diff --git a/example_test.go b/example_test.go index 62abc0e7..a0d5985b 100644 --- a/example_test.go +++ b/example_test.go @@ -4,7 +4,6 @@ import ( "context" "fmt" "os" - "path/filepath" "time" log "github.com/sirupsen/logrus" @@ -224,7 +223,6 @@ func ExampleJailerConfig_enablingJailer() { const id = "my-jailer-test" const path = "/path/to/jailer-workspace" - pathToWorkspace := filepath.Join(path, "firecracker", id) const kernelImagePath = "/path/to/kernel-image" uid := 123 @@ -247,7 +245,7 @@ func ExampleJailerConfig_enablingJailer() { ID: id, NumaNode: firecracker.Int(0), ChrootBaseDir: path, - ChrootStrategy: firecracker.NewNaiveChrootStrategy(pathToWorkspace, kernelImagePath), + ChrootStrategy: firecracker.NewNaiveChrootStrategy(kernelImagePath), ExecFile: "/path/to/firecracker-binary", }, } diff --git a/go.sum b/go.sum index 921c384b..e8dafdb0 100644 --- a/go.sum +++ b/go.sum @@ -79,8 +79,6 @@ github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4= github.com/go-openapi/runtime v0.19.15 h1:2GIefxs9Rx1vCDNghRtypRq+ig8KSLrjHbAYI/gCLCM= github.com/go-openapi/runtime v0.19.15/go.mod h1:dhGWCTKRXlAfGnQG0ONViOZpjfg0m2gUt9nTQPQZuoo= -github.com/go-openapi/runtime v0.19.19 h1:PCaQSqG0HiCgpekchPrHO9AEc5ZUaAclOUp9T3RSKoQ= -github.com/go-openapi/runtime v0.19.19/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk= github.com/go-openapi/runtime v0.19.20 h1:J/t+QIjbcoq8WJvjGxRKiFBhqUE8slS9SbmD0Oi/raQ= github.com/go-openapi/runtime v0.19.20/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk= github.com/go-openapi/spec v0.17.0 h1:XNvrt8FlSVP8T1WuhbAFF6QDhJc0zsoWzX4wXARhhpE= diff --git a/jailer.go b/jailer.go index 931d92c5..56d89265 100644 --- a/jailer.go +++ b/jailer.go @@ -345,17 +345,9 @@ func jail(ctx context.Context, m *Machine, cfg *Config) error { return nil } -func linkFileToRootFS(cfg *JailerConfig, dst, src string) error { - if err := os.Link(src, dst); err != nil { - return err - } - - return nil -} - // LinkFilesHandler creates a new link files handler that will link files to // the rootfs -func LinkFilesHandler(rootfs, kernelImageFileName string) Handler { +func LinkFilesHandler(kernelImageFileName string) Handler { return Handler{ Name: LinkFilesToRootFSHandlerName, Fn: func(ctx context.Context, m *Machine) error { @@ -363,11 +355,18 @@ func LinkFilesHandler(rootfs, kernelImageFileName string) Handler { return ErrMissingJailerConfig } + // assemble the path to the jailed root folder on the host + rootfs := filepath.Join( + m.Cfg.JailerCfg.ChrootBaseDir, + filepath.Base(m.Cfg.JailerCfg.ExecFile), + m.Cfg.JailerCfg.ID, + rootfsFolderName, + ) + // copy kernel image to root fs - if err := linkFileToRootFS( - m.Cfg.JailerCfg, - filepath.Join(rootfs, kernelImageFileName), + if err := os.Link( m.Cfg.KernelImagePath, + filepath.Join(rootfs, kernelImageFileName), ); err != nil { return err } @@ -376,10 +375,9 @@ func LinkFilesHandler(rootfs, kernelImageFileName string) Handler { if m.Cfg.InitrdPath != "" { initrdFilename := filepath.Base(m.Cfg.InitrdPath) // copy initrd to root fs - if err := linkFileToRootFS( - m.Cfg.JailerCfg, - filepath.Join(rootfs, initrdFilename), + if err := os.Link( m.Cfg.InitrdPath, + filepath.Join(rootfs, initrdFilename), ); err != nil { return err } @@ -390,10 +388,9 @@ func LinkFilesHandler(rootfs, kernelImageFileName string) Handler { hostPath := StringValue(drive.PathOnHost) driveFileName := filepath.Base(hostPath) - if err := linkFileToRootFS( - m.Cfg.JailerCfg, - filepath.Join(rootfs, driveFileName), + if err := os.Link( hostPath, + filepath.Join(rootfs, driveFileName), ); err != nil { return err } @@ -412,10 +409,9 @@ func LinkFilesHandler(rootfs, kernelImageFileName string) Handler { } fileName := filepath.Base(*fifoPath) - if err := linkFileToRootFS( - m.Cfg.JailerCfg, - filepath.Join(rootfs, fileName), + if err := os.Link( *fifoPath, + filepath.Join(rootfs, fileName), ); err != nil { return err } @@ -441,9 +437,8 @@ type NaiveChrootStrategy struct { } // NewNaiveChrootStrategy returns a new NaivceChrootStrategy -func NewNaiveChrootStrategy(rootfs, kernelImagePath string) NaiveChrootStrategy { +func NewNaiveChrootStrategy(kernelImagePath string) NaiveChrootStrategy { return NaiveChrootStrategy{ - Rootfs: rootfs, KernelImagePath: kernelImagePath, } } @@ -460,7 +455,7 @@ func (s NaiveChrootStrategy) AdaptHandlers(handlers *Handlers) error { handlers.FcInit = handlers.FcInit.AppendAfter( CreateLogFilesHandlerName, - LinkFilesHandler(filepath.Join(s.Rootfs, rootfsFolderName), filepath.Base(s.KernelImagePath)), + LinkFilesHandler(filepath.Base(s.KernelImagePath)), ) return nil diff --git a/jailer_test.go b/jailer_test.go index 086edee6..f18e6eb4 100644 --- a/jailer_test.go +++ b/jailer_test.go @@ -22,7 +22,7 @@ func TestJailerBuilder(t *testing.T) { UID: Int(123), GID: Int(100), NumaNode: Int(0), - ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"), + ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"), ExecFile: "/path/to/firecracker", }, expectedArgs: []string{ @@ -53,7 +53,7 @@ func TestJailerBuilder(t *testing.T) { UID: Int(123), GID: Int(100), NumaNode: Int(0), - ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"), + ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"), ExecFile: "/path/to/firecracker", JailerBinary: "imprisoner", }, @@ -86,7 +86,7 @@ func TestJailerBuilder(t *testing.T) { UID: Int(123), GID: Int(100), NumaNode: Int(1), - ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"), + ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"), ExecFile: "/path/to/firecracker", ChrootBaseDir: "/tmp", JailerBinary: "/path/to/the/jailer", @@ -166,7 +166,7 @@ func TestJail(t *testing.T) { UID: Int(123), GID: Int(100), NumaNode: Int(0), - ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"), + ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"), ExecFile: "/path/to/firecracker", }, expectedArgs: []string{ @@ -202,7 +202,7 @@ func TestJail(t *testing.T) { UID: Int(123), GID: Int(100), NumaNode: Int(0), - ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"), + ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"), ExecFile: "/path/to/firecracker", JailerBinary: "imprisoner", }, @@ -240,7 +240,7 @@ func TestJail(t *testing.T) { UID: Int(123), GID: Int(100), NumaNode: Int(1), - ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"), + ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"), ExecFile: "/path/to/firecracker", ChrootBaseDir: "/tmp", JailerBinary: "/path/to/the/jailer", @@ -283,7 +283,7 @@ func TestJail(t *testing.T) { UID: Int(123), GID: Int(100), NumaNode: Int(0), - ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"), + ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"), ExecFile: "/path/to/firecracker", }, expectedArgs: []string{ diff --git a/machine.go b/machine.go index f4c55439..624322cc 100644 --- a/machine.go +++ b/machine.go @@ -487,6 +487,8 @@ func (m *Machine) startVMM(ctx context.Context) error { m.logger.Printf("Called startVMM(), setting up a VMM on %s", m.Cfg.SocketPath) startCmd := m.cmd.Start + m.logger.Debugf("Starting %v", m.cmd.Args) + var err error if m.Cfg.NetNS != "" && m.Cfg.JailerCfg == nil { // If the VM needs to be started in a netns but no jailer netns was configured, diff --git a/machine_test.go b/machine_test.go index bfa31101..10e0e6c7 100644 --- a/machine_test.go +++ b/machine_test.go @@ -153,7 +153,6 @@ func TestJailerMicroVMExecution(t *testing.T) { // short names and directory to prevent SUN_LEN error id := "b" jailerTestPath := tmpDir - jailerFullRootPath := filepath.Join(jailerTestPath, filepath.Base(getFirecrackerBinaryPath()), id) os.MkdirAll(jailerTestPath, 0777) socketPath := "TestJailerMicroVMExecution.socket" @@ -207,7 +206,7 @@ func TestJailerMicroVMExecution(t *testing.T) { ID: id, ChrootBaseDir: jailerTestPath, ExecFile: getFirecrackerBinaryPath(), - ChrootStrategy: NewNaiveChrootStrategy(jailerFullRootPath, vmlinuxPath), + ChrootStrategy: NewNaiveChrootStrategy(vmlinuxPath), Stdout: logFd, Stderr: logFd, },