tweaks

Author: rgarcia

Makefile

@@ -170,12 +170,10 @@ lib/system/guest_agent/guest-agent: lib/system/guest_agent/*.go
 	cd lib/system/guest_agent && CGO_ENABLED=0 go build -ldflags="-s -w" -o guest-agent .
 
 # Build init binary (runs as PID 1 in guest VM) for embedding
-# Uses static linking for portability across different guest environments
 lib/system/init/init: lib/system/init/*.go
 	@echo "Building init binary..."
 	cd lib/system/init && CGO_ENABLED=0 go build -ldflags="-s -w" -o init .
 
-# Build all embedded binaries
 build-embedded: lib/system/guest_agent/guest-agent lib/system/init/init
 
 # Build the binary

cmd/api/api/exec_test.go

@@ -115,7 +115,6 @@ func TestExecInstanceNonTTY(t *testing.T) {
 		t.Logf("vsock socket exists: %s", actualInst.VsockSocket)
 	}
 
-	// Wait for exec agent to be ready using WaitForAgent
 	var stdout, stderr outputBuffer
 
 	dialer, err := hypervisor.NewVsockDialer(actualInst.HypervisorType, actualInst.VsockSocket, actualInst.VsockCID)

lib/system/README.md

@@ -4,9 +4,9 @@ Manages versioned kernel and initrd files for Cloud Hypervisor VMs.
 
 ## Features
 
-- **Automatic Downloads**: Kernel downloaded from Cloud Hypervisor releases on first use
+- **Automatic Downloads**: Kernel downloaded from onkernel/linux releases on first use
 - **Automatic Build**: Initrd built from Alpine base + Go init binary + guest-agent
-- **Versioned**: Side-by-side support for multiple kernel/initrd versions
+- **Versioned**: Side-by-side support for multiple kernel versions
 - **Zero Docker**: Uses OCI directly (reuses image manager infrastructure)
 - **Zero Image Modifications**: All init logic in initrd, OCI images used as-is
 - **Dual Mode Support**: Exec mode (container-like) and systemd mode (full VM)
@@ -18,27 +18,27 @@ Manages versioned kernel and initrd files for Cloud Hypervisor VMs.
 ```
 {dataDir}/system/
 ├── kernel/
-│   ├── ch-v6.12.8/
+│   ├── ch-6.12.8-kernel-1-202511182/
 │   │   ├── x86_64/vmlinux   (~70MB)
 │   │   └── aarch64/Image    (~70MB)
-│   └── ch-v6.12.9/
-│       └── ... (future version)
+│   └── ch-6.12.8-kernel-1.2-20251213/
+│       └── ... (newer version)
 ├── initrd/
-│   ├── v1.0.0/
-│   │   ├── x86_64/initrd    (~1-2MB)
-│   │   └── aarch64/initrd   (~1-2MB)
-│   └── v1.1.0/
-│       └── ... (when init script changes)
-└── oci-cache/              (shared with images manager)
-    └── blobs/sha256/       (busybox layers cached)
+│   ├── 1734567890/              (timestamp-based)
+│   │   ├── x86_64/initrd        (~5-10MB)
+│   │   └── aarch64/initrd
+│   ├── x86_64/latest -> 1734567890  (symlink to latest)
+│   └── aarch64/latest -> 1734567890
+└── oci-cache/                   (shared with images manager)
+    └── blobs/sha256/            (Alpine layers cached)
 ```
 
 ### Versioning Rules
 
 **Snapshots require exact matches:**
 ```
-Standby:  kernel v6.12.9, initrd v1.0.0, CH v49.0
-Restore:  kernel v6.12.9, initrd v1.0.0, CH v49.0 (MUST match)
+Standby:  kernel ch-6.12.8-kernel-1.2-20251213, CH v49.0
+Restore:  kernel ch-6.12.8-kernel-1.2-20251213, CH v49.0 (MUST match)
 ```
 
 **Maintenance upgrades (shutdown → boot):**
@@ -50,8 +50,8 @@ Restore:  kernel v6.12.9, initrd v1.0.0, CH v49.0 (MUST match)
 
 **Multi-version support:**
 ```
-Instance A (standby): kernel v6.12.8, initrd v1.0.0
-Instance B (running): kernel v6.12.9, initrd v1.0.0
+Instance A (standby): kernel ch-6.12.8-kernel-1-202511182
+Instance B (running): kernel ch-6.12.8-kernel-1.2-20251213
 Both work independently
 ```
 
@@ -66,67 +66,36 @@ It replaces the previous shell-based init script with cleaner logic and structur
 - ✅ Network configuration (if enabled)
 - ✅ Load GPU drivers (if GPU attached)
 - ✅ Mount volumes
-- ✅ Auto-detect systemd images from CMD
 - ✅ Execute container entrypoint (exec mode)
-- ✅ Hand off to systemd via pivot_root (systemd mode)
+- ✅ Hand off to systemd via chroot + exec (systemd mode)
 
 **Two boot modes:**
-- **Exec mode** (default): Init binary is PID 1, runs entrypoint as child process
-- **Systemd mode** (auto-detected): Uses pivot_root to hand off to systemd as PID 1
+- **Exec mode** (default): Init chroots to container rootfs, runs entrypoint as child process, then waits on guest-agent to keep VM alive
+- **Systemd mode** (auto-detected on host): Init chroots to container rootfs, then execs /sbin/init so systemd becomes PID 1
 
-**Systemd detection:** If image CMD is `/sbin/init`, `/lib/systemd/systemd`, or similar,
-hypeman automatically uses systemd mode.
+**Systemd detection:** Host-side detection in `lib/images/systemd.go` checks if image CMD is
+`/sbin/init`, `/lib/systemd/systemd`, or similar. The detected mode is passed to the initrd
+via `INIT_MODE` in the config disk.
 
 **Result:** OCI images require **zero modifications** - no `/init` script needed!
 
-## Usage
-
-### Application Startup
-
-```go
-// cmd/api/main.go
-systemMgr := system.NewManager(dataDir)
-
-// Ensure files exist (download/build if needed)
-err := systemMgr.EnsureSystemFiles(ctx)
-
-// Files are ready, instances can be created
-```
-
-### Instance Creation
-
-```go
-// Instances manager uses system manager automatically
-inst, err := instanceManager.CreateInstance(ctx, req)
-// Uses default kernel/initrd versions
-// Versions stored in instance metadata for restore compatibility
-```
-
-### Get File Paths
-
-```go
-kernelPath, _ := systemMgr.GetKernelPath(system.KernelV6_12_9)
-initrdPath, _ := systemMgr.GetInitrdPath(system.InitrdV1_0_0)
-```
-
 ## Kernel Sources
 
-Kernels downloaded from Cloud Hypervisor releases:
-- https://github.com/cloud-hypervisor/linux/releases
+Kernels downloaded from onkernel/linux releases (Cloud Hypervisor-optimized fork):
+- https://github.com/onkernel/linux/releases
 
 Example URLs:
-- x86_64: `https://github.com/cloud-hypervisor/linux/releases/download/ch-v6.12.9/vmlinux-x86_64`
-- aarch64: `https://github.com/cloud-hypervisor/linux/releases/download/ch-v6.12.9/Image-aarch64`
+- x86_64: `https://github.com/onkernel/linux/releases/download/ch-6.12.8-kernel-1.2-20251213/vmlinux-x86_64`
+- aarch64: `https://github.com/onkernel/linux/releases/download/ch-6.12.8-kernel-1.2-20251213/Image-arm64`
 
 ## Initrd Build Process
 
 1. **Pull Alpine base** (using image manager's OCI client)
 2. **Add guest-agent binary** (embedded, runs in guest for exec/shell)
-3. **Add init binary** (embedded Go binary, runs as PID 1)
-4. **Add NVIDIA modules** (optional, for GPU passthrough)
-5. **Package as cpio.gz** (initramfs format)
-
-**Build tools required:** `find`, `cpio`, `gzip` (standard Unix tools)
+3. **Add init.sh wrapper** (mounts /proc, /sys, /dev before Go runtime)
+4. **Add init binary** (embedded Go binary, runs as PID 1)
+5. **Add NVIDIA modules** (optional, for GPU passthrough)
+6. **Package as cpio** (initramfs format, pure Go - no shell tools required)
 
 ## Adding New Versions
 
@@ -136,19 +105,19 @@ Example URLs:
 // lib/system/versions.go
 
 const (
-    KernelV6_12_10 KernelVersion = "ch-v6.12.10"  // Add constant
+    Kernel_20251220 KernelVersion = "ch-6.12.8-kernel-1.3-20251220"  // Add constant
 )
 
 var KernelDownloadURLs = map[KernelVersion]map[string]string{
     // ... existing ...
-    KernelV6_12_10: {
-        "x86_64":  "https://github.com/cloud-hypervisor/linux/releases/download/ch-v6.12.10/vmlinux-x86_64",
-        "aarch64": "https://github.com/cloud-hypervisor/linux/releases/download/ch-v6.12.10/Image-aarch64",
+    Kernel_20251220: {
+        "x86_64":  "https://github.com/onkernel/linux/releases/download/ch-6.12.8-kernel-1.3-20251220/vmlinux-x86_64",
+        "aarch64": "https://github.com/onkernel/linux/releases/download/ch-6.12.8-kernel-1.3-20251220/Image-arm64",
     },
 }
 
 // Update default if needed
-var DefaultKernelVersion = KernelV6_12_10
+var DefaultKernelVersion = Kernel_20251220
 ```
 
 ### Updating the Init Binary
@@ -188,13 +157,13 @@ Files downloaded/built once per version, reused for all instances using that ver
 ```
 lib/system/init/
     main.go           # Entry point, orchestrates boot
-    mount.go          # Mount operations (proc, sys, dev, overlay)
+    init.sh           # Shell wrapper (mounts /proc, /sys, /dev before Go runtime)
+    mount.go          # Mount operations (overlay, bind mounts)
     config.go         # Parse config disk
     network.go        # Network configuration
     drivers.go        # GPU driver loading
     volumes.go        # Volume mounting
-    mode_exec.go      # Exec mode: run entrypoint
-    mode_systemd.go   # Systemd mode: pivot_root + exec init
+    mode_exec.go      # Exec mode: chroot, run entrypoint, wait on guest-agent
+    mode_systemd.go   # Systemd mode: chroot + exec /sbin/init
     logger.go         # Human-readable logging to hypeman operations log
 ```
-

lib/system/init/mode_exec.go

@@ -12,17 +12,30 @@ import (
 // - The init binary remains PID 1
 // - Guest-agent runs as a background process
 // - The container entrypoint runs as a child process
-// - When the entrypoint exits, the VM exits
+// - After entrypoint exits, guest-agent keeps VM alive
 func runExecMode(log *Logger, cfg *Config) {
 	const newroot = "/overlay/newroot"
 
+	// Change root to the new filesystem using chroot (consistent with systemd mode)
+	log.Info("exec", "executing chroot")
+	if err := syscall.Chroot(newroot); err != nil {
+		log.Error("exec", "chroot failed", err)
+		dropToShell()
+	}
+
+	// Change to new root directory
+	if err := os.Chdir("/"); err != nil {
+		log.Error("exec", "chdir / failed", err)
+		dropToShell()
+	}
+
 	// Set up environment
 	os.Setenv("PATH", "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin")
 	os.Setenv("HOME", "/root")
 
-	// Start guest-agent in background inside the container namespace
+	// Start guest-agent in background
 	log.Info("exec", "starting guest-agent in background")
-	agentCmd := exec.Command("/usr/sbin/chroot", newroot, "/opt/hypeman/guest-agent")
+	agentCmd := exec.Command("/opt/hypeman/guest-agent")
 	agentCmd.Stdout = os.Stdout
 	agentCmd.Stderr = os.Stderr
 	if err := agentCmd.Start(); err != nil {
@@ -47,7 +60,7 @@ func runExecMode(log *Logger, cfg *Config) {
 	log.Info("exec", "launching entrypoint")
 
 	// Run the entrypoint
-	appCmd := exec.Command("/usr/sbin/chroot", newroot, "/bin/sh", "-c", shellCmd)
+	appCmd := exec.Command("/bin/sh", "-c", shellCmd)
 	appCmd.Stdin = os.Stdin
 	appCmd.Stdout = os.Stdout
 	appCmd.Stderr = os.Stderr