[do not merge] debug libkrun on f42

[pengshanyu]

Do not need to merge, debug libkrun on fedora42
The error I got from local debugging was inconsistent with the one in the pipeline.

Summary by Sourcery

Add additional runtime checks to help debug libkrun behavior in the qm container on Fedora 42.

Enhancements:

• Add a helper to verify that /dev/kvm is exposed inside the qm container before running libkrun tests.
• Add a seccomp profile presence and memfd check for qm as part of the libkrun test script.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Adds debugging helpers to verify KVM exposure to the qm container and to inspect the seccomp profile for memfd usage when running libkrun tests on Fedora 42.

File-Level Changes

Change	Details	Files
Add a helper to verify that /dev/kvm is exposed inside the qm container before running libkrun tests.	Introduce verify_kvm_exposed_to_qm() helper that logs intent and checks for /dev/kvm using podman exec qm test -c /dev/kvm Log a PASS/FAIL message depending on whether /dev/kvm is available in the qm container Invoke the new helper before enabling repos and installing libkrun	tests/qm-kvm-test/libkrun/check_libkrun.sh
Add an inline check to confirm the seccomp profile contains memfd when present.	Check for existence of /usr/share/qm/seccomp-no-rt.json before grepping Search the seccomp profile for the string memfd Emit a diagnostic message if the profile file is missing or memfd is not present	tests/qm-kvm-test/libkrun/check_libkrun.sh

Possibly linked issues

• #tests/qm-kvm-test/libkrun/check_libkrun failed on fedora-42-x86_64: PR modifies the same libkrun check script on Fedora 42, adding diagnostics for KVM exposure and memfd seccomp profile.
• #QM libkrun tests c9s: PR augments the libkrun QM test to verify /dev/kvm and seccomp, directly supporting the described libkrun QM tests.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[gemini-code-assist]

Summary of Changes

Hello @pengshanyu, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request serves as a temporary debugging branch for libkrun on Fedora 42. It introduces additional diagnostic steps within a test script to investigate inconsistencies between local and pipeline error behaviors. The changes aim to provide more insight into the environment by verifying KVM device exposure and inspecting seccomp profiles.

Highlights

• KVM Device Exposure Check: Introduced a new function verify_kvm_exposed_to_qm to confirm that the /dev/kvm device is correctly exposed to the qm container, logging the success or failure of this check.
• Seccomp Profile Inspection: Added a command to check for the presence of /usr/share/qm/seccomp-no-rt.json and to grep for "memfd" within it, providing output if the file is not found or the entry is missing.
• Test Script Integration: Integrated the new KVM exposure verification and seccomp profile inspection directly into the check_libkrun.sh script's execution flow.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sourcery-ai]

Hey - I've left some high level feedback:

• The new test -f /usr/share/qm/seccomp-no-rt.json && ... and verify_kvm_exposed_to_qm calls are now executed at file load time, which may alter existing callers’ behavior if this script is sourced rather than executed; consider moving these into a guarded main function or behind a debug flag.
• In verify_kvm_exposed_to_qm, you log a FAIL when /dev/kvm is not exposed but still continue execution; if the subsequent steps depend on /dev/kvm, consider returning a non-zero status so callers can abort early when this prerequisite is missing.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The new `test -f /usr/share/qm/seccomp-no-rt.json && ...` and `verify_kvm_exposed_to_qm` calls are now executed at file load time, which may alter existing callers’ behavior if this script is sourced rather than executed; consider moving these into a guarded main function or behind a debug flag.
- In `verify_kvm_exposed_to_qm`, you log a FAIL when `/dev/kvm` is not exposed but still continue execution; if the subsequent steps depend on `/dev/kvm`, consider returning a non-zero status so callers can abort early when this prerequisite is missing.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[gemini-code-assist]

Code Review

This pull request adds debugging checks to check_libkrun.sh to help diagnose issues on Fedora 42. While these changes are intended for debugging and not for merging, I've provided a suggestion to make the new checks more robust and the script's output clearer. My feedback focuses on using appropriate helper functions for status messages, ensuring the script fails fast when a check fails, and improving code readability by refactoring a complex one-liner into a dedicated function. These improvements should make the script more effective for debugging.

[Yarboa]

Please refer this one
#959 (comment)