Feature/lab12

[ph1larmon1a]

Goal

Complete Lab 12 by configuring a local Kata Containers environment, validating VM-backed container isolation, and producing a full technical analysis comparing runc and Kata across kernel behavior, CPU virtualization, /proc visibility, networking, and module exposure.

Changes

• Built and installed Kata Containers runtime using the provided build scripts

• • Installed containerd-shim-kata-v2
  • Updated containerd configuration and restarted daemon

• Validated Kata runtime operation:

  • Confirmed VM-backed kernel (6.12.47) vs host kernel (6.8.0-48-generic)
  • Verified guest CPU virtualization (AMD EPYC) vs host CPU (Ryzen 9 9950X)

• Executed container comparisons:

  • runc: Launched Juice Shop on port 3012 and confirmed HTTP 200 health
  • Kata: Used short-lived Alpine containers to avoid known nerdctl runtime-rs detach bug

• Performed isolation tests with artifacts captured under lab12 directory:

  • dmesg: Verified unique VM boot logs and BIOS memory map
  • /proc: Host: 176 entries vs Kata VM: 52 entries
  • Network: Confirmed virtual NIC (10.4.0.11/24) inside VM
  • Kernel modules: Host: 201 modules vs Kata guest: 72 modules

• Conducted performance-related observations:

  • runc startup: sub-second launches
  • Kata startup: multi-second VM boot overhead (expected for VM-backed workloads)
  • runc HTTP latency validated via 50-sample measurement (~2.4ms average)

• Added complete analytical write-up to submission12.md, including:

  • Security implications of VM-backed sandboxes
  • Kernel and CPU isolation impact
  • Operational trade-offs and runtime selection recommendations

Testing

• Verified Kata runtime availability using short-lived commands (uname -a, /proc/cpuinfo, etc.)

• Confirmed containerd recognized io.containerd.kata.v2 configuration

• Ran comparative tests:

  • runc → Confirmed Juice Shop reachable and stable
  • Kata → Correct guest kernel, CPU, and isolation behaviors observed

• Validated all isolation test outputs using files extracted from lab12.zip:

  • dmesg output is VM-specific, not host kernel
  • /proc tree much smaller inside Kata VM
  • Virtual network interface and separate module list present

• Reviewed performance outputs:

  • runc vs Kata startup behavior consistent with expected virtualization overhead
  • runc HTTP latency metrics match captured benchmark data

• Ensured final submission12.md covers all requirements outlined in lab12.md

Artifacts & Screenshots

• Final submission: labs/submission12.md
• Kernel/CPU comparison evidence: labs/lab12/analysis/
• Isolation test outputs: labs/lab12/isolation/
• Benchmark files: labs/lab12/bench/
• Runc files: labs/lab12/runc
• Kata files: abs/lab12/kata

---

Checklist

• PR has a clear and descriptive title
• Documentation updated if needed
• No secrets or large temporary files committed
• Task 1 — Kata install + runtime config
• Task 2 — runc vs kata runtime comparison
• Task 3 — Isolation tests
• Task 4 — Basic performance snapshot