Skip to content

Commit 45fa12c

Browse files
xibzxibz
committed
Updates Dockerfile to run jailer integ tests
This commit updates the Dockerfile by setting the correct restrictive permissions to the kernel image and drive file. In addition this also adds the copy offirecracker-runc-config.json.example to the integ test work environments. Signed-off-by: xibz <[email protected]>
1 parent d4c90d8 commit 45fa12c

File tree

1 file changed

+5
-1
lines changed

1 file changed

+5
-1
lines changed

tools/docker/Dockerfile

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,7 @@ RUN mkdir -p /var/lib/firecracker-containerd/runtime \
108108
&& curl --silent --show-error --retry 3 --max-time 30 --output default-vmlinux.bin \
109109
"https://s3.amazonaws.com/spec.ccfc.min/img/hello/kernel/hello-vmlinux.bin" \
110110
&& echo "882fa465c43ab7d92e31bd4167da3ad6a82cb9230f9b0016176df597c6014cef default-vmlinux.bin" | sha256sum -c - \
111+
&& chmod 0444 default-vmlinux.bin \
111112
&& mv default-vmlinux.bin /var/lib/firecracker-containerd/runtime/default-vmlinux.bin
112113

113114
COPY --from=firecracker-containerd-build /home/builder/firecracker-containerd /firecracker-containerd
@@ -149,6 +150,7 @@ COPY _submodules/firecracker/target/$FIRECRACKER_TARGET/release/firecracker /usr
149150
COPY _submodules/firecracker/target/$FIRECRACKER_TARGET/release/jailer /usr/local/bin/
150151
COPY _submodules/runc/runc /usr/local/bin
151152
COPY tools/image-builder/rootfs.img /var/lib/firecracker-containerd/runtime/default-rootfs.img
153+
COPY runtime/firecracker-runc-config.json.example /etc/containerd/firecracker-runc-config.json
152154

153155
# pull the images the tests need into the content store so we don't need internet
154156
# access during the tests themselves
@@ -157,7 +159,9 @@ RUN containerd 2>/dev/null & \
157159
ctr content fetch docker.io/library/alpine:3.10.1 >/dev/null && \
158160
ctr content fetch docker.io/mlabbe/iperf3:3.6-r0 >/dev/null
159161

160-
RUN mkdir -p /var/lib/firecracker-containerd/naive
162+
COPY tools/docker/naive-snapshotter/entrypoint.sh /entrypoint
163+
RUN chmod 0444 /var/lib/firecracker-containerd/runtime/default-rootfs.img \
164+
&& mkdir -p /var/lib/firecracker-containerd/naive
161165
RUN make -C /firecracker-containerd demo-network
162166
RUN make -C /firecracker-containerd/internal test-bridged-tap && \
163167
cp /firecracker-containerd/internal/test-bridged-tap /opt/cni/bin/ && \

0 commit comments

Comments
 (0)