From 03c94efb60034498d9f2bcc9829bc55c68d6ec70 Mon Sep 17 00:00:00 2001
From: John Starks <jostarks@microsoft.com>
Date: Wed, 6 Apr 2016 17:46:19 -0700
Subject: [PATCH 1/2] Windows: Revendor Microsoft/hcsshim

This change supports the importing of layers that contain utility VM
images. This is necessary to support Hyper-V containers running on a
non-centrally-managed image.

Signed-off-by: John Starks <jostarks@microsoft.com>
Upstream-commit: 15b0f06a9ad6778deeb9560c2f353e29d4f795da
Component: engine
---
 components/engine/hack/vendor.sh              |  2 +-
 .../github.com/Microsoft/hcsshim/baselayer.go | 20 +++++++++++++++----
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/components/engine/hack/vendor.sh b/components/engine/hack/vendor.sh
index c8b6d32def..1bcd4d8245 100755
--- a/components/engine/hack/vendor.sh
+++ b/components/engine/hack/vendor.sh
@@ -7,7 +7,7 @@ source 'hack/.vendor-helpers.sh'
 
 # the following lines are in sorted order, FYI
 clone git github.com/Azure/go-ansiterm 70b2c90b260171e829f1ebd7c17f600c11858dbe
-clone git github.com/Microsoft/hcsshim v0.2.0
+clone git github.com/Microsoft/hcsshim v0.2.1
 clone git github.com/Microsoft/go-winio v0.3.0
 clone git github.com/Sirupsen/logrus v0.9.0 # logrus is a common dependency among multiple deps
 clone git github.com/docker/libtrust 9cbd2a1374f46905c68a4eb3694a130610adc62a
diff --git a/components/engine/vendor/src/github.com/Microsoft/hcsshim/baselayer.go b/components/engine/vendor/src/github.com/Microsoft/hcsshim/baselayer.go
index b6b9bd4916..4e88c76501 100644
--- a/components/engine/vendor/src/github.com/Microsoft/hcsshim/baselayer.go
+++ b/components/engine/vendor/src/github.com/Microsoft/hcsshim/baselayer.go
@@ -10,10 +10,11 @@ import (
 )
 
 type baseLayerWriter struct {
-	root string
-	f    *os.File
-	bw   *winio.BackupFileWriter
-	err  error
+	root         string
+	f            *os.File
+	bw           *winio.BackupFileWriter
+	err          error
+	hasUtilityVM bool
 }
 
 func (w *baseLayerWriter) closeCurrentFile() error {
@@ -44,6 +45,10 @@ func (w *baseLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) (err e
 		return err
 	}
 
+	if filepath.ToSlash(name) == `UtilityVM/Files` {
+		w.hasUtilityVM = true
+	}
+
 	path := filepath.Join(w.root, name)
 	path, err = makeLongAbsPath(path)
 	if err != nil {
@@ -139,6 +144,13 @@ func (w *baseLayerWriter) Close() error {
 		if err != nil {
 			return err
 		}
+
+		if w.hasUtilityVM {
+			err = ProcessUtilityVMImage(filepath.Join(w.root, "UtilityVM"))
+			if err != nil {
+				return err
+			}
+		}
 	}
 	return w.err
 }

From 78ecc63dec1a6a5a900e195b500d058e63d37bae Mon Sep 17 00:00:00 2001
From: John Starks <jostarks@microsoft.com>
Date: Wed, 6 Apr 2016 17:08:24 -0700
Subject: [PATCH 2/2] Windows: Support embedded utility VM images

For TP5, the utility VM for Hyper-V containers is embedded in the base
layer's contents.

Signed-off-by: John Starks <jostarks@microsoft.com>
Upstream-commit: c70f153f52c8ca75a395d4dc1c4a5759871ada19
Component: engine
---
 components/engine/daemon/oci_windows.go       | 48 +++++++++++++------
 .../engine/libcontainerd/client_windows.go    | 19 ++++----
 2 files changed, 44 insertions(+), 23 deletions(-)

diff --git a/components/engine/daemon/oci_windows.go b/components/engine/daemon/oci_windows.go
index 39e5686526..eefd28c7f2 100644
--- a/components/engine/daemon/oci_windows.go
+++ b/components/engine/daemon/oci_windows.go
@@ -1,7 +1,10 @@
 package daemon
 
 import (
+	"errors"
 	"fmt"
+	"os"
+	"path/filepath"
 	"syscall"
 
 	"github.com/docker/docker/container"
@@ -47,21 +50,6 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e
 		})
 	}
 
-	// Are we going to run as a Hyper-V container?
-	hv := false
-	if c.HostConfig.Isolation.IsDefault() {
-		// Container is set to use the default, so take the default from the daemon configuration
-		hv = daemon.defaultIsolation.IsHyperV()
-	} else {
-		// Container is requesting an isolation mode. Honour it.
-		hv = c.HostConfig.Isolation.IsHyperV()
-	}
-	if hv {
-		// TODO We don't yet have the ImagePath hooked up. But set to
-		// something non-nil to pickup in libcontainerd.
-		s.Windows.HvRuntime = &windowsoci.HvRuntime{}
-	}
-
 	// In s.Process
 	s.Process.Args = append([]string{c.Path}, c.Args...)
 	if !c.Config.ArgsEscaped {
@@ -109,6 +97,36 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e
 	}
 	s.Windows.LayerPaths = layerPaths
 
+	// Are we going to run as a Hyper-V container?
+	hv := false
+	if c.HostConfig.Isolation.IsDefault() {
+		// Container is set to use the default, so take the default from the daemon configuration
+		hv = daemon.defaultIsolation.IsHyperV()
+	} else {
+		// Container is requesting an isolation mode. Honour it.
+		hv = c.HostConfig.Isolation.IsHyperV()
+	}
+	if hv {
+		hvr := &windowsoci.HvRuntime{}
+		if img.RootFS != nil && img.RootFS.Type == image.TypeLayers {
+			// For TP5, the utility VM is part of the base layer.
+			// TODO-jstarks: Add support for separate utility VM images
+			// once it is decided how they can be stored.
+			uvmpath := filepath.Join(layerPaths[len(layerPaths)-1], "UtilityVM")
+			_, err = os.Stat(uvmpath)
+			if err != nil {
+				if os.IsNotExist(err) {
+					err = errors.New("container image does not contain a utility VM")
+				}
+				return nil, err
+			}
+
+			hvr.ImagePath = uvmpath
+		}
+
+		s.Windows.HvRuntime = hvr
+	}
+
 	// In s.Windows.Networking
 	// Connect all the libnetwork allocated networks to the container
 	var epList []string
diff --git a/components/engine/libcontainerd/client_windows.go b/components/engine/libcontainerd/client_windows.go
index 5b22ba269e..3cacec6106 100644
--- a/components/engine/libcontainerd/client_windows.go
+++ b/components/engine/libcontainerd/client_windows.go
@@ -69,6 +69,10 @@ type mappedDir struct {
 	ReadOnly      bool
 }
 
+type hvRuntime struct {
+	ImagePath string `json:",omitempty"`
+}
+
 // TODO Windows: @darrenstahlmsft Add ProcessorCount
 type containerInit struct {
 	SystemType              string      // HCS requires this to be hard-coded to "Container"
@@ -91,6 +95,7 @@ type containerInit struct {
 	SandboxPath             string      // Location of unmounted sandbox (used for Hyper-V containers)
 	HvPartition             bool        // True if it a Hyper-V Container
 	EndpointList            []string    // List of networking endpoints to be attached to container
+	HvRuntime               *hvRuntime  // Hyper-V container settings
 }
 
 // defaultOwner is a tag passed to HCS to allow it to differentiate between
@@ -145,14 +150,12 @@ func (clnt *client) Create(containerID string, spec Spec, options ...CreateOptio
 		}
 	}
 
-	cu.HvPartition = (spec.Windows.HvRuntime != nil)
-
-	// TODO Windows @jhowardmsft. FIXME post TP5.
-	//	if spec.Windows.HvRuntime != nil {
-	//		if spec.WIndows.HVRuntime.ImagePath != "" {
-	//			cu.TBD = spec.Windows.HvRuntime.ImagePath
-	//		}
-	//	}
+	if spec.Windows.HvRuntime != nil {
+		cu.HvPartition = true
+		cu.HvRuntime = &hvRuntime{
+			ImagePath: spec.Windows.HvRuntime.ImagePath,
+		}
+	}
 
 	if cu.HvPartition {
 		cu.SandboxPath = filepath.Dir(spec.Windows.LayerFolder)