fixup! Adding runc jailing

Signed-off-by: xibz <[email protected]>

Author: xibz

proto/firecracker.pb.go

@@ -58,10 +58,5 @@ message SetVMMetadataRequest {
 }
 
 message JailerConfig {
-  // Determines whether or not the jailer should be disabled.
-  //
-  // Valid values are "ON", "OFF"
-  string State = 1;
-  uint32 UID = 2;
-  uint32 GID = 3;
+    bool DisableJailing = 1;
 }

proto/firecracker.proto

@@ -15,7 +15,6 @@ package main
 
 import (
 	"encoding/json"
-	"fmt"
 	"io/ioutil"
 	"os"
 
@@ -38,24 +37,28 @@ const (
 
 // Config represents runtime configuration parameters
 type Config struct {
-	FirecrackerBinaryPath string `json:"firecracker_binary_path"`
-	KernelImagePath       string `json:"kernel_image_path"`
-	KernelArgs            string `json:"kernel_args"`
-	RootDrive             string `json:"root_drive"`
-	CPUCount              int    `json:"cpu_count"`
-	CPUTemplate           string `json:"cpu_template"`
-	LogLevel              string `json:"log_level"`
-	HtEnabled             bool   `json:"ht_enabled"`
-	Debug                 bool   `json:"debug"`
-
-	JailerConfig JailerConfig `json:"jailer"`
+	FirecrackerBinaryPath string       `json:"firecracker_binary_path"`
+	KernelImagePath       string       `json:"kernel_image_path"`
+	KernelArgs            string       `json:"kernel_args"`
+	RootDrive             string       `json:"root_drive"`
+	CPUCount              int          `json:"cpu_count"`
+	CPUTemplate           string       `json:"cpu_template"`
+	LogLevel              string       `json:"log_level"`
+	HtEnabled             bool         `json:"ht_enabled"`
+	Debug                 bool         `json:"debug"`
+	JailerConfig          JailerConfig `json:"jailer"`
 }
 
 // JailerConfig houses a set of configurable values for jailing
 type JailerConfig struct {
 	DisableJailing bool `json:"disable_jailing"`
-	UID            *int `json:"uid"`
-	GID            *int `json:"gid"`
+	// MinID represents the minimum value for the UID and GID when finding those
+	// values.
+	MinID uint32 `json:"min_id"`
+	// MaxID represents the maximum value for the UID and GID when finding those
+	// values
+	MaxID          uint32 `json:"max_id"`
+	RuncBinaryPath string `json:"runc_binary_path"`
 }
 
 // LoadConfig loads configuration from JSON file at 'path'
@@ -79,34 +82,15 @@ func LoadConfig(path string) (*Config, error) {
 		RootDrive:       defaultRootfsPath,
 		CPUCount:        defaultCPUCount,
 		CPUTemplate:     string(defaultCPUTemplate),
+		JailerConfig: JailerConfig{
+			MinID: defaultMinIDCount,
+			MaxID: defaultMaxIDCount,
+		},
 	}
+
 	if err := json.Unmarshal(data, cfg); err != nil {
 		return nil, errors.Wrapf(err, "failed to unmarshal config from %q", path)
 	}
 
 	return cfg, nil
 }
-
-var (
-	// ErrNoUIDProvided returns when no UID was specified in the configuration
-	// file
-	ErrNoUIDProvided = fmt.Errorf("no uid provided in configuration")
-	// ErrNoGIDProvided returns when no GID was specified in the configuration
-	// filme
-	ErrNoGIDProvided = fmt.Errorf("no gid provided in configuration")
-)
-
-// Validate ensures that the configuration file has valid values
-func (c *Config) Validate() error {
-	if !c.JailerConfig.DisableJailing {
-		if c.JailerConfig.UID == nil {
-			return ErrNoUIDProvided
-		}
-
-		if c.JailerConfig.GID == nil {
-			return ErrNoGIDProvided
-		}
-	}
-
-	return nil
-}

runtime/config.go

@@ -111,9 +111,6 @@ func (h *stubDriveHandler) createStubDrive(driveID, path string) error {
 			h.logger.WithError(err).Errorf("unexpected error during %v close", f.Name())
 		}
 	}()
-	if err := f.Chmod(0600); err != nil {
-		return err
-	}
 
 	stubContent, err := internal.GenerateStubContent(driveID)
 	if err != nil {