Merge pull request firecracker-microvm#255 from dreadl0ck/jailer-fixes

Jailer configuration API cleanup and improved logging with Debug log level

Author: kzys

example_test.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"os"
-	"path/filepath"
 	"time"
 
 	log "github.com/sirupsen/logrus"
@@ -224,7 +223,6 @@ func ExampleJailerConfig_enablingJailer() {
 
 	const id = "my-jailer-test"
 	const path = "/path/to/jailer-workspace"
-	pathToWorkspace := filepath.Join(path, "firecracker", id)
 	const kernelImagePath = "/path/to/kernel-image"
 
 	uid := 123
@@ -247,7 +245,7 @@ func ExampleJailerConfig_enablingJailer() {
 			ID:             id,
 			NumaNode:       firecracker.Int(0),
 			ChrootBaseDir:  path,
-			ChrootStrategy: firecracker.NewNaiveChrootStrategy(pathToWorkspace, kernelImagePath),
+			ChrootStrategy: firecracker.NewNaiveChrootStrategy(kernelImagePath),
 			ExecFile:       "/path/to/firecracker-binary",
 		},
 	}

go.sum

@@ -82,8 +82,6 @@ github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt
 github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4=
 github.com/go-openapi/runtime v0.19.15 h1:2GIefxs9Rx1vCDNghRtypRq+ig8KSLrjHbAYI/gCLCM=
 github.com/go-openapi/runtime v0.19.15/go.mod h1:dhGWCTKRXlAfGnQG0ONViOZpjfg0m2gUt9nTQPQZuoo=
-github.com/go-openapi/runtime v0.19.19 h1:PCaQSqG0HiCgpekchPrHO9AEc5ZUaAclOUp9T3RSKoQ=
-github.com/go-openapi/runtime v0.19.19/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk=
 github.com/go-openapi/runtime v0.19.20 h1:J/t+QIjbcoq8WJvjGxRKiFBhqUE8slS9SbmD0Oi/raQ=
 github.com/go-openapi/runtime v0.19.20/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk=
 github.com/go-openapi/runtime v0.19.21 h1:81PiYus9l6fwwS4EwhJD+tQb3EPZBeWfgdAVTfFD25Q=

jailer.go

@@ -345,29 +345,28 @@ func jail(ctx context.Context, m *Machine, cfg *Config) error {
 	return nil
 }
 
-func linkFileToRootFS(cfg *JailerConfig, dst, src string) error {
-	if err := os.Link(src, dst); err != nil {
-		return err
-	}
-
-	return nil
-}
-
 // LinkFilesHandler creates a new link files handler that will link files to
 // the rootfs
-func LinkFilesHandler(rootfs, kernelImageFileName string) Handler {
+func LinkFilesHandler(kernelImageFileName string) Handler {
 	return Handler{
 		Name: LinkFilesToRootFSHandlerName,
 		Fn: func(ctx context.Context, m *Machine) error {
 			if m.Cfg.JailerCfg == nil {
 				return ErrMissingJailerConfig
 			}
 
+			// assemble the path to the jailed root folder on the host
+			rootfs := filepath.Join(
+				m.Cfg.JailerCfg.ChrootBaseDir,
+				filepath.Base(m.Cfg.JailerCfg.ExecFile),
+				m.Cfg.JailerCfg.ID,
+				rootfsFolderName,
+			)
+
 			// copy kernel image to root fs
-			if err := linkFileToRootFS(
-				m.Cfg.JailerCfg,
-				filepath.Join(rootfs, kernelImageFileName),
+			if err := os.Link(
 				m.Cfg.KernelImagePath,
+				filepath.Join(rootfs, kernelImageFileName),
 			); err != nil {
 				return err
 			}
@@ -376,10 +375,9 @@ func LinkFilesHandler(rootfs, kernelImageFileName string) Handler {
 			if m.Cfg.InitrdPath != "" {
 				initrdFilename := filepath.Base(m.Cfg.InitrdPath)
 				// copy initrd to root fs
-				if err := linkFileToRootFS(
-					m.Cfg.JailerCfg,
-					filepath.Join(rootfs, initrdFilename),
+				if err := os.Link(
 					m.Cfg.InitrdPath,
+					filepath.Join(rootfs, initrdFilename),
 				); err != nil {
 					return err
 				}
@@ -390,10 +388,9 @@ func LinkFilesHandler(rootfs, kernelImageFileName string) Handler {
 				hostPath := StringValue(drive.PathOnHost)
 				driveFileName := filepath.Base(hostPath)
 
-				if err := linkFileToRootFS(
-					m.Cfg.JailerCfg,
-					filepath.Join(rootfs, driveFileName),
+				if err := os.Link(
 					hostPath,
+					filepath.Join(rootfs, driveFileName),
 				); err != nil {
 					return err
 				}
@@ -412,10 +409,9 @@ func LinkFilesHandler(rootfs, kernelImageFileName string) Handler {
 				}
 
 				fileName := filepath.Base(*fifoPath)
-				if err := linkFileToRootFS(
-					m.Cfg.JailerCfg,
-					filepath.Join(rootfs, fileName),
+				if err := os.Link(
 					*fifoPath,
+					filepath.Join(rootfs, fileName),
 				); err != nil {
 					return err
 				}
@@ -441,9 +437,8 @@ type NaiveChrootStrategy struct {
 }
 
 // NewNaiveChrootStrategy returns a new NaivceChrootStrategy
-func NewNaiveChrootStrategy(rootfs, kernelImagePath string) NaiveChrootStrategy {
+func NewNaiveChrootStrategy(kernelImagePath string) NaiveChrootStrategy {
 	return NaiveChrootStrategy{
-		Rootfs:          rootfs,
 		KernelImagePath: kernelImagePath,
 	}
 }
@@ -460,7 +455,7 @@ func (s NaiveChrootStrategy) AdaptHandlers(handlers *Handlers) error {
 
 	handlers.FcInit = handlers.FcInit.AppendAfter(
 		CreateLogFilesHandlerName,
-		LinkFilesHandler(filepath.Join(s.Rootfs, rootfsFolderName), filepath.Base(s.KernelImagePath)),
+		LinkFilesHandler(filepath.Base(s.KernelImagePath)),
 	)
 
 	return nil

jailer_test.go

@@ -22,7 +22,7 @@ func TestJailerBuilder(t *testing.T) {
 				UID:            Int(123),
 				GID:            Int(100),
 				NumaNode:       Int(0),
-				ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
+				ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
 				ExecFile:       "/path/to/firecracker",
 			},
 			expectedArgs: []string{
@@ -53,7 +53,7 @@ func TestJailerBuilder(t *testing.T) {
 				UID:            Int(123),
 				GID:            Int(100),
 				NumaNode:       Int(0),
-				ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
+				ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
 				ExecFile:       "/path/to/firecracker",
 				JailerBinary:   "imprisoner",
 			},
@@ -86,7 +86,7 @@ func TestJailerBuilder(t *testing.T) {
 				UID:            Int(123),
 				GID:            Int(100),
 				NumaNode:       Int(1),
-				ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
+				ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
 				ExecFile:       "/path/to/firecracker",
 				ChrootBaseDir:  "/tmp",
 				JailerBinary:   "/path/to/the/jailer",
@@ -166,7 +166,7 @@ func TestJail(t *testing.T) {
 				UID:            Int(123),
 				GID:            Int(100),
 				NumaNode:       Int(0),
-				ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
+				ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
 				ExecFile:       "/path/to/firecracker",
 			},
 			expectedArgs: []string{
@@ -202,7 +202,7 @@ func TestJail(t *testing.T) {
 				UID:            Int(123),
 				GID:            Int(100),
 				NumaNode:       Int(0),
-				ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
+				ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
 				ExecFile:       "/path/to/firecracker",
 				JailerBinary:   "imprisoner",
 			},
@@ -240,7 +240,7 @@ func TestJail(t *testing.T) {
 				UID:            Int(123),
 				GID:            Int(100),
 				NumaNode:       Int(1),
-				ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
+				ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
 				ExecFile:       "/path/to/firecracker",
 				ChrootBaseDir:  "/tmp",
 				JailerBinary:   "/path/to/the/jailer",
@@ -283,7 +283,7 @@ func TestJail(t *testing.T) {
 				UID:            Int(123),
 				GID:            Int(100),
 				NumaNode:       Int(0),
-				ChrootStrategy: NewNaiveChrootStrategy("path", "kernel-image-path"),
+				ChrootStrategy: NewNaiveChrootStrategy("kernel-image-path"),
 				ExecFile:       "/path/to/firecracker",
 			},
 			expectedArgs: []string{

machine.go

@@ -487,6 +487,8 @@ func (m *Machine) startVMM(ctx context.Context) error {
 	m.logger.Printf("Called startVMM(), setting up a VMM on %s", m.Cfg.SocketPath)
 	startCmd := m.cmd.Start
 
+	m.logger.Debugf("Starting %v", m.cmd.Args)
+
 	var err error
 	if m.Cfg.NetNS != "" && m.Cfg.JailerCfg == nil {
 		// If the VM needs to be started in a netns but no jailer netns was configured,

machine_test.go

@@ -153,7 +153,6 @@ func TestJailerMicroVMExecution(t *testing.T) {
 	// short names and directory to prevent SUN_LEN error
 	id := "b"
 	jailerTestPath := tmpDir
-	jailerFullRootPath := filepath.Join(jailerTestPath, filepath.Base(getFirecrackerBinaryPath()), id)
 	os.MkdirAll(jailerTestPath, 0777)
 
 	socketPath := "TestJailerMicroVMExecution.socket"
@@ -207,7 +206,7 @@ func TestJailerMicroVMExecution(t *testing.T) {
 			ID:             id,
 			ChrootBaseDir:  jailerTestPath,
 			ExecFile:       getFirecrackerBinaryPath(),
-			ChrootStrategy: NewNaiveChrootStrategy(jailerFullRootPath, vmlinuxPath),
+			ChrootStrategy: NewNaiveChrootStrategy(vmlinuxPath),
 			Stdout:         logFd,
 			Stderr:         logFd,
 		},