Skip to content

HostProcess containers with Hypervisor Isolation #2531

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

HostProcess containers with Hypervisor Isolation #2531

wants to merge 6 commits into from

Conversation

rawahars
Copy link

@rawahars rawahars commented Oct 7, 2025
edited
Loading

Summary

This PR adds support for running HostProcess containers with hypervisor isolation. These HPCs will run as privileged processes within the UVM. Few key aspects of this feature are-

  • This feature will be applicable for WS2025 and later.
  • A pod needs to be marked privileged by passing in annotation 'microsoft.com/hostprocess-container'. This ensures that the UVM can support HPCs alongside normal containers.
  • Any container which has 'microsoft.com/hostprocess-container' annotation will be launched as HostProcess Container within the UVM.
  • Other containers will be launched as normal process-isolated containers within the UVM.
  • GCS will create the HPCs based on the specs. The behavior is similar to existing HPCs for process-isolated cases.
  • Annotations for Inherit user will lead to the HPC running as System user within UVM.
  • Annotation for custom rootfs will lead to the container filesystem being virtualized in a directory with that custom name. If not provided, C:\hpc is used by default.

Primary changes

  • Refactored pod sandbox logic to use a centralized updateConfigForHostProcessContainer method for handling privileged container configuration and annotation passthrough. This method enforces correct sandbox/container combinations and properly sets user and annotation values for HostProcess containers.
  • Added new fields to the container and storage schema (ContainerType and ContainerRootPath) to support HostProcess container identification and custom root filesystem locations. These are set during container creation when an isolated job container is detected.
  • Introduced handleProcessArgsForIsolatedJobContainer to ensure that isolated job containers have their process arguments correctly prefixed with cmd /c when necessary, supporting both CommandLine and Args fields. This logic is invoked during container and exec creation.
  • Improved container creation flow to distinguish between job containers running on the host and those inside a UVM, ensuring the right creation path is used.

Testing Enhancements

  • Added comprehensive unit tests for both HostProcess container configuration updates and process argument handling, covering a wide range of scenarios and edge cases to ensure robust behavior.
  • Tests have been added to cover most of the newly added logic.

@rawahars rawahars requested a review from a team as a code owner October 7, 2025 20:58
@rawahars
Added support for hypervisor isolated hpc
04e78a4 
This commit adds support for running HostProcess containers with hypervisor isolated workloads. Therefore, these HPCs will run as privileged processes within the UVM. Some of the key aspects of this feature are-
- A pod needs to be marked privileged by passing in annotation 'microsoft.com/hostprocess-container'
- Any container which has 'microsoft.com/hostprocess-container' annotation will be launched as HostProcess Container.
- Other containers will be launched as normal process-isolated containers within the UVM
- HPC within UVM will not have access to any network since the sandbox (UVM) does not have any network.
- GCS will create the HPCs based on the specs. The behaviour is similar to existing HPCs for process-isolated case.
- Annotations for Inherit user will lead to the HPC running as System user within UVM.
- Annotation for custom rootfs will lead to the container filesystem being virtualized in a directory with that custom name. If not provided, `C:\hpc` is used by default.

Signed-off-by: Harsh Rawat <[email protected]>
@rawahars
Added unit tests for HostProcess Container helper methods
5ea1873 
This commit adds thorough unit tests for:
- IsJobContainer
- IsIsolatedJobContainer

These tests explicitly verify the expected behavior for
Windows HostProcess containers across isolation modes and OS targets.

Signed-off-by: Harsh Rawat <[email protected]>
@rawahars
Added unit tests for updateConfigForHostProcessContainer method
d00c003 
This commit adds thorough unit tests for the updateConfigForHostProcessContainer method. We test the following functionality-

- Reject privileged container in unprivileged sandbox (isolated HPC) — return error when container requests microsoft.com/hostprocess-container=true but the pod lacks it.
- Allow privileged container in privileged sandbox (isolated HPC) — ensure no unexpected mutations when no passthrough annotations are present.
- Block normal process-isolated container in process-isolated HPC pod — enforce constraint that all containers in a process HPC pod must also be job containers (error on mixing).
- Allow normal hypervisor-isolated container in hypervisor-isolated HPC pod.
- Passthrough annotations to privileged containers — propagate HostProcessInheritUser and HostProcessRootfsLocation from pod → container for: hypervisor-isolated HPC pods with privileged containers, and process-isolated HPC pods with privileged containers.
-  No passthrough for normal containers — verify annotations aren’t propagated when the container is non-privileged.
- Set SYSTEM user for hypervisor-isolated privileged containers — when HostProcessInheritUser=true, set Process.User.Username to NT AUTHORITY\SYSTEM.
- Do not change user for normal containers — ensure container user remains unchanged even if the pod has HostProcessInheritUser=true.
- Force HostProcessInheritUser to "false" for normal containers — in hypervisor-isolated privileged pods, if a non-privileged container sets the inherit annotation, flip it to "false".

Signed-off-by: Harsh Rawat <[email protected]>
@rawahars rawahars force-pushed the hpc_inboc_hcs_for_hypervisor_isolation branch from 76a7277 to b56ed8c Compare October 7, 2025 21:02
@rawahars rawahars changed the title Hpc inboc hcs for hypervisor isolation HostProcess containers with Hypervisor Isolation Oct 7, 2025
jterry75
jterry75 reviewed Oct 7, 2025
View reviewed changes
internal/hcsoci/hcsdoc_wcow.go
}

if oci.IsIsolatedJobContainer(coi.Spec) {
v2Container.ContainerType = "HostProcess"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isnt a valid ContainerType in the product code. I dont think we should reuse it like this unless we get a host side change that this becomes a valid value

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ContainerType is being added to the HCS V2 schema as part of the effort to support HostProcess containers.
This PR builds on top of the other changes on HCS/GCS side.

@rawahars rawahars force-pushed the hpc_inboc_hcs_for_hypervisor_isolation branch from b56ed8c to e1e1b82 Compare October 8, 2025 07:40
@anmaxvl anmaxvl self-assigned this Oct 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jterry75 jterry75 jterry75 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@anmaxvl anmaxvl

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rawahars @jterry75 @anmaxvl