Replace hardcoded init.krun with generic virtual file overlay

.github/workflows/integration_tests.yml

@@ -15,7 +15,7 @@ jobs:
         run: rustup target add x86_64-unknown-linux-musl
 
       - name: Build and install libkrun to test prefix
-        run: make test-prefix NET=1
+        run: make test-prefix NET=1 BLK=1
 
       - name: Clippy (test_cases guest)
         run: |
@@ -45,7 +45,7 @@ jobs:
           sudo usermod -a -G kvm $USER
 
       - name: Install additional packages
-        run: sudo apt-get install -y --no-install-recommends build-essential patchelf pkg-config net-tools buildah dnsmasq iperf3
+        run: sudo apt-get install -y --no-install-recommends build-essential patchelf pkg-config net-tools buildah dnsmasq iperf3 e2fsprogs
 
       - name: Install passt from source
         run: |
@@ -58,7 +58,7 @@ jobs:
         run: TAG=`curl -sL https://api.github.com/repos/containers/libkrunfw/releases/latest |jq -r .tag_name` && curl -L -o /tmp/libkrunfw-x86_64.tgz https://github.com/containers/libkrunfw/releases/download/$TAG/libkrunfw-x86_64.tgz && mkdir tmp && tar xf /tmp/libkrunfw-x86_64.tgz -C tmp && sudo mv tmp/lib64/* /lib/x86_64-linux-gnu
 
       - name: Integration tests
-        run: KRUN_ENOMEM_WORKAROUND=1 KRUN_TEST_BASE_DIR=/tmp/libkrun-tests make test NET=1 IPERF_DURATION=3 TEST_FLAGS="--keep-all --github-summary"
+        run: KRUN_ENOMEM_WORKAROUND=1 KRUN_TEST_BASE_DIR=/tmp/libkrun-tests make test NET=1 BLK=1 IPERF_DURATION=3 TEST_FLAGS="--keep-all --github-summary"
 
       - name: Upload test logs
         if: always()
@@ -84,7 +84,7 @@ jobs:
         run: rustup target add aarch64-unknown-linux-musl
 
       - name: Build and install libkrun to test prefix
-        run: make test-prefix NET=1
+        run: make test-prefix NET=1 BLK=1
 
       - name: Clippy (test_cases guest)
         run: |
@@ -107,7 +107,7 @@ jobs:
           cargo clippy --locked --target aarch64-unknown-linux-musl -p guest-agent -- -D warnings
 
       - name: Install additional packages
-        run: sudo apt-get install -y --no-install-recommends build-essential patchelf pkg-config net-tools dnsmasq iperf3 git uidmap
+        run: sudo apt-get install -y --no-install-recommends build-essential patchelf pkg-config net-tools dnsmasq iperf3 git uidmap e2fsprogs
 
       - name: Install passt from source
         run: |
@@ -123,7 +123,7 @@ jobs:
         run: rm -fr /tmp/libkrun-tests
 
       - name: Integration tests
-        run: KRUN_ENOMEM_WORKAROUND=1 KRUN_NO_UNSHARE=1 KRUN_TEST_BASE_DIR=/tmp/libkrun-tests make test NET=1 IPERF_DURATION=3 TEST_FLAGS="--keep-all --github-summary"
+        run: KRUN_ENOMEM_WORKAROUND=1 KRUN_NO_UNSHARE=1 KRUN_TEST_BASE_DIR=/tmp/libkrun-tests make test NET=1 BLK=1 IPERF_DURATION=3 TEST_FLAGS="--keep-all --github-summary"
 
       - name: Upload test logs
         if: always()

Cargo.toml

@@ -1,6 +1,7 @@
 [workspace]
 members = [
     "src/libkrun",
+    "src/init-blob",
     "src/input",
     "src/display",
     "src/utils",

include/libkrun.h

@@ -1153,6 +1153,14 @@ int32_t krun_get_max_vcpus(void);
 */
 int32_t krun_split_irqchip(uint32_t ctx_id, bool enable);
 
+/*
+ * NOTE: Implicit resource creation is a legacy convenience. The 2.0 API
+ * (see https://github.com/containers/libkrun/issues/634) will not create
+ * any implicit resources. Callers should start using the
+ * krun_disable_implicit_* functions now to ease migration.
+ */
+
+
 /*
  * Do not create an implicit console device in the guest. By using this API,
  * libkrun will create zero console devices on behalf of the user. Any
@@ -1167,6 +1175,87 @@ int32_t krun_split_irqchip(uint32_t ctx_id, bool enable);
  */
 int32_t krun_disable_implicit_console(uint32_t ctx_id);
 
+/**
+ * Do not inject the default init binary (/init.krun) into the root
+ * filesystem. Must be called before krun_set_root().
+ *
+ * Arguments:
+ *  "ctx_id" - the configuration context ID.
+ *
+ * Returns:
+ *  Zero on success or a negative error number on failure.
+ */
+int32_t krun_disable_implicit_init(uint32_t ctx_id);
+
+/**
+ * Get a pointer to the built-in default init binary.
+ *
+ * This is the same binary that libkrun injects as /init.krun by default.
+ * Callers that use krun_disable_implicit_init() can use this to inject the
+ * init binary themselves (e.g. via krun_fs_add_overlay_file with custom
+ * settings).
+ *
+ * The returned pointer is valid for the lifetime of the process (static data).
+ *
+ * Arguments:
+ *  "data_out" - receives a pointer to the init binary bytes.
+ *  "len_out"  - receives the length in bytes.
+ *
+ * Returns:
+ *  Zero on success or a negative error number on failure.
+ */
+int32_t krun_get_default_init(const uint8_t **data_out, size_t *len_out);
+
+/**
+ * Add a virtual overlay file to a virtiofs device.
+ *
+ * The file is backed entirely by host memory (no host file). The data
+ * pointer is NOT copied — the caller must keep the memory valid for the
+ * full VM lifetime.
+ *
+ * "path" may contain '/' to place the file inside a virtual directory
+ * previously created with krun_fs_add_overlay_dir (e.g. "etc/hostname").
+ * All intermediate directories must already exist; -ENOENT is returned
+ * if a component is missing, -ENOTDIR if a component is not a directory.
+ *
+ * Arguments:
+ *  "ctx_id"   - the configuration context ID.
+ *  "fs_tag"   - tag of the virtiofs device (e.g. "/dev/root").
+ *  "path"     - path of the file (e.g. "init.krun" or "etc/hostname").
+ *  "data"     - pointer to the file content.
+ *  "data_len" - length of the file content in bytes.
+ *  "mode"     - file mode bits (e.g. 0100644 for a regular file).
+ *  "one_shot" - if true, the file can only be looked up once.
+ *
+ * Returns:
+ *  Zero on success or a negative error number on failure.
+ */
+int32_t krun_fs_add_overlay_file(uint32_t ctx_id, const char *fs_tag,
+                                 const char *path, const uint8_t *data,
+                                 size_t data_len, uint32_t mode, bool one_shot);
+
+/**
+ * Add a virtual overlay directory to a virtiofs device.
+ *
+ * The directory is empty and read-only, useful as a mount point.
+ *
+ * "path" may contain '/' to nest inside an existing virtual directory
+ * (e.g. "usr/lib"). All intermediate directories must already exist;
+ * -ENOENT is returned if a component is missing, -ENOTDIR if a component
+ * is not a directory.
+ *
+ * Arguments:
+ *  "ctx_id"   - the configuration context ID.
+ *  "fs_tag"   - tag of the virtiofs device (e.g. "/dev/root").
+ *  "path"     - path of the directory (e.g. "dev" or "usr/lib").
+ *  "mode"     - directory mode bits (e.g. 040755).
+ *
+ * Returns:
+ *  Zero on success or a negative error number on failure.
+ */
+int32_t krun_fs_add_overlay_dir(uint32_t ctx_id, const char *fs_tag,
+                                const char *path, uint32_t mode);
+
 /**
  * Disable the implicit vsock device.
  *

init/init.c

@@ -43,7 +43,6 @@
 #endif
 
 #define KRUN_EXIT_CODE_IOCTL 0x7602
-#define KRUN_REMOVE_ROOT_DIR_IOCTL 0x7603
 
 #define KRUN_MAGIC "KRUN"
 #define KRUN_FOOTER_LEN 12
@@ -1475,16 +1474,6 @@ int main(int argc, char **argv)
 
         chdir("/newroot");
 
-        fd = open("/", O_RDONLY);
-        if (fd < 0) {
-            perror("Couldn't open temporary root directory for removing");
-            exit(-1);
-        }
-        if (ioctl(fd, KRUN_REMOVE_ROOT_DIR_IOCTL) < 0) {
-            perror("Error removing temporary root directory");
-        }
-        close(fd);
-
         if (mount(".", "/", NULL, MS_MOVE, NULL) < 0) {
             perror("remount root");
             exit(-1);

src/devices/Cargo.toml

@@ -3,7 +3,7 @@ name = "krun-devices"
 version = "0.1.0-1.18.0"
 authors = ["The libkrun Authors"]
 edition = "2021"
-build = "build.rs"
+
 description = "Virtual device emulation for libkrun"
 license = "Apache-2.0"
 repository = "https://github.com/containers/libkrun"