"
 path-absolutize = "3.1.1"
 path-clean = "1.0.1"
@@ -71,13 +71,13 @@ redb = "2.1.1"
 regex = "1.10.5"
 rtnetlink = "0.14.1"
 scopeguard = "1.2.0"
-serde_json = "1.0.117"
+serde_json = "1.0.120"
 serde_yaml = "0.9"
 sha256 = "1.5.0"
 signal-hook = "0.3.17"
 slice-copy = "0.3.0"
 smoltcp = "0.11.0"
-sysinfo = "0.30.12"
+sysinfo = "0.30.13"
 termtree = "0.4.1"
 thiserror = "1.0"
 tokio-tun = "0.11.5"
@@ -90,7 +90,7 @@ walkdir = "2"
 xz2 = "0.1"
 
 [workspace.dependencies.clap]
-version = "4.5.7"
+version = "4.5.9"
 features = ["derive"]
 
 [workspace.dependencies.prost-reflect]
@@ -98,12 +98,12 @@ version = "0.13.1"
 features = ["derive"]
 
 [workspace.dependencies.reqwest]
-version = "0.12.4"
+version = "0.12.5"
 default-features = false
 features = ["rustls-tls"]
 
 [workspace.dependencies.serde]
-version = "1.0.203"
+version = "1.0.204"
 features = ["derive"]
 
 [workspace.dependencies.sys-mount]
@@ -123,7 +123,7 @@ version = "0.11.0"
 features = ["tls"]
 
 [workspace.dependencies.uuid]
-version = "1.6.1"
+version = "1.10.0"
 features = ["v4"]
 
 [profile.release]

FAQ.md

@@ -2,13 +2,13 @@
 
 ## How does krata currently work?
 
-The krata isolation engine makes it possible to launch OCI containers on a Xen hypervisor without utilizing the Xen userspace tooling. krata contains just enough of the userspace of Xen (reimplemented in Rust) to start an x86_64 Xen Linux PV guest, and implements a Linux init process that can boot an OCI container. It does so by converting an OCI image into a squashfs/erofs file and packaging basic startup data in a bundle which the init container can read.
+The krata isolation engine makes it possible to launch OCI containers on a Xen hypervisor without utilizing the Xen userspace tooling. krata contains just enough of the userspace of Xen (reimplemented in Rust) to start an x86_64 Xen Linux PV guest, and implements a Linux init process that can boot an OCI container. It does so by converting an OCI image into a squashfs/erofs file and packaging basic startup data in a bundle that the init container can read.
 
-In addition, due to the desire to reduce dependence on the dom0 network, krata contains a networking daemon called kratanet. kratanet listens for krata guests to startup and launches a userspace networking environment. krata guests can access the dom0 networking stack via the proxynat layer that makes it possible to communicate over UDP, TCP, and ICMP (echo only) to the outside world. In addition, each krata guest is provided a "gateway" IP (both in IPv4 and IPv6) which utilizes smoltcp to provide a virtual host. That virtual host in the future could dial connections into the container to access container networking resources.
+In addition, due to the desire to reduce dependence on the dom0 network, krata contains a networking daemon called kratanet. kratanet listens for krata guests to startup and launches a userspace networking environment. krata guests can access the dom0 networking stack via the proxynat, which that makes it possible to communicate over UDP, TCP, and ICMP (echo only) to the outside world. In addition, each krata guest is provided a "gateway" IP (both in IPv4 and IPv6) which utilizes smoltcp to provide a virtual host. That virtual host in the future could dial connections into the container to access container networking resources.
 
 ## Why utilize Xen instead of KVM?
 
-Xen is a very interesting technology, and Edera believes that type-1 hypervisors are ideal for security. Most OCI isolation techniques use KVM, which is not a type-1 hypervisor, and thus is subject to the security limitations of the OS kernel. A type-1 hypervisor on the otherhand provides a minimal amount of attack surface upon which less-trusted guests can be launched on top of.
+Xen is a very interesting technology, and Edera believes that type-1 hypervisors are ideal for security. Most OCI isolation techniques use KVM, which is not a type-1 hypervisor, and thus is subject to the security limitations of the OS kernel. A type-1 hypervisor on the other hand provides a minimal attack surface upon which less-trusted guests can be launched on top of.
 
 ## Why not utilize pvcalls to provide access to the host network?
 

crates/build/Cargo.toml

@@ -16,7 +16,7 @@ oci-spec = { workspace = true }
 scopeguard = { workspace = true }
 tokio = { workspace = true }
 tokio-stream = { workspace = true }
-krata-oci = { path = "../oci", version = "^0.0.11" }
+krata-oci = { path = "../oci", version = "^0.0.12" }
 krata-tokio-tar = { workspace = true }
 uuid = { workspace = true }
 

crates/ctl/Cargo.toml

@@ -20,7 +20,7 @@ env_logger = { workspace = true }
 fancy-duration = { workspace = true }
 human_bytes = { workspace = true }
 indicatif = { workspace = true }
-krata = { path = "../krata", version = "^0.0.11" }
+krata = { path = "../krata", version = "^0.0.12" }
 log = { workspace = true }
 prost-reflect = { workspace = true, features = ["serde"] }
 prost-types = { workspace = true }

crates/ctl/src/cli/cpu_topology.rs

@@ -0,0 +1,46 @@
+use anyhow::Result;
+use clap::Parser;
+use krata::v1::control::{control_service_client::ControlServiceClient, HostCpuTopologyRequest};
+
+use tonic::{transport::Channel, Request};
+
+fn class_to_str(input: i32) -> String {
+    match input {
+        0 => "Standard".to_string(),
+        1 => "Performance".to_string(),
+        2 => "Efficiency".to_string(),
+        _ => "???".to_string(),
+    }
+}
+
+#[derive(Parser)]
+#[command(about = "Display information about a host's CPU topology")]
+pub struct CpuTopologyCommand {}
+
+impl CpuTopologyCommand {
+    pub async fn run(self, mut client: ControlServiceClient<Channel>) -> Result<()> {
+        println!(
+            "{0:<10} {1:<10} {2:<10} {3:<10} {4:<10} {5:<10}",
+            "CPUID", "Node", "Socket", "Core", "Thread", "Class"
+        );
+
+        let response = client
+            .get_host_cpu_topology(Request::new(HostCpuTopologyRequest {}))
+            .await?
+            .into_inner();
+
+        for (i, cpu) in response.cpus.iter().enumerate() {
+            println!(
+                "{0:<10} {1:<10} {2:<10} {3:<10} {4:<10} {5:<10}",
+                i,
+                cpu.node,
+                cpu.socket,
+                cpu.core,
+                cpu.thread,
+                class_to_str(cpu.class)
+            );
+        }
+
+        Ok(())
+    }
+}

crates/ctl/src/cli/mod.rs

@@ -1,4 +1,5 @@
 pub mod attach;
+pub mod cpu_topology;
 pub mod destroy;
 pub mod exec;
 pub mod identify_host;
@@ -23,9 +24,9 @@ use krata::{
 use tonic::{transport::Channel, Request};
 
 use self::{
-    attach::AttachCommand, destroy::DestroyCommand, exec::ExecCommand,
+    attach::AttachCommand, cpu_topology::CpuTopologyCommand, destroy::DestroyCommand,
-    identify_host::IdentifyHostCommand, idm_snoop::IdmSnoopCommand, launch::LaunchCommand,
+    exec::ExecCommand, identify_host::IdentifyHostCommand, idm_snoop::IdmSnoopCommand,
-    list::ListCommand, list_devices::ListDevicesCommand, logs::LogsCommand,
+    launch::LaunchCommand, list::ListCommand, list_devices::ListDevicesCommand, logs::LogsCommand,
     metrics::MetricsCommand, pull::PullCommand, resolve::ResolveCommand, top::TopCommand,
     watch::WatchCommand,
 };
@@ -61,6 +62,7 @@ pub enum Commands {
     Top(TopCommand),
     IdentifyHost(IdentifyHostCommand),
     Exec(ExecCommand),
+    CpuTopology(CpuTopologyCommand),
 }
 
 impl ControlCommand {
@@ -124,6 +126,10 @@ impl ControlCommand {
             Commands::ListDevices(list) => {
                 list.run(client, events).await?;
             }
+
+            Commands::CpuTopology(cpu_topology) => {
+                cpu_topology.run(client).await?;
+            }
         }
         Ok(())
     }

crates/daemon/Cargo.toml

@@ -17,9 +17,9 @@ circular-buffer = { workspace = true }
 clap = { workspace = true }
 env_logger = { workspace = true }
 futures = { workspace = true }
-krata = { path = "../krata", version = "^0.0.11" }
+krata = { path = "../krata", version = "^0.0.12" }
-krata-oci = { path = "../oci", version = "^0.0.11" }
+krata-oci = { path = "../oci", version = "^0.0.12" }
-krata-runtime = { path = "../runtime", version = "^0.0.11" }
+krata-runtime = { path = "../runtime", version = "^0.0.12" }
 log = { workspace = true }
 prost = { workspace = true }
 redb = { workspace = true }

crates/daemon/bin/daemon.rs

@@ -1,15 +1,31 @@
+use std::{
+    net::{SocketAddr, TcpStream},
+    str::FromStr,
+    sync::{atomic::AtomicBool, Arc},
+};
+
 use anyhow::Result;
 use clap::Parser;
-use env_logger::Env;
+use env_logger::fmt::Target;
-use kratad::command::DaemonCommand;
 use log::LevelFilter;
-use std::sync::{atomic::AtomicBool, Arc};
+
+use kratad::command::DaemonCommand;
 
 #[tokio::main(flavor = "multi_thread", worker_threads = 10)]
 async fn main() -> Result<()> {
-    env_logger::Builder::from_env(Env::default().default_filter_or("info"))
+    let mut builder = env_logger::Builder::new();
-        .filter(Some("backhand::filesystem::writer"), LevelFilter::Warn)
+    builder
-        .init();
+        .filter_level(LevelFilter::Trace)
+        .parse_default_env()
+        .filter(Some("backhand::filesystem::writer"), LevelFilter::Warn);
+
+    if let Ok(f_addr) = std::env::var("KRATA_FLUENT_ADDR") {
+        let target = SocketAddr::from_str(f_addr.as_str())?;
+        builder.target(Target::Pipe(Box::new(TcpStream::connect(target)?)));
+    }
+
+    builder.init();
+
     mask_sighup()?;
 
     let command = DaemonCommand::parse();

crates/daemon/src/config.rs

@@ -6,10 +6,18 @@ use tokio::fs;
 
 #[derive(Serialize, Deserialize, Clone, Debug, Default)]
 pub struct DaemonConfig {
+    #[serde(default)]
+    pub oci: OciConfig,
     #[serde(default)]
     pub pci: DaemonPciConfig,
 }
 
+#[derive(Serialize, Deserialize, Clone, Debug, Default)]
+pub struct OciConfig {
+    #[serde(default)]
+    pub seed: Option<String>,
+}
+
 #[derive(Serialize, Deserialize, Clone, Debug, Default)]
 pub struct DaemonPciConfig {
     #[serde(default)]

crates/daemon/src/control.rs

@@ -11,11 +11,12 @@ use krata::{
         control::{
             control_service_server::ControlService, ConsoleDataReply, ConsoleDataRequest,
             CreateGuestReply, CreateGuestRequest, DestroyGuestReply, DestroyGuestRequest,
-            DeviceInfo, ExecGuestReply, ExecGuestRequest, IdentifyHostReply, IdentifyHostRequest,
+            DeviceInfo, ExecGuestReply, ExecGuestRequest, HostCpuTopologyInfo,
-            ListDevicesReply, ListDevicesRequest, ListGuestsReply, ListGuestsRequest,
+            HostCpuTopologyReply, HostCpuTopologyRequest, HostPowerManagementPolicy,
-            PullImageReply, PullImageRequest, ReadGuestMetricsReply, ReadGuestMetricsRequest,
+            IdentifyHostReply, IdentifyHostRequest, ListDevicesReply, ListDevicesRequest,
-            ResolveGuestReply, ResolveGuestRequest, SnoopIdmReply, SnoopIdmRequest,
+            ListGuestsReply, ListGuestsRequest, PullImageReply, PullImageRequest,
-            WatchEventsReply, WatchEventsRequest,
+            ReadGuestMetricsReply, ReadGuestMetricsRequest, ResolveGuestReply, ResolveGuestRequest,
+            SnoopIdmReply, SnoopIdmRequest, WatchEventsReply, WatchEventsRequest,
         },
     },
 };
@@ -24,6 +25,7 @@ use krataoci::{
     packer::{service::OciPackerService, OciPackedFormat, OciPackedImage},
     progress::{OciProgress, OciProgressContext},
 };
+use kratart::Runtime;
 use std::{pin::Pin, str::FromStr};
 use tokio::{
     select,
@@ -68,6 +70,7 @@ pub struct DaemonControlService {
     guests: GuestStore,
     guest_reconciler_notify: Sender<Uuid>,
     packer: OciPackerService,
+    runtime: Runtime,
 }
 
 impl DaemonControlService {
@@ -81,6 +84,7 @@ impl DaemonControlService {
         guests: GuestStore,
         guest_reconciler_notify: Sender<Uuid>,
         packer: OciPackerService,
+        runtime: Runtime,
     ) -> Self {
         Self {
             glt,
@@ -91,6 +95,7 @@ impl DaemonControlService {
             guests,
             guest_reconciler_notify,
             packer,
+            runtime,
         }
     }
 }
@@ -548,4 +553,57 @@ impl ControlService for DaemonControlService {
         }
         Ok(Response::new(ListDevicesReply { devices }))
     }
+
+    async fn get_host_cpu_topology(
+        &self,
+        request: Request<HostCpuTopologyRequest>,
+    ) -> Result<Response<HostCpuTopologyReply>, Status> {
+        let _ = request.into_inner();
+        let power = self
+            .runtime
+            .power_management_context()
+            .await
+            .map_err(ApiError::from)?;
+        let cputopo = power.cpu_topology().await.map_err(ApiError::from)?;
+        let mut cpus = vec![];
+
+        for cpu in cputopo {
+            cpus.push(HostCpuTopologyInfo {
+                core: cpu.core,
+                socket: cpu.socket,
+                node: cpu.node,
+                thread: cpu.thread,
+                class: cpu.class as i32,
+            })
+        }
+
+        Ok(Response::new(HostCpuTopologyReply { cpus }))
+    }
+
+    async fn set_host_power_management_policy(
+        &self,
+        request: Request<HostPowerManagementPolicy>,
+    ) -> Result<Response<HostPowerManagementPolicy>, Status> {
+        let policy = request.into_inner();
+        let power = self
+            .runtime
+            .power_management_context()
+            .await
+            .map_err(ApiError::from)?;
+        let scheduler = &policy.scheduler;
+
+        power
+            .set_smt_policy(policy.smt_awareness)
+            .await
+            .map_err(ApiError::from)?;
+        power
+            .set_scheduler_policy(scheduler)
+            .await
+            .map_err(ApiError::from)?;
+
+        Ok(Response::new(HostPowerManagementPolicy {
+            scheduler: scheduler.to_string(),
+            smt_awareness: policy.smt_awareness,
+        }))
+    }
 }

crates/daemon/src/lib.rs

@@ -50,6 +50,7 @@ pub struct Daemon {
     idm: DaemonIdmHandle,
     console: DaemonConsoleHandle,
     packer: OciPackerService,
+    runtime: Runtime,
 }
 
 const GUEST_RECONCILER_QUEUE_LEN: usize = 1000;
@@ -92,7 +93,8 @@ impl Daemon {
         let kernel_path = detect_guest_path(&store, "kernel")?;
         let addons_path = detect_guest_path(&store, "addons.squashfs")?;
 
-        let packer = OciPackerService::new(None, &image_cache_dir, OciPlatform::current()).await?;
+        let seed = config.oci.seed.clone().map(PathBuf::from);
+        let packer = OciPackerService::new(seed, &image_cache_dir, OciPlatform::current()).await?;
         let runtime = Runtime::new(host_uuid).await?;
         let glt = GuestLookupTable::new(0, host_uuid);
         let guests_db_path = format!("{}/guests.db", store);
@@ -123,6 +125,15 @@ impl Daemon {
         let guest_reconciler_task = guest_reconciler.launch(guest_reconciler_receiver).await?;
         let generator_task = generator.launch().await?;
 
+        // TODO: Create a way of abstracting early init tasks in kratad.
+        // TODO: Make initial power management policy configurable.
+        // FIXME: Power management hypercalls fail when running as an L1 hypervisor.
+        // let power = runtime.power_management_context().await?;
+        // power.set_smt_policy(true).await?;
+        // power
+        //     .set_scheduler_policy("performance".to_string())
+        //     .await?;
+
         Ok(Self {
             store,
             _config: config,
@@ -136,6 +147,7 @@ impl Daemon {
             idm,
             console,
             packer,
+            runtime,
         })
     }
 
@@ -149,6 +161,7 @@ impl Daemon {
             self.guests.clone(),
             self.guest_reconciler_notify.clone(),
             self.packer.clone(),
+            self.runtime.clone(),
         );
 
         let mut server = Server::builder();

crates/daemon/src/reconcile/guest/mod.rs

@@ -127,7 +127,7 @@ impl GuestReconciler {
                         }
                     },
 
-                    _ = sleep(Duration::from_secs(5)) => {
+                    _ = sleep(Duration::from_secs(15)) => {
                         if let Err(error) = self.reconcile_runtime(false).await {
                             error!("runtime reconciler failed: {}", error);
                         }

crates/guest/Cargo.toml

@@ -14,8 +14,8 @@ cgroups-rs = { workspace = true }
 env_logger = { workspace = true }
 futures = { workspace = true }
 ipnetwork = { workspace = true }
-krata = { path = "../krata", version = "^0.0.11" }
+krata = { path = "../krata", version = "^0.0.12" }
-krata-xenstore = { path = "../xen/xenstore", version = "^0.0.11" }
+krata-xenstore = { path = "../xen/xenstore", version = "^0.0.12" }
 libc = { workspace = true }
 log = { workspace = true }
 nix = { workspace = true, features = ["ioctl", "process", "fs"] }

crates/krata/proto/krata/v1/control.proto

@@ -27,6 +27,9 @@ service ControlService {
     rpc WatchEvents(WatchEventsRequest) returns (stream WatchEventsReply);
 
     rpc PullImage(PullImageRequest) returns (stream PullImageReply);
+
+    rpc GetHostCpuTopology(HostCpuTopologyRequest) returns (HostCpuTopologyReply);
+    rpc SetHostPowerManagementPolicy(HostPowerManagementPolicy) returns (HostPowerManagementPolicy);
 }
 
 message IdentifyHostRequest {}
@@ -200,3 +203,30 @@ message ListDevicesRequest {}
 message ListDevicesReply {
     repeated DeviceInfo devices = 1;
 }
+
+enum HostCpuTopologyClass {
+    CPU_CLASS_STANDARD = 0;
+    CPU_CLASS_PERFORMANCE = 1;
+    CPU_CLASS_EFFICIENCY = 2;
+}
+
+message HostCpuTopologyInfo {
+    uint32 core = 1;
+    uint32 socket = 2;
+    uint32 node = 3;
+    uint32 thread = 4;
+    HostCpuTopologyClass class = 5;
+}
+
+message HostCpuTopologyRequest {}
+
+message HostCpuTopologyReply {
+    repeated HostCpuTopologyInfo cpus = 1;
+}
+
+message HostPowerManagementPolicyRequest {}
+
+message HostPowerManagementPolicy {
+    string scheduler = 1;
+    bool smt_awareness = 2;
+}

crates/loopdev/Cargo.toml

@@ -0,0 +1,15 @@
+[package]
+name = "krata-loopdev"
+description = "Loop device handling library for krata"
+license.workspace = true
+version.workspace = true
+homepage.workspace = true
+repository.workspace = true
+edition = "2021"
+resolver = "2"
+
+[lib]
+name = "krataloopdev"
+
+[dependencies]
+libc.workspace = true

crates/loopdev/src/lib.rs

@@ -0,0 +1,348 @@
+use libc::{c_int, ioctl};
+use std::{
+    fs::{File, OpenOptions},
+    io,
+    os::fd::{AsRawFd, IntoRawFd, RawFd},
+    os::unix::fs::MetadataExt,
+    path::{Path, PathBuf},
+};
+
+#[cfg(all(not(target_os = "android"), not(target_env = "musl")))]
+type IoctlRequest = libc::c_ulong;
+#[cfg(any(target_os = "android", target_env = "musl"))]
+type IoctlRequest = libc::c_int;
+
+const LOOP_CONTROL: &str = "/dev/loop-control";
+const LOOP_PREFIX: &str = "/dev/loop";
+
+/// Loop control interface IOCTLs.
+const LOOP_CTL_GET_FREE: IoctlRequest = 0x4C82;
+
+/// Loop device flags.
+const LO_FLAGS_READ_ONLY: u32 = 1;
+const LO_FLAGS_AUTOCLEAR: u32 = 4;
+const LO_FLAGS_PARTSCAN: u32 = 8;
+const LO_FLAGS_DIRECT_IO: u32 = 16;
+
+/// Loop device IOCTLs.
+const LOOP_SET_FD: IoctlRequest = 0x4C00;
+const LOOP_CLR_FD: IoctlRequest = 0x4C01;
+const LOOP_SET_STATUS64: IoctlRequest = 0x4C04;
+const LOOP_SET_CAPACITY: IoctlRequest = 0x4C07;
+const LOOP_SET_DIRECT_IO: IoctlRequest = 0x4C08;
+
+/// Interface which wraps a handle to the loop control device.
+#[derive(Debug)]
+pub struct LoopControl {
+    dev_file: File,
+}
+
+/// Translate ioctl results to errors if appropriate.
+fn translate_error(ret: i32) -> io::Result<i32> {
+    if ret < 0 {
+        Err(io::Error::last_os_error())
+    } else {
+        Ok(ret)
+    }
+}
+
+impl LoopControl {
+    /// Open the loop control device.
+    ///
+    /// # Errors
+    ///
+    /// Any errors from physically opening the loop control device are
+    /// bubbled up.
+    pub fn open() -> io::Result<Self> {
+        Ok(Self {
+            dev_file: OpenOptions::new()
+                .read(true)
+                .write(true)
+                .open(LOOP_CONTROL)?,
+        })
+    }
+
+    /// Requests the next available loop device from the kernel and opens it.
+    ///
+    /// # Examples
+    ///
+    /// ```no_run
+    /// use krataloopdev::LoopControl;
+    /// let lc = LoopControl::open().unwrap();
+    /// let ld = lc.next_free().unwrap();
+    /// println!("{}", ld.path().unwrap().display());
+    /// ```
+    ///
+    /// # Errors
+    ///
+    /// Any errors from opening the loop device are bubbled up.
+    pub fn next_free(&self) -> io::Result<LoopDevice> {
+        let dev_num = translate_error(unsafe {
+            ioctl(
+                self.dev_file.as_raw_fd() as c_int,
+                LOOP_CTL_GET_FREE as IoctlRequest,
+            )
+        })?;
+        LoopDevice::open(format!("{}{}", LOOP_PREFIX, dev_num))
+    }
+}
+
+/// Interface to a loop device itself, e.g. `/dev/loop0`.
+#[derive(Debug)]
+pub struct LoopDevice {
+    device: File,
+}
+
+impl AsRawFd for LoopDevice {
+    fn as_raw_fd(&self) -> RawFd {
+        self.device.as_raw_fd()
+    }
+}
+
+impl IntoRawFd for LoopDevice {
+    fn into_raw_fd(self) -> RawFd {
+        self.device.into_raw_fd()
+    }
+}
+
+impl LoopDevice {
+    /// Opens a loop device.
+    ///
+    /// # Errors
+    ///
+    /// Any errors from opening the underlying physical loop device are bubbled up.
+    pub fn open<P: AsRef<Path>>(dev: P) -> io::Result<Self> {
+        Ok(Self {
+            device: OpenOptions::new().read(true).write(true).open(dev)?,
+        })
+    }
+
+    /// Attach a loop device to a file with the given options.
+    pub fn with(&self) -> AttachOptions<'_> {
+        AttachOptions {
+            device: self,
+            info: LoopInfo64::default(),
+        }
+    }
+
+    /// Enables or disables Direct I/O mode.
+    pub fn set_direct_io(&self, direct_io: bool) -> io::Result<()> {
+        translate_error(unsafe {
+            ioctl(
+                self.device.as_raw_fd() as c_int,
+                LOOP_SET_DIRECT_IO as IoctlRequest,
+                if direct_io { 1 } else { 0 },
+            )
+        })?;
+        Ok(())
+    }
+
+    /// Attach the loop device to a fully-mapped file.
+    pub fn attach_file<P: AsRef<Path>>(&self, backing_file: P) -> io::Result<()> {
+        let info = LoopInfo64 {
+            ..Default::default()
+        };
+
+        Self::attach_with_loop_info(self, backing_file, info)
+    }
+
+    /// Attach the loop device to a file with `LoopInfo64`.
+    fn attach_with_loop_info(
+        &self,
+        backing_file: impl AsRef<Path>,
+        info: LoopInfo64,
+    ) -> io::Result<()> {
+        let write_access = (info.lo_flags & LO_FLAGS_READ_ONLY) == 0;
+        let bf = OpenOptions::new()
+            .read(true)
+            .write(write_access)
+            .open(backing_file)?;
+        self.attach_fd_with_loop_info(bf, info)
+    }
+
+    /// Attach the loop device to a file descriptor with `LoopInfo64`.
+    fn attach_fd_with_loop_info(&self, bf: impl AsRawFd, info: LoopInfo64) -> io::Result<()> {
+        translate_error(unsafe {
+            ioctl(
+                self.device.as_raw_fd() as c_int,
+                LOOP_SET_FD as IoctlRequest,
+                bf.as_raw_fd() as c_int,
+            )
+        })?;
+
+        let result = unsafe {
+            ioctl(
+                self.device.as_raw_fd() as c_int,
+                LOOP_SET_STATUS64 as IoctlRequest,
+                &info,
+            )
+        };
+
+        match translate_error(result) {
+            Err(err) => {
+                let _detach_err = self.detach();
+                Err(err)
+            }
+            Ok(_) => Ok(()),
+        }
+    }
+
+    /// Get the path for the loop device.
+    pub fn path(&self) -> Option<PathBuf> {
+        let mut p = PathBuf::from("/proc/self/fd");
+        p.push(self.device.as_raw_fd().to_string());
+        std::fs::read_link(&p).ok()
+    }
+
+    /// Detach a loop device.
+    pub fn detach(&self) -> io::Result<()> {
+        translate_error(unsafe {
+            ioctl(
+                self.device.as_raw_fd() as c_int,
+                LOOP_CLR_FD as IoctlRequest,
+                0,
+            )
+        })?;
+        Ok(())
+    }
+
+    /// Update a loop device's capacity.
+    pub fn set_capacity(&self) -> io::Result<()> {
+        translate_error(unsafe {
+            ioctl(
+                self.device.as_raw_fd() as c_int,
+                LOOP_SET_CAPACITY as IoctlRequest,
+                0,
+            )
+        })?;
+        Ok(())
+    }
+
+    /// Return the major device node number.
+    pub fn major(&self) -> io::Result<u32> {
+        self.device
+            .metadata()
+            .map(|m| unsafe { libc::major(m.rdev()) })
+    }
+
+    /// Return the minor device node number.
+    pub fn minor(&self) -> io::Result<u32> {
+        self.device
+            .metadata()
+            .map(|m| unsafe { libc::minor(m.rdev()) })
+    }
+}
+
+#[allow(dead_code)]
+#[derive(Clone)]
+pub struct LoopInfo64 {
+    lo_device: u64,
+    lo_inode: u64,
+    lo_rdevice: u64,
+    lo_offset: u64,
+    lo_sizelimit: u64,
+    lo_number: u32,
+    lo_encrypt_type: u32,
+    lo_encrypt_key_size: u32,
+    lo_flags: u32,
+    lo_file_name: [u8; 64],
+    lo_crypt_name: [u8; 64],
+    lo_encrypt_key: [u8; 32],
+    lo_init: [u64; 2],
+}
+
+impl Default for LoopInfo64 {
+    fn default() -> Self {
+        Self {
+            lo_device: 0,
+            lo_inode: 0,
+            lo_rdevice: 0,
+            lo_offset: 0,
+            lo_sizelimit: 0,
+            lo_number: 0,
+            lo_encrypt_type: 0,
+            lo_encrypt_key_size: 0,
+            lo_flags: 0,
+            lo_file_name: [0; 64],
+            lo_crypt_name: [0; 64],
+            lo_encrypt_key: [0; 32],
+            lo_init: [0, 2],
+        }
+    }
+}
+
+#[must_use]
+pub struct AttachOptions<'d> {
+    device: &'d LoopDevice,
+    info: LoopInfo64,
+}
+
+impl AttachOptions<'_> {
+    pub fn offset(mut self, offset: u64) -> Self {
+        self.info.lo_offset = offset;
+        self
+    }
+
+    pub fn size_limit(mut self, size_limit: u64) -> Self {
+        self.info.lo_sizelimit = size_limit;
+        self
+    }
+
+    pub fn read_only(mut self, read_only: bool) -> Self {
+        if read_only {
+            self.info.lo_flags |= LO_FLAGS_READ_ONLY;
+        } else {
+            self.info.lo_flags &= !LO_FLAGS_READ_ONLY;
+        }
+        self
+    }
+
+    pub fn autoclear(mut self, autoclear: bool) -> Self {
+        if autoclear {
+            self.info.lo_flags |= LO_FLAGS_AUTOCLEAR;
+        } else {
+            self.info.lo_flags &= !LO_FLAGS_AUTOCLEAR;
+        }
+        self
+    }
+
+    pub fn part_scan(mut self, part_scan: bool) -> Self {
+        if part_scan {
+            self.info.lo_flags |= LO_FLAGS_PARTSCAN;
+        } else {
+            self.info.lo_flags &= !LO_FLAGS_PARTSCAN;
+        }
+        self
+    }
+
+    pub fn set_direct_io(mut self, direct_io: bool) -> Self {
+        if direct_io {
+            self.info.lo_flags |= LO_FLAGS_DIRECT_IO;
+        } else {
+            self.info.lo_flags &= !LO_FLAGS_DIRECT_IO;
+        }
+        self
+    }
+
+    pub fn direct_io(&self) -> bool {
+        (self.info.lo_flags & LO_FLAGS_DIRECT_IO) == LO_FLAGS_DIRECT_IO
+    }
+
+    pub fn attach(&self, backing_file: impl AsRef<Path>) -> io::Result<()> {
+        self.device
+            .attach_with_loop_info(backing_file, self.info.clone())?;
+        if self.direct_io() {
+            self.device.set_direct_io(self.direct_io())?;
+        }
+        Ok(())
+    }
+
+    pub fn attach_fd(&self, backing_file_fd: impl AsRawFd) -> io::Result<()> {
+        self.device
+            .attach_fd_with_loop_info(backing_file_fd, self.info.clone())?;
+        if self.direct_io() {
+            self.device.set_direct_io(self.direct_io())?;
+        }
+        Ok(())
+    }
+}

crates/network/Cargo.toml

@@ -16,7 +16,7 @@ clap = { workspace = true }
 env_logger = { workspace = true }
 etherparse = { workspace = true }
 futures = { workspace = true }
-krata = { path = "../krata", version = "^0.0.11" }
+krata = { path = "../krata", version = "^0.0.12" }
 krata-advmac = { workspace = true }
 libc = { workspace = true }
 log = { workspace = true }

crates/runtime/Cargo.toml

@@ -12,20 +12,22 @@ resolver = "2"
 anyhow = { workspace = true }
 backhand = { workspace = true }
 ipnetwork = { workspace = true }
-krata = { path = "../krata", version = "^0.0.11" }
+krata = { path = "../krata", version = "^0.0.12" }
 krata-advmac = { workspace = true }
-krata-oci = { path = "../oci", version = "^0.0.11" }
+krata-oci = { path = "../oci", version = "^0.0.12" }
 log = { workspace = true }
-loopdev-3 = { workspace = true }
 serde_json = { workspace = true }
 tokio = { workspace = true }
 uuid = { workspace = true }
-krata-xenclient = { path = "../xen/xenclient", version = "^0.0.11" }
+krata-loopdev = { path = "../loopdev", version = "^0.0.12" }
-krata-xenevtchn = { path = "../xen/xenevtchn", version = "^0.0.11" }
+krata-xencall = { path = "../xen/xencall", version = "^0.0.12" }
-krata-xengnt = { path = "../xen/xengnt", version = "^0.0.11" }
+krata-xenclient = { path = "../xen/xenclient", version = "^0.0.12" }
-krata-xenplatform = { path = "../xen/xenplatform", version = "^0.0.11" }
+krata-xenevtchn = { path = "../xen/xenevtchn", version = "^0.0.12" }
-krata-xenstore = { path = "../xen/xenstore", version = "^0.0.11" }
+krata-xengnt = { path = "../xen/xengnt", version = "^0.0.12" }
+krata-xenplatform = { path = "../xen/xenplatform", version = "^0.0.12" }
+krata-xenstore = { path = "../xen/xenstore", version = "^0.0.12" }
 walkdir = { workspace = true }
+indexmap = { workspace = true }
 
 [lib]
 name = "kratart"

crates/runtime/src/autoloop.rs

@@ -1,8 +1,8 @@
 use std::{sync::Arc, time::Duration};
 
 use anyhow::{anyhow, Result};
+use krataloopdev::{LoopControl, LoopDevice};
 use log::debug;
-use loopdev::{LoopControl, LoopDevice};
 use tokio::time::sleep;
 use xenclient::BlockDeviceRef;
 

crates/runtime/src/launch.rs

@@ -229,7 +229,7 @@ impl GuestLauncher {
                 cmdline,
                 uuid,
                 owner_domid: 0,
-                enable_iommu: true,
+                enable_iommu: !request.pcis.is_empty(),
             },
             backend_domid: 0,
             name: xen_name,

crates/runtime/src/lib.rs

@@ -3,8 +3,8 @@ use std::{fs, net::Ipv4Addr, path::PathBuf, str::FromStr, sync::Arc};
 use anyhow::{anyhow, Result};
 use ip::IpVendor;
 use ipnetwork::{IpNetwork, Ipv4Network, Ipv6Network};
+use krataloopdev::LoopControl;
 use log::error;
-use loopdev::LoopControl;
 use tokio::sync::Semaphore;
 use uuid::Uuid;
 use xenclient::XenClient;
@@ -13,6 +13,7 @@ use xenstore::{XsdClient, XsdInterface};
 use self::{
     autoloop::AutoLoop,
     launch::{GuestLaunchRequest, GuestLauncher},
+    power::PowerManagementContext,
 };
 
 pub mod autoloop;
@@ -20,6 +21,7 @@ pub mod cfgblk;
 pub mod channel;
 pub mod ip;
 pub mod launch;
+pub mod power;
 
 #[cfg(target_arch = "x86_64")]
 type RuntimePlatform = xenplatform::x86pv::X86PvPlatform;
@@ -321,4 +323,9 @@ impl Runtime {
     pub async fn dupe(&self) -> Result<Runtime> {
         Runtime::new(self.host_uuid).await
     }
+
+    pub async fn power_management_context(&self) -> Result<PowerManagementContext> {
+        let context = RuntimeContext::new(self.host_uuid).await?;
+        Ok(PowerManagementContext { context })
+    }
 }

crates/runtime/src/power.rs

@@ -0,0 +1,167 @@
+use anyhow::Result;
+use indexmap::IndexMap;
+use xencall::sys::{CpuId, SysctlCputopo};
+
+use crate::RuntimeContext;
+
+#[derive(Clone)]
+pub struct PowerManagementContext {
+    pub context: RuntimeContext,
+}
+
+#[derive(Clone, Copy, Debug)]
+pub enum CpuClass {
+    Standard,
+    Performance,
+    Efficiency,
+}
+
+#[derive(Clone, Copy, Debug)]
+pub struct CpuTopologyInfo {
+    pub core: u32,
+    pub socket: u32,
+    pub node: u32,
+    pub thread: u32,
+    pub class: CpuClass,
+}
+
+fn labelled_topo(input: &[SysctlCputopo]) -> Vec<CpuTopologyInfo> {
+    let mut cores: IndexMap<(u32, u32, u32), Vec<CpuTopologyInfo>> = IndexMap::new();
+    let mut pe_cores = false;
+    let mut last: Option<SysctlCputopo> = None;
+
+    for item in input {
+        if cores.is_empty() {
+            cores.insert(
+                (item.core, item.socket, item.node),
+                vec![CpuTopologyInfo {
+                    core: item.core,
+                    socket: item.socket,
+                    thread: 0,
+                    node: item.node,
+                    class: CpuClass::Standard,
+                }],
+            );
+            last = Some(*item);
+            continue;
+        }
+
+        if last
+            .map(|last| {
+                item.core
+                    .checked_sub(last.core)
+                    .map(|diff| diff >= 3)
+                    .unwrap_or(false)
+            })
+            .unwrap_or(false)
+        {
+            // detect if performance cores seem to be kicking in.
+            if let Some(last) = last {
+                if let Some(list) = cores.get_mut(&(last.core, last.socket, last.node)) {
+                    for other in list {
+                        other.class = CpuClass::Performance;
+                    }
+                }
+            }
+            let list = cores
+                .entry((item.core, item.socket, item.node))
+                .or_default();
+            for old in &mut *list {
+                old.class = CpuClass::Performance;
+            }
+            list.push(CpuTopologyInfo {
+                core: item.core,
+                socket: item.socket,
+                thread: 0,
+                node: item.node,
+                class: CpuClass::Performance,
+            });
+            pe_cores = true;
+        } else if pe_cores && last.map(|last| item.core == last.core + 1).unwrap_or(false) {
+            // detect efficiency cores if P/E cores are in use.
+            if let Some(last) = last {
+                if let Some(list) = cores.get_mut(&(last.core, last.socket, last.node)) {
+                    for other in list {
+                        other.class = CpuClass::Efficiency;
+                    }
+                }
+            }
+            let list = cores
+                .entry((item.core, item.socket, item.node))
+                .or_default();
+            list.push(CpuTopologyInfo {
+                core: item.core,
+                socket: item.socket,
+                thread: 0,
+                node: item.node,
+                class: CpuClass::Efficiency,
+            });
+        } else {
+            let list = cores
+                .entry((item.core, item.socket, item.node))
+                .or_default();
+            if list.is_empty() {
+                list.push(CpuTopologyInfo {
+                    core: item.core,
+                    socket: item.socket,
+                    thread: 0,
+                    node: item.node,
+                    class: CpuClass::Standard,
+                });
+            } else {
+                list.push(CpuTopologyInfo {
+                    core: item.core,
+                    socket: item.socket,
+                    thread: 0,
+                    node: item.node,
+                    class: list
+                        .first()
+                        .map(|first| first.class)
+                        .unwrap_or(CpuClass::Standard),
+                });
+            }
+        }
+        last = Some(*item);
+    }
+
+    for threads in cores.values_mut() {
+        for (index, thread) in threads.iter_mut().enumerate() {
+            thread.thread = index as u32;
+        }
+    }
+
+    cores.into_values().flatten().collect::<Vec<_>>()
+}
+
+impl PowerManagementContext {
+    /// Get the CPU topology, with SMT awareness.
+    /// Also translates Intel p-core/e-core nonsense: non-sequential core identifiers
+    /// are treated as p-cores, while e-cores behave as standard cores.
+    /// If there is a p-core/e-core split, then CPU class will be defined as
+    /// `CpuClass::Performance` or `CpuClass::Efficiency`, else `CpuClass::Standard`.
+    pub async fn cpu_topology(&self) -> Result<Vec<CpuTopologyInfo>> {
+        let xentopo = self.context.xen.call.cpu_topology().await?;
+        let logicaltopo = labelled_topo(&xentopo);
+        Ok(logicaltopo)
+    }
+
+    /// Enable or disable SMT awareness in the scheduler.
+    pub async fn set_smt_policy(&self, enable: bool) -> Result<()> {
+        self.context
+            .xen
+            .call
+            .set_turbo_mode(CpuId::All, enable)
+            .await?;
+        Ok(())
+    }
+
+    /// Set scheduler policy name.
+    pub async fn set_scheduler_policy(&self, policy: impl AsRef<str>) -> Result<()> {
+        self.context
+            .xen
+            .call
+            .set_cpufreq_gov(CpuId::All, policy)
+            .await?;
+        Ok(())
+    }
+}

crates/xen/xencall/Cargo.toml

@@ -33,3 +33,7 @@ path = "examples/domain_create.rs"
 [[example]]
 name = "xencall-version-capabilities"
 path = "examples/version_capabilities.rs"
+
+[[example]]
+name = "xencall-power-management"
+path = "examples/power_management.rs"

crates/xen/xencall/examples/cputopo.rs

@@ -0,0 +1,19 @@
+use xencall::error::Result;
+use xencall::sys::CpuId;
+use xencall::XenCall;
+
+#[tokio::main]
+async fn main() -> Result<()> {
+    env_logger::init();
+
+    let call = XenCall::open(0)?;
+    let physinfo = call.phys_info().await?;
+    println!("{:?}", physinfo);
+    let topology = call.cpu_topology().await?;
+    println!("{:?}", topology);
+    call.set_cpufreq_gov(CpuId::All, "performance").await?;
+    call.set_cpufreq_gov(CpuId::Single(0), "performance")
+        .await?;
+    call.set_turbo_mode(CpuId::All, true).await?;
+    Ok(())
+}

crates/xen/xencall/examples/power_management.rs

@@ -0,0 +1,19 @@
+use xencall::error::Result;
+use xencall::sys::CpuId;
+use xencall::XenCall;
+
+#[tokio::main]
+async fn main() -> Result<()> {
+    env_logger::init();
+
+    let call = XenCall::open(0)?;
+    let physinfo = call.phys_info().await?;
+    println!("{:?}", physinfo);
+    let topology = call.cpu_topology().await?;
+    println!("{:?}", topology);
+    call.set_cpufreq_gov(CpuId::All, "performance").await?;
+    call.set_cpufreq_gov(CpuId::Single(0), "performance")
+        .await?;
+    call.set_turbo_mode(CpuId::All, true).await?;
+    Ok(())
+}

crates/xen/xencall/src/error.rs

@@ -14,6 +14,8 @@ pub enum Error {
     PopulatePhysmapFailed,
     #[error("mmap batch failed: {0}")]
     MmapBatchFailed(nix::errno::Errno),
+    #[error("specified value is too long")]
+    ValueTooLong,
 }
 
 pub type Result<T> = std::result::Result<T, Error>;

crates/xen/xencall/src/lib.rs

@@ -25,9 +25,13 @@ use std::ffi::{c_long, c_uint, c_ulong, c_void};
 use std::sync::Arc;
 use std::time::Duration;
 use sys::{
-    E820Entry, ForeignMemoryMap, PhysdevMapPirq, VcpuGuestContextAny, HYPERVISOR_PHYSDEV_OP,
+    CpuId, E820Entry, ForeignMemoryMap, PhysdevMapPirq, Sysctl, SysctlCputopo, SysctlCputopoinfo,
-    PHYSDEVOP_MAP_PIRQ, XEN_DOMCTL_MAX_INTERFACE_VERSION, XEN_DOMCTL_MIN_INTERFACE_VERSION,
+    SysctlPhysinfo, SysctlPmOp, SysctlPmOpValue, SysctlSetCpuFreqGov, SysctlValue,
-    XEN_MEM_SET_MEMORY_MAP,
+    VcpuGuestContextAny, HYPERVISOR_PHYSDEV_OP, HYPERVISOR_SYSCTL, PHYSDEVOP_MAP_PIRQ,
+    XEN_DOMCTL_MAX_INTERFACE_VERSION, XEN_DOMCTL_MIN_INTERFACE_VERSION, XEN_MEM_SET_MEMORY_MAP,
+    XEN_SYSCTL_CPUTOPOINFO, XEN_SYSCTL_MAX_INTERFACE_VERSION, XEN_SYSCTL_MIN_INTERFACE_VERSION,
+    XEN_SYSCTL_PHYSINFO, XEN_SYSCTL_PM_OP, XEN_SYSCTL_PM_OP_DISABLE_TURBO,
+    XEN_SYSCTL_PM_OP_ENABLE_TURBO,
 };
 use tokio::sync::Semaphore;
 use tokio::time::sleep;
@@ -42,6 +46,7 @@ pub struct XenCall {
     pub handle: Arc<File>,
     semaphore: Arc<Semaphore>,
     domctl_interface_version: u32,
+    sysctl_interface_version: u32,
 }
 
 impl XenCall {
@@ -52,10 +57,12 @@ impl XenCall {
             .open("/dev/xen/privcmd")?;
         let domctl_interface_version =
             XenCall::detect_domctl_interface_version(&handle, current_domid)?;
+        let sysctl_interface_version = XenCall::detect_sysctl_interface_version(&handle)?;
         Ok(XenCall {
             handle: Arc::new(handle),
             semaphore: Arc::new(Semaphore::new(1)),
             domctl_interface_version,
+            sysctl_interface_version,
         })
     }
 
@@ -83,6 +90,32 @@ impl XenCall {
         Err(Error::XenVersionUnsupported)
     }
 
+    fn detect_sysctl_interface_version(handle: &File) -> Result<u32> {
+        for version in XEN_SYSCTL_MIN_INTERFACE_VERSION..XEN_SYSCTL_MAX_INTERFACE_VERSION + 1 {
+            let mut sysctl = Sysctl {
+                cmd: XEN_SYSCTL_CPUTOPOINFO,
+                interface_version: version,
+                value: SysctlValue {
+                    cputopoinfo: SysctlCputopoinfo {
+                        num_cpus: 0,
+                        handle: 0,
+                    },
+                },
+            };
+            unsafe {
+                let mut call = Hypercall {
+                    op: HYPERVISOR_SYSCTL,
+                    arg: [addr_of_mut!(sysctl) as u64, 0, 0, 0, 0],
+                };
+                let result = sys::hypercall(handle.as_raw_fd(), &mut call).unwrap_or(-1);
+                if result == 0 {
+                    return Ok(version);
+                }
+            }
+        }
+        Err(Error::XenVersionUnsupported)
+    }
+
     pub async fn mmap(&self, addr: u64, len: u64) -> Option<u64> {
         let _permit = self.semaphore.acquire().await.ok()?;
         trace!(
@@ -917,4 +950,141 @@ impl XenCall {
             .await?;
         Ok(())
     }
+
+    pub async fn cpu_topology(&self) -> Result<Vec<SysctlCputopo>> {
+        let mut sysctl = Sysctl {
+            cmd: XEN_SYSCTL_CPUTOPOINFO,
+            interface_version: self.sysctl_interface_version,
+            value: SysctlValue {
+                cputopoinfo: SysctlCputopoinfo {
+                    num_cpus: 0,
+                    handle: 0,
+                },
+            },
+        };
+        self.hypercall1(HYPERVISOR_SYSCTL, addr_of_mut!(sysctl) as c_ulong)
+            .await?;
+        let cpus = unsafe { sysctl.value.cputopoinfo.num_cpus };
+        let mut topos = vec![
+            SysctlCputopo {
+                core: 0,
+                socket: 0,
+                node: 0
+            };
+            cpus as usize
+        ];
+        let mut sysctl = Sysctl {
+            cmd: XEN_SYSCTL_CPUTOPOINFO,
+            interface_version: self.sysctl_interface_version,
+            value: SysctlValue {
+                cputopoinfo: SysctlCputopoinfo {
+                    num_cpus: cpus,
+                    handle: topos.as_mut_ptr() as c_ulong,
+                },
+            },
+        };
+        self.hypercall1(HYPERVISOR_SYSCTL, addr_of_mut!(sysctl) as c_ulong)
+            .await?;
+        Ok(topos)
+    }
+
+    pub async fn phys_info(&self) -> Result<SysctlPhysinfo> {
+        let mut sysctl = Sysctl {
+            cmd: XEN_SYSCTL_PHYSINFO,
+            interface_version: self.sysctl_interface_version,
+            value: SysctlValue {
+                phys_info: SysctlPhysinfo::default(),
+            },
+        };
+        self.hypercall1(HYPERVISOR_SYSCTL, addr_of_mut!(sysctl) as c_ulong)
+            .await?;
+        Ok(unsafe { sysctl.value.phys_info })
+    }
+
+    pub async fn set_cpufreq_gov(&self, cpuid: CpuId, gov: impl AsRef<str>) -> Result<()> {
+        match cpuid {
+            CpuId::All => {
+                let phys_info = self.phys_info().await?;
+                for cpuid in 0..phys_info.max_cpu_id + 1 {
+                    self.do_set_cpufreq_gov(cpuid, gov.as_ref()).await?;
+                }
+            }
+
+            CpuId::Single(id) => {
+                self.do_set_cpufreq_gov(id, gov).await?;
+            }
+        }
+        Ok(())
+    }
+
+    async fn do_set_cpufreq_gov(&self, cpuid: u32, gov: impl AsRef<str>) -> Result<()> {
+        let governor = gov.as_ref().as_bytes().to_vec();
+        if governor.len() > 15 {
+            return Err(Error::ValueTooLong);
+        }
+
+        let mut scaling_governor = [0u8; 16];
+
+        // leave space for the last byte to be zero at all times.
+        for i in 0..15usize {
+            if i >= governor.len() {
+                break;
+            }
+            scaling_governor[i] = governor[i];
+        }
+
+        let mut sysctl = Sysctl {
+            cmd: XEN_SYSCTL_PM_OP,
+            interface_version: self.sysctl_interface_version,
+            value: SysctlValue {
+                pm_op: SysctlPmOp {
+                    cmd: XEN_SYSCTL_PM_OP_ENABLE_TURBO,
+                    cpuid,
+                    value: SysctlPmOpValue {
+                        set_gov: SysctlSetCpuFreqGov { scaling_governor },
+                    },
+                },
+            },
+        };
+        self.hypercall1(HYPERVISOR_SYSCTL, addr_of_mut!(sysctl) as c_ulong)
+            .await?;
+        Ok(())
+    }
+
+    pub async fn set_turbo_mode(&self, cpuid: CpuId, enable: bool) -> Result<()> {
+        match cpuid {
+            CpuId::All => {
+                let phys_info = self.phys_info().await?;
+                for cpuid in 0..phys_info.max_cpu_id + 1 {
+                    self.do_set_turbo_mode(cpuid, enable).await?;
+                }
+            }
+
+            CpuId::Single(id) => {
+                self.do_set_turbo_mode(id, enable).await?;
+            }
+        }
+        Ok(())
+    }
+
+    async fn do_set_turbo_mode(&self, cpuid: u32, enable: bool) -> Result<()> {
+        let mut sysctl = Sysctl {
+            cmd: XEN_SYSCTL_PM_OP,
+            interface_version: self.sysctl_interface_version,
+            value: SysctlValue {
+                pm_op: SysctlPmOp {
+                    cmd: if enable {
+                        XEN_SYSCTL_PM_OP_ENABLE_TURBO
+                    } else {
+                        XEN_SYSCTL_PM_OP_DISABLE_TURBO
+                    },
+                    cpuid,
+                    value: SysctlPmOpValue { pad: [0u8; 128] },
+                },
+            },
+        };
+        self.hypercall1(HYPERVISOR_SYSCTL, addr_of_mut!(sysctl) as c_ulong)
+            .await?;
+        Ok(())
+    }
 }

crates/xen/xencall/src/sys.rs

@@ -712,3 +712,92 @@ pub struct HvmContext {
 pub struct PagingMempool {
     pub size: u64,
 }
+
+#[repr(C)]
+#[derive(Clone, Copy, Debug)]
+pub struct SysctlCputopo {
+    pub core: u32,
+    pub socket: u32,
+    pub node: u32,
+}
+
+#[repr(C)]
+#[derive(Clone, Copy, Debug)]
+pub struct SysctlSetCpuFreqGov {
+    pub scaling_governor: [u8; 16],
+}
+
+#[repr(C)]
+#[derive(Clone, Copy)]
+pub union SysctlPmOpValue {
+    pub set_gov: SysctlSetCpuFreqGov,
+    pub opt_smt: u32,
+    pub pad: [u8; 128],
+}
+
+#[repr(C)]
+#[derive(Clone, Copy)]
+pub struct SysctlPmOp {
+    pub cmd: u32,
+    pub cpuid: u32,
+    pub value: SysctlPmOpValue,
+}
+
+#[repr(C)]
+#[derive(Clone, Copy, Debug)]
+pub struct SysctlCputopoinfo {
+    pub num_cpus: u32,
+    pub handle: c_ulong,
+}
+
+#[repr(C)]
+pub union SysctlValue {
+    pub cputopoinfo: SysctlCputopoinfo,
+    pub pm_op: SysctlPmOp,
+    pub phys_info: SysctlPhysinfo,
+    pub pad: [u8; 128],
+}
+
+#[repr(C)]
+pub struct Sysctl {
+    pub cmd: u32,
+    pub interface_version: u32,
+    pub value: SysctlValue,
+}
+
+pub const XEN_SYSCTL_PHYSINFO: u32 = 3;
+pub const XEN_SYSCTL_PM_OP: u32 = 12;
+pub const XEN_SYSCTL_CPUTOPOINFO: u32 = 16;
+
+pub const XEN_SYSCTL_MIN_INTERFACE_VERSION: u32 = 0x00000015;
+pub const XEN_SYSCTL_MAX_INTERFACE_VERSION: u32 = 0x00000020;
+pub const XEN_SYSCTL_PM_OP_SET_SCHED_OPT_STMT: u32 = 0x21;
+pub const XEN_SYSCTL_PM_OP_ENABLE_TURBO: u32 = 0x26;
+pub const XEN_SYSCTL_PM_OP_DISABLE_TURBO: u32 = 0x27;
+
+#[derive(Clone, Copy, Debug)]
+pub enum CpuId {
+    All,
+    Single(u32),
+}
+
+#[repr(C)]
+#[derive(Clone, Copy, Debug, Default)]
+pub struct SysctlPhysinfo {
+    pub threads_per_core: u32,
+    pub cores_per_socket: u32,
+    pub nr_cpus: u32,
+    pub max_cpu_id: u32,
+    pub nr_nodes: u32,
+    pub max_node_id: u32,
+    pub cpu_khz: u32,
+    pub capabilities: u32,
+    pub arch_capabilities: u32,
+    pub pad: u32,
+    pub total_pages: u64,
+    pub free_pages: u64,
+    pub scrub_pages: u64,
+    pub outstanding_pages: u64,
+    pub max_mfn: u64,
+    pub hw_cap: [u32; 8],
+}

crates/xen/xenclient/Cargo.toml

@@ -13,9 +13,9 @@ async-trait = { workspace = true }
 indexmap = { workspace = true }
 libc = { workspace = true }
 log = { workspace = true }
-krata-xencall = { path = "../xencall", version = "^0.0.11" }
+krata-xencall = { path = "../xencall", version = "^0.0.12" }
-krata-xenplatform = { path = "../xenplatform", version = "^0.0.11" }
+krata-xenplatform = { path = "../xenplatform", version = "^0.0.12" }
-krata-xenstore = { path = "../xenstore", version = "^0.0.11" }
+krata-xenstore = { path = "../xenstore", version = "^0.0.12" }
 regex = { workspace = true }
 thiserror = { workspace = true }
 tokio = { workspace = true }

crates/xen/xenclient/src/lib.rs

@@ -21,7 +21,7 @@ pub mod tx;
 #[derive(Clone)]
 pub struct XenClient<P: BootSetupPlatform> {
     pub store: XsdClient,
-    call: XenCall,
+    pub call: XenCall,
     domain_manager: Arc<BaseDomainManager<P>>,
 }
 

crates/xen/xenplatform/Cargo.toml

@@ -16,7 +16,7 @@ flate2 = { workspace = true }
 indexmap = { workspace = true }
 libc = { workspace = true }
 log = { workspace = true }
-krata-xencall = { path = "../xencall", version = "^0.0.11" }
+krata-xencall = { path = "../xencall", version = "^0.0.12" }
 memchr = { workspace = true }
 nix = { workspace = true }
 regex = { workspace = true }

hack/debug/common.sh

@@ -28,5 +28,5 @@ build_and_run() {
   fi
   RUST_TARGET="$(./hack/build/target.sh)"
   ./hack/build/cargo.sh build ${CARGO_BUILD_FLAGS} --bin "${EXE_TARGET}"
-  exec sudo sh -c "RUST_LOG='${RUST_LOG}' 'target/${RUST_TARGET}/debug/${EXE_TARGET}' $*"
+  exec sudo -E sh -c "RUST_LOG='${RUST_LOG}' 'target/${RUST_TARGET}/debug/${EXE_TARGET}' $*"
 }

hack/dist/systar.sh

@@ -22,9 +22,9 @@ tar xf "${OUTPUT_DIR}/bundle-systemd-${TARGET_ARCH}.tgz"
 mkdir sys
 cd sys
 
-mkdir -p usr/bin usr/libexec
+mkdir -p usr/bin usr/sbin
 mv ../krata/kratactl usr/bin
-mv ../krata/kratanet ../krata/kratad usr/libexec/
+mv ../krata/kratanet ../krata/kratad usr/sbin/
 
 if [ "${SYSTAR_VARIANT}" = "openrc" ]
 then

images/Dockerfile.krata-guest-init

@@ -0,0 +1,10 @@
+FROM rust:1.79-alpine AS build
+RUN apk update && apk add protoc protobuf-dev build-base && rm -rf /var/cache/apk/*
+ENV TARGET_LIBC=musl TARGET_VENDOR=unknown
+
+WORKDIR /usr/src/app
+COPY . .
+RUN ./hack/initrd/build.sh && cp target/initrd/initrd-* target/initrd/initrd
+
+FROM scratch AS final
+COPY --from=build /usr/src/app/target/initrd/initrd /krata/initrd

images/Dockerfile.kratactl

@@ -0,0 +1,12 @@
+FROM rust:1.79-alpine AS build
+RUN apk update && apk add protoc protobuf-dev build-base && rm -rf /var/cache/apk/*
+ENV TARGET_LIBC=musl TARGET_VENDOR=unknown
+
+WORKDIR /usr/src/app
+COPY . .
+RUN ./hack/build/cargo.sh build --release --bin kratactl
+RUN mv ./target/$(./hack/build/target.sh)/release/kratactl /usr/sbin
+
+FROM scratch
+ENTRYPOINT ["/usr/sbin/kratactl"]
+COPY --from=build /usr/sbin/kratactl /usr/sbin/kratactl

images/Dockerfile.kratad

@@ -0,0 +1,13 @@
+FROM rust:1.79-alpine AS build
+RUN apk update && apk add protoc protobuf-dev build-base && rm -rf /var/cache/apk/*
+ENV TARGET_LIBC=musl TARGET_VENDOR=unknown
+
+WORKDIR /usr/src/app
+COPY . .
+RUN ./hack/build/cargo.sh build --release --bin kratad
+RUN mv ./target/$(./hack/build/target.sh)/release/kratad /usr/sbin
+
+FROM scratch
+ENTRYPOINT ["/usr/sbin/kratad"]
+COPY --from=build /usr/sbin/kratad /usr/sbin/kratad
+COPY ./resources/systemd/kratad.service /usr/lib/systemd/system/kratad.service

images/Dockerfile.kratanet

@@ -0,0 +1,13 @@
+FROM rust:1.79-alpine AS build
+RUN apk update && apk add protoc protobuf-dev build-base && rm -rf /var/cache/apk/*
+ENV TARGET_LIBC=musl TARGET_VENDOR=unknown
+
+WORKDIR /usr/src/app
+COPY . .
+RUN ./hack/build/cargo.sh build --release --bin kratanet
+RUN mv ./target/$(./hack/build/target.sh)/release/kratanet /usr/sbin
+
+FROM scratch
+ENTRYPOINT ["/usr/sbin/kratanet"]
+COPY --from=build /usr/sbin/kratanet /usr/sbin/kratanet
+COPY ./resources/systemd/kratanet.service /usr/lib/systemd/system/kratanet.service

resources/bundle/install.sh

@@ -23,11 +23,11 @@ remove_service_if_exists kratanet.service
 cp kratad.service /usr/lib/systemd/system/kratad.service
 cp kratanet.service /usr/lib/systemd/system/kratanet.service
 
-cp kratad kratanet /usr/libexec
+cp kratad kratanet /usr/sbin
 cp kratactl /usr/bin
 
-chmod +x /usr/libexec/kratad
+chmod +x /usr/sbin/kratad
-chmod +x /usr/libexec/kratanet
+chmod +x /usr/sbin/kratanet
 chmod +x /usr/bin/kratactl
 
 mkdir -p /var/lib/krata /usr/share/krata/guest

resources/bundle/uninstall.sh

@@ -8,5 +8,5 @@ rm -f /usr/lib/systemd/system/kratad.service
 rm -f /usr/lib/systemd/system/kratanet.service
 
 rm -f /usr/bin/kratactl
-rm -f /usr/libexec/kratad /usr/libexec/kratanet
+rm -f /usr/sbin/kratad /usr/sbin/kratanet
 rm -rf /usr/share/krata

resources/openrc/kratad

@@ -1,6 +1,6 @@
 #!/sbin/openrc-run
 description="Krata Isolation Engine"
-command="/usr/libexec/kratad"
+command="/usr/sbin/kratad"
 supervisor="supervise-daemon"
 output_log="/var/log/kratad.log"
 error_log="/var/log/kratad.err"

resources/openrc/kratanet

@@ -1,6 +1,6 @@
 #!/sbin/openrc-run
 description="Krata Networking Daemon"
-command="/usr/libexec/kratanet"
+command="/usr/sbin/kratanet"
 supervisor="supervise-daemon"
 output_log="/var/log/kratanet.log"
 error_log="/var/log/kratanet.err"

resources/systemd/kratad.service

@@ -4,7 +4,7 @@ Description=Krata Isolation Engine
 [Service]
 Restart=on-failure
 Type=simple
-ExecStart=/usr/libexec/kratad -l unix:///var/lib/krata/daemon.socket
+ExecStart=/usr/sbin/kratad -l unix:///var/lib/krata/daemon.socket
 Environment=RUST_LOG=info
 User=root
 

resources/systemd/kratanet.service

@@ -1,12 +1,12 @@
 [Unit]
 Description=Krata Networking Engine
-
-[Service]
 Wants=kratad.service
 After=kratad.service
+
+[Service]
 Restart=on-failure
 Type=simple
-ExecStart=/usr/libexec/kratanet
+ExecStart=/usr/sbin/kratanet
 Environment=RUST_LOG=info
 User=root