diff --git a/jailer.go b/jailer.go index 9e27854f..931d92c5 100644 --- a/jailer.go +++ b/jailer.go @@ -30,6 +30,8 @@ const ( defaultJailerBin = "jailer" rootfsFolderName = "root" + + defaultSocketPath = "/run/firecracker.socket" ) var ( @@ -288,7 +290,14 @@ func jail(ctx context.Context, m *Machine, cfg *Config) error { jailerWorkspaceDir = filepath.Join(defaultJailerPath, filepath.Base(cfg.JailerCfg.ExecFile), cfg.JailerCfg.ID, rootfsFolderName) } - cfg.SocketPath = filepath.Join(jailerWorkspaceDir, "run", "firecracker.socket") + var machineSocketPath string + if cfg.SocketPath != "" { + machineSocketPath = cfg.SocketPath + } else { + machineSocketPath = defaultSocketPath + } + + cfg.SocketPath = filepath.Join(jailerWorkspaceDir, machineSocketPath) stdout := cfg.JailerCfg.Stdout if stdout == nil { @@ -310,6 +319,7 @@ func jail(ctx context.Context, m *Machine, cfg *Config) error { WithDaemonize(cfg.JailerCfg.Daemonize). WithFirecrackerArgs( "--seccomp-level", cfg.SeccompLevel.String(), + "--api-sock", machineSocketPath, ). WithStdout(stdout). WithStderr(stderr) diff --git a/jailer_test.go b/jailer_test.go index c4ff6234..fdfc6e53 100644 --- a/jailer_test.go +++ b/jailer_test.go @@ -156,6 +156,7 @@ func TestJail(t *testing.T) { jailerCfg JailerConfig expectedArgs []string netns string + socketPath string expectedSockPath string }{ { @@ -183,6 +184,8 @@ func TestJail(t *testing.T) { "--", "--seccomp-level", "0", + "--api-sock", + "/run/firecracker.socket", }, expectedSockPath: filepath.Join( defaultJailerPath, @@ -218,6 +221,8 @@ func TestJail(t *testing.T) { "--", "--seccomp-level", "0", + "--api-sock", + "/run/firecracker.socket", }, expectedSockPath: filepath.Join( defaultJailerPath, @@ -259,6 +264,8 @@ func TestJail(t *testing.T) { "--", "--seccomp-level", "0", + "--api-sock", + "/run/firecracker.socket", }, expectedSockPath: filepath.Join( "/tmp", @@ -268,6 +275,42 @@ func TestJail(t *testing.T) { "run", "firecracker.socket"), }, + { + name: "custom socket path", + socketPath: "api.sock", + jailerCfg: JailerConfig{ + ID: "my-test-id", + UID: Int(123), + GID: Int(100), + NumaNode: Int(0), + ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"), + ExecFile: "/path/to/firecracker", + }, + expectedArgs: []string{ + defaultJailerBin, + "--id", + "my-test-id", + "--uid", + "123", + "--gid", + "100", + "--exec-file", + "/path/to/firecracker", + "--node", + "0", + "--", + "--seccomp-level", + "0", + "--api-sock", + "api.sock", + }, + expectedSockPath: filepath.Join( + defaultJailerPath, + "firecracker", + "my-test-id", + rootfsFolderName, + "api.sock"), + }, } for _, c := range testCases { t.Run(c.name, func(t *testing.T) { @@ -277,8 +320,9 @@ func TestJail(t *testing.T) { }, } cfg := &Config{ - JailerCfg: &c.jailerCfg, - NetNS: c.netns, + JailerCfg: &c.jailerCfg, + NetNS: c.netns, + SocketPath: c.socketPath, } jail(context.Background(), m, cfg) diff --git a/machine_test.go b/machine_test.go index aea3dde5..572da5ee 100644 --- a/machine_test.go +++ b/machine_test.go @@ -157,7 +157,7 @@ func TestJailerMicroVMExecution(t *testing.T) { jailerFullRootPath := filepath.Join(jailerTestPath, filepath.Base(getFirecrackerBinaryPath()), id) os.MkdirAll(jailerTestPath, 0777) - socketPath := filepath.Join(jailerTestPath, "firecracker", "TestJailerMicroVMExecution.socket") + socketPath := "TestJailerMicroVMExecution.socket" logFifo := filepath.Join(tmpDir, "firecracker.log") metricsFifo := filepath.Join(tmpDir, "firecracker-metrics") capturedLog := filepath.Join(tmpDir, "writer.fifo") @@ -167,7 +167,7 @@ func TestJailerMicroVMExecution(t *testing.T) { fw.Close() exec.Command("cp", capturedLog, logPath).Run() os.Remove(capturedLog) - os.Remove(socketPath) + os.Remove(filepath.Join(jailerTestPath, "firecracker", socketPath)) os.Remove(logFifo) os.Remove(metricsFifo) os.RemoveAll(tmpDir)