Skip to content

Jailer configuration API cleanup and improved logging with Debug log level #255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Sep 4, 2020
Merged

Jailer configuration API cleanup and improved logging with Debug log level #255

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
35be643
jailer: construct path to chrooted filesystem when applying the Handl…
dreadl0ck Aug 11, 2020
d596b4d
update go modules
dreadl0ck Aug 11, 2020
addd36c
startVMM: log final commandline invocation in debug mode
dreadl0ck Aug 11, 2020
a171aa1
updated NewNaiveChrootStrategy invocation in jailer tests
dreadl0ck Aug 24, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 1 addition & 3 deletions example_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ import (
"context"
"fmt"
"os"
"path/filepath"
"time"

log "github.com/sirupsen/logrus"
Expand Down Expand Up @@ -224,7 +223,6 @@ func ExampleJailerConfig_enablingJailer() {

const id = "my-jailer-test"
const path = "/path/to/jailer-workspace"
pathToWorkspace := filepath.Join(path, "firecracker", id)
const kernelImagePath = "/path/to/kernel-image"

uid := 123
Expand All @@ -247,7 +245,7 @@ func ExampleJailerConfig_enablingJailer() {
ID: id,
NumaNode: firecracker.Int(0),
ChrootBaseDir: path,
ChrootStrategy: firecracker.NewNaiveChrootStrategy(pathToWorkspace, kernelImagePath),
ChrootStrategy: firecracker.NewNaiveChrootStrategy(kernelImagePath),
ExecFile: "/path/to/firecracker-binary",
},
}
Expand Down
2 changes: 0 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,8 +79,6 @@ github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt
github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4=
github.com/go-openapi/runtime v0.19.15 h1:2GIefxs9Rx1vCDNghRtypRq+ig8KSLrjHbAYI/gCLCM=
github.com/go-openapi/runtime v0.19.15/go.mod h1:dhGWCTKRXlAfGnQG0ONViOZpjfg0m2gUt9nTQPQZuoo=
github.com/go-openapi/runtime v0.19.19 h1:PCaQSqG0HiCgpekchPrHO9AEc5ZUaAclOUp9T3RSKoQ=
github.com/go-openapi/runtime v0.19.19/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk=
github.com/go-openapi/runtime v0.19.20 h1:J/t+QIjbcoq8WJvjGxRKiFBhqUE8slS9SbmD0Oi/raQ=
github.com/go-openapi/runtime v0.19.20/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk=
github.com/go-openapi/spec v0.17.0 h1:XNvrt8FlSVP8T1WuhbAFF6QDhJc0zsoWzX4wXARhhpE=
Expand Down
43 changes: 19 additions & 24 deletions jailer.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -345,29 +345,28 @@ func jail(ctx context.Context, m *Machine, cfg *Config) error {
return nil
}

func linkFileToRootFS(cfg *JailerConfig, dst, src string) error {
if err := os.Link(src, dst); err != nil {
return err
}

return nil
}

// LinkFilesHandler creates a new link files handler that will link files to
// the rootfs
func LinkFilesHandler(rootfs, kernelImageFileName string) Handler {
func LinkFilesHandler(kernelImageFileName string) Handler {
return Handler{
Name: LinkFilesToRootFSHandlerName,
Fn: func(ctx context.Context, m *Machine) error {
if m.Cfg.JailerCfg == nil {
return ErrMissingJailerConfig
}

// assemble the path to the jailed root folder on the host
rootfs := filepath.Join(
m.Cfg.JailerCfg.ChrootBaseDir,
filepath.Base(m.Cfg.JailerCfg.ExecFile),
m.Cfg.JailerCfg.ID,
rootfsFolderName,
)

// copy kernel image to root fs
if err := linkFileToRootFS(
m.Cfg.JailerCfg,
filepath.Join(rootfs, kernelImageFileName),
if err := os.Link(
m.Cfg.KernelImagePath,
filepath.Join(rootfs, kernelImageFileName),
); err != nil {
return err
}
Expand All @@ -376,10 +375,9 @@ func LinkFilesHandler(rootfs, kernelImageFileName string) Handler {
if m.Cfg.InitrdPath != "" {
initrdFilename := filepath.Base(m.Cfg.InitrdPath)
// copy initrd to root fs
if err := linkFileToRootFS(
m.Cfg.JailerCfg,
filepath.Join(rootfs, initrdFilename),
if err := os.Link(
m.Cfg.InitrdPath,
filepath.Join(rootfs, initrdFilename),
); err != nil {
return err
}
Expand All @@ -390,10 +388,9 @@ func LinkFilesHandler(rootfs, kernelImageFileName string) Handler {
hostPath := StringValue(drive.PathOnHost)
driveFileName := filepath.Base(hostPath)

if err := linkFileToRootFS(
m.Cfg.JailerCfg,
filepath.Join(rootfs, driveFileName),
if err := os.Link(
hostPath,
filepath.Join(rootfs, driveFileName),
); err != nil {
return err
}
Expand All @@ -412,10 +409,9 @@ func LinkFilesHandler(rootfs, kernelImageFileName string) Handler {
}

fileName := filepath.Base(*fifoPath)
if err := linkFileToRootFS(
m.Cfg.JailerCfg,
filepath.Join(rootfs, fileName),
if err := os.Link(
*fifoPath,
filepath.Join(rootfs, fileName),
); err != nil {
return err
}
Expand All @@ -441,9 +437,8 @@ type NaiveChrootStrategy struct {
}

// NewNaiveChrootStrategy returns a new NaivceChrootStrategy
func NewNaiveChrootStrategy(rootfs, kernelImagePath string) NaiveChrootStrategy {
func NewNaiveChrootStrategy(kernelImagePath string) NaiveChrootStrategy {
return NaiveChrootStrategy{
Rootfs: rootfs,
KernelImagePath: kernelImagePath,
}
}
Expand All @@ -460,7 +455,7 @@ func (s NaiveChrootStrategy) AdaptHandlers(handlers *Handlers) error {

handlers.FcInit = handlers.FcInit.AppendAfter(
CreateLogFilesHandlerName,
LinkFilesHandler(filepath.Join(s.Rootfs, rootfsFolderName), filepath.Base(s.KernelImagePath)),
LinkFilesHandler(filepath.Base(s.KernelImagePath)),
)

return nil
Expand Down
14 changes: 7 additions & 7 deletions jailer_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ func TestJailerBuilder(t *testing.T) {
UID: Int(123),
GID: Int(100),
NumaNode: Int(0),
ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
ExecFile: "/path/to/firecracker",
},
expectedArgs: []string{
Expand Down Expand Up @@ -53,7 +53,7 @@ func TestJailerBuilder(t *testing.T) {
UID: Int(123),
GID: Int(100),
NumaNode: Int(0),
ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
ExecFile: "/path/to/firecracker",
JailerBinary: "imprisoner",
},
Expand Down Expand Up @@ -86,7 +86,7 @@ func TestJailerBuilder(t *testing.T) {
UID: Int(123),
GID: Int(100),
NumaNode: Int(1),
ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
ExecFile: "/path/to/firecracker",
ChrootBaseDir: "/tmp",
JailerBinary: "/path/to/the/jailer",
Expand Down Expand Up @@ -166,7 +166,7 @@ func TestJail(t *testing.T) {
UID: Int(123),
GID: Int(100),
NumaNode: Int(0),
ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
ExecFile: "/path/to/firecracker",
},
expectedArgs: []string{
Expand Down Expand Up @@ -202,7 +202,7 @@ func TestJail(t *testing.T) {
UID: Int(123),
GID: Int(100),
NumaNode: Int(0),
ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
ExecFile: "/path/to/firecracker",
JailerBinary: "imprisoner",
},
Expand Down Expand Up @@ -240,7 +240,7 @@ func TestJail(t *testing.T) {
UID: Int(123),
GID: Int(100),
NumaNode: Int(1),
ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
ExecFile: "/path/to/firecracker",
ChrootBaseDir: "/tmp",
JailerBinary: "/path/to/the/jailer",
Expand Down Expand Up @@ -283,7 +283,7 @@ func TestJail(t *testing.T) {
UID: Int(123),
GID: Int(100),
NumaNode: Int(0),
ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
ExecFile: "/path/to/firecracker",
},
expectedArgs: []string{
Expand Down
2 changes: 2 additions & 0 deletions machine.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -487,6 +487,8 @@ func (m *Machine) startVMM(ctx context.Context) error {
m.logger.Printf("Called startVMM(), setting up a VMM on %s", m.Cfg.SocketPath)
startCmd := m.cmd.Start

m.logger.Debugf("Starting %v", m.cmd.Args)

var err error
if m.Cfg.NetNS != "" && m.Cfg.JailerCfg == nil {
// If the VM needs to be started in a netns but no jailer netns was configured,
Expand Down
3 changes: 1 addition & 2 deletions machine_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,6 @@ func TestJailerMicroVMExecution(t *testing.T) {
// short names and directory to prevent SUN_LEN error
id := "b"
jailerTestPath := tmpDir
jailerFullRootPath := filepath.Join(jailerTestPath, filepath.Base(getFirecrackerBinaryPath()), id)
os.MkdirAll(jailerTestPath, 0777)

socketPath := "TestJailerMicroVMExecution.socket"
Expand Down Expand Up @@ -207,7 +206,7 @@ func TestJailerMicroVMExecution(t *testing.T) {
ID: id,
ChrootBaseDir: jailerTestPath,
ExecFile: getFirecrackerBinaryPath(),
ChrootStrategy: NewNaiveChrootStrategy(jailerFullRootPath, vmlinuxPath),
ChrootStrategy: NewNaiveChrootStrategy(vmlinuxPath),
Stdout: logFd,
Stderr: logFd,
},
Expand Down