Skip to content

Commit 18718f1

Browse files
author
Kazuyoshi Kato
authored
Merge pull request #255 from dreadl0ck/jailer-fixes
Jailer configuration API cleanup and improved logging with Debug log level
2 parents aec15e4 + a171aa1 commit 18718f1

File tree

6 files changed

+30
-38
lines changed

6 files changed

+30
-38
lines changed

example_test.go

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@ import (
44
"context"
55
"fmt"
66
"os"
7-
"path/filepath"
87
"time"
98

109
log "github.com/sirupsen/logrus"
@@ -224,7 +223,6 @@ func ExampleJailerConfig_enablingJailer() {
224223

225224
const id = "my-jailer-test"
226225
const path = "/path/to/jailer-workspace"
227-
pathToWorkspace := filepath.Join(path, "firecracker", id)
228226
const kernelImagePath = "/path/to/kernel-image"
229227

230228
uid := 123
@@ -247,7 +245,7 @@ func ExampleJailerConfig_enablingJailer() {
247245
ID: id,
248246
NumaNode: firecracker.Int(0),
249247
ChrootBaseDir: path,
250-
ChrootStrategy: firecracker.NewNaiveChrootStrategy(pathToWorkspace, kernelImagePath),
248+
ChrootStrategy: firecracker.NewNaiveChrootStrategy(kernelImagePath),
251249
ExecFile: "/path/to/firecracker-binary",
252250
},
253251
}

go.sum

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -82,8 +82,6 @@ github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt
8282
github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4=
8383
github.com/go-openapi/runtime v0.19.15 h1:2GIefxs9Rx1vCDNghRtypRq+ig8KSLrjHbAYI/gCLCM=
8484
github.com/go-openapi/runtime v0.19.15/go.mod h1:dhGWCTKRXlAfGnQG0ONViOZpjfg0m2gUt9nTQPQZuoo=
85-
github.com/go-openapi/runtime v0.19.19 h1:PCaQSqG0HiCgpekchPrHO9AEc5ZUaAclOUp9T3RSKoQ=
86-
github.com/go-openapi/runtime v0.19.19/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk=
8785
github.com/go-openapi/runtime v0.19.20 h1:J/t+QIjbcoq8WJvjGxRKiFBhqUE8slS9SbmD0Oi/raQ=
8886
github.com/go-openapi/runtime v0.19.20/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk=
8987
github.com/go-openapi/runtime v0.19.21 h1:81PiYus9l6fwwS4EwhJD+tQb3EPZBeWfgdAVTfFD25Q=

jailer.go

Lines changed: 19 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -345,29 +345,28 @@ func jail(ctx context.Context, m *Machine, cfg *Config) error {
345345
return nil
346346
}
347347

348-
func linkFileToRootFS(cfg *JailerConfig, dst, src string) error {
349-
if err := os.Link(src, dst); err != nil {
350-
return err
351-
}
352-
353-
return nil
354-
}
355-
356348
// LinkFilesHandler creates a new link files handler that will link files to
357349
// the rootfs
358-
func LinkFilesHandler(rootfs, kernelImageFileName string) Handler {
350+
func LinkFilesHandler(kernelImageFileName string) Handler {
359351
return Handler{
360352
Name: LinkFilesToRootFSHandlerName,
361353
Fn: func(ctx context.Context, m *Machine) error {
362354
if m.Cfg.JailerCfg == nil {
363355
return ErrMissingJailerConfig
364356
}
365357

358+
// assemble the path to the jailed root folder on the host
359+
rootfs := filepath.Join(
360+
m.Cfg.JailerCfg.ChrootBaseDir,
361+
filepath.Base(m.Cfg.JailerCfg.ExecFile),
362+
m.Cfg.JailerCfg.ID,
363+
rootfsFolderName,
364+
)
365+
366366
// copy kernel image to root fs
367-
if err := linkFileToRootFS(
368-
m.Cfg.JailerCfg,
369-
filepath.Join(rootfs, kernelImageFileName),
367+
if err := os.Link(
370368
m.Cfg.KernelImagePath,
369+
filepath.Join(rootfs, kernelImageFileName),
371370
); err != nil {
372371
return err
373372
}
@@ -376,10 +375,9 @@ func LinkFilesHandler(rootfs, kernelImageFileName string) Handler {
376375
if m.Cfg.InitrdPath != "" {
377376
initrdFilename := filepath.Base(m.Cfg.InitrdPath)
378377
// copy initrd to root fs
379-
if err := linkFileToRootFS(
380-
m.Cfg.JailerCfg,
381-
filepath.Join(rootfs, initrdFilename),
378+
if err := os.Link(
382379
m.Cfg.InitrdPath,
380+
filepath.Join(rootfs, initrdFilename),
383381
); err != nil {
384382
return err
385383
}
@@ -390,10 +388,9 @@ func LinkFilesHandler(rootfs, kernelImageFileName string) Handler {
390388
hostPath := StringValue(drive.PathOnHost)
391389
driveFileName := filepath.Base(hostPath)
392390

393-
if err := linkFileToRootFS(
394-
m.Cfg.JailerCfg,
395-
filepath.Join(rootfs, driveFileName),
391+
if err := os.Link(
396392
hostPath,
393+
filepath.Join(rootfs, driveFileName),
397394
); err != nil {
398395
return err
399396
}
@@ -412,10 +409,9 @@ func LinkFilesHandler(rootfs, kernelImageFileName string) Handler {
412409
}
413410

414411
fileName := filepath.Base(*fifoPath)
415-
if err := linkFileToRootFS(
416-
m.Cfg.JailerCfg,
417-
filepath.Join(rootfs, fileName),
412+
if err := os.Link(
418413
*fifoPath,
414+
filepath.Join(rootfs, fileName),
419415
); err != nil {
420416
return err
421417
}
@@ -441,9 +437,8 @@ type NaiveChrootStrategy struct {
441437
}
442438

443439
// NewNaiveChrootStrategy returns a new NaivceChrootStrategy
444-
func NewNaiveChrootStrategy(rootfs, kernelImagePath string) NaiveChrootStrategy {
440+
func NewNaiveChrootStrategy(kernelImagePath string) NaiveChrootStrategy {
445441
return NaiveChrootStrategy{
446-
Rootfs: rootfs,
447442
KernelImagePath: kernelImagePath,
448443
}
449444
}
@@ -460,7 +455,7 @@ func (s NaiveChrootStrategy) AdaptHandlers(handlers *Handlers) error {
460455

461456
handlers.FcInit = handlers.FcInit.AppendAfter(
462457
CreateLogFilesHandlerName,
463-
LinkFilesHandler(filepath.Join(s.Rootfs, rootfsFolderName), filepath.Base(s.KernelImagePath)),
458+
LinkFilesHandler(filepath.Base(s.KernelImagePath)),
464459
)
465460

466461
return nil

jailer_test.go

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ func TestJailerBuilder(t *testing.T) {
2222
UID: Int(123),
2323
GID: Int(100),
2424
NumaNode: Int(0),
25-
ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
25+
ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
2626
ExecFile: "/path/to/firecracker",
2727
},
2828
expectedArgs: []string{
@@ -53,7 +53,7 @@ func TestJailerBuilder(t *testing.T) {
5353
UID: Int(123),
5454
GID: Int(100),
5555
NumaNode: Int(0),
56-
ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
56+
ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
5757
ExecFile: "/path/to/firecracker",
5858
JailerBinary: "imprisoner",
5959
},
@@ -86,7 +86,7 @@ func TestJailerBuilder(t *testing.T) {
8686
UID: Int(123),
8787
GID: Int(100),
8888
NumaNode: Int(1),
89-
ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
89+
ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
9090
ExecFile: "/path/to/firecracker",
9191
ChrootBaseDir: "/tmp",
9292
JailerBinary: "/path/to/the/jailer",
@@ -166,7 +166,7 @@ func TestJail(t *testing.T) {
166166
UID: Int(123),
167167
GID: Int(100),
168168
NumaNode: Int(0),
169-
ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
169+
ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
170170
ExecFile: "/path/to/firecracker",
171171
},
172172
expectedArgs: []string{
@@ -202,7 +202,7 @@ func TestJail(t *testing.T) {
202202
UID: Int(123),
203203
GID: Int(100),
204204
NumaNode: Int(0),
205-
ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
205+
ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
206206
ExecFile: "/path/to/firecracker",
207207
JailerBinary: "imprisoner",
208208
},
@@ -240,7 +240,7 @@ func TestJail(t *testing.T) {
240240
UID: Int(123),
241241
GID: Int(100),
242242
NumaNode: Int(1),
243-
ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
243+
ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
244244
ExecFile: "/path/to/firecracker",
245245
ChrootBaseDir: "/tmp",
246246
JailerBinary: "/path/to/the/jailer",
@@ -283,7 +283,7 @@ func TestJail(t *testing.T) {
283283
UID: Int(123),
284284
GID: Int(100),
285285
NumaNode: Int(0),
286-
ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
286+
ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
287287
ExecFile: "/path/to/firecracker",
288288
},
289289
expectedArgs: []string{

machine.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -487,6 +487,8 @@ func (m *Machine) startVMM(ctx context.Context) error {
487487
m.logger.Printf("Called startVMM(), setting up a VMM on %s", m.Cfg.SocketPath)
488488
startCmd := m.cmd.Start
489489

490+
m.logger.Debugf("Starting %v", m.cmd.Args)
491+
490492
var err error
491493
if m.Cfg.NetNS != "" && m.Cfg.JailerCfg == nil {
492494
// If the VM needs to be started in a netns but no jailer netns was configured,

machine_test.go

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -153,7 +153,6 @@ func TestJailerMicroVMExecution(t *testing.T) {
153153
// short names and directory to prevent SUN_LEN error
154154
id := "b"
155155
jailerTestPath := tmpDir
156-
jailerFullRootPath := filepath.Join(jailerTestPath, filepath.Base(getFirecrackerBinaryPath()), id)
157156
os.MkdirAll(jailerTestPath, 0777)
158157

159158
socketPath := "TestJailerMicroVMExecution.socket"
@@ -207,7 +206,7 @@ func TestJailerMicroVMExecution(t *testing.T) {
207206
ID: id,
208207
ChrootBaseDir: jailerTestPath,
209208
ExecFile: getFirecrackerBinaryPath(),
210-
ChrootStrategy: NewNaiveChrootStrategy(jailerFullRootPath, vmlinuxPath),
209+
ChrootStrategy: NewNaiveChrootStrategy(vmlinuxPath),
211210
Stdout: logFd,
212211
Stderr: logFd,
213212
},

0 commit comments

Comments
 (0)