Updating jailer to be compatible with v0.16.0 #86
Conversation
|
Test will fail until |
Let me know if you need help with this. |
CHANGELOG.md
Outdated
| @@ -1,6 +1,7 @@ | |||
| # [ Unreleased ] | |||
|
|
|||
| * Fixes bug where default socketpath would always be used when not using jailer (#84) | |||
| * Updates jailer's socket path to point to the root drive. | |||
There was a problem hiding this comment.
This does not make sense. Socket path should not point to a root drive.
There was a problem hiding this comment.
I'll reword to Updates the jailer's socket path to point to the unix socket in the jailer's workspace
jailer.go
Outdated
| @@ -318,6 +318,9 @@ func jail(ctx context.Context, m *Machine, cfg *Config) error { | |||
| WithSeccompLevel(cfg.JailerCfg.SeccompLevel). | |||
| WithStdout(stdout). | |||
| WithStderr(stderr). | |||
| WithStdout(os.Stdout). | |||
There was a problem hiding this comment.
Shouldn't this replace the WithStdout call on line 319?
There was a problem hiding this comment.
Ah this was a rebase issue. I'll go ahead and fix that.
jailer.go
Outdated
| @@ -318,6 +318,9 @@ func jail(ctx context.Context, m *Machine, cfg *Config) error { | |||
| WithSeccompLevel(cfg.JailerCfg.SeccompLevel). | |||
| WithStdout(stdout). | |||
| WithStderr(stderr). | |||
| WithStdout(os.Stdout). | |||
| WithStderr(os.Stderr). | |||
There was a problem hiding this comment.
We're already calling WithStderr on line 320.
There was a problem hiding this comment.
Can we add support for Stdin while we're at it? I mean, for setting Stdin from the JailerCfg
jailer.go
Outdated
| @@ -290,9 +290,9 @@ func (b JailerCommandBuilder) Build(ctx context.Context) *exec.Cmd { | |||
| func jail(ctx context.Context, m *Machine, cfg *Config) error { | |||
| rootfs := "" | |||
| if len(cfg.JailerCfg.ChrootBaseDir) > 0 { | |||
| rootfs = filepath.Join(cfg.JailerCfg.ChrootBaseDir, "firecracker", cfg.JailerCfg.ID) | |||
| rootfs = filepath.Join(cfg.JailerCfg.ChrootBaseDir, "firecracker", cfg.JailerCfg.ID, rootfsFolderName) | |||
There was a problem hiding this comment.
It's only tangentially related to the change you're making here, but I think rootfsFolderName is the wrong name for this variable. It implies that the contents of this directory make up a root filesystem, but that's not the case. It's where we link the kernel and root drive image, but that's not the same thing a rootfs.
Feel free to change this here if you want, otherwise we should do this in a later PR.
There was a problem hiding this comment.
I'll go ahead and change it. Maybe jailerWorkspacePath?
There was a problem hiding this comment.
How about jailerWorkspaceDir?
There was a problem hiding this comment.
This confused me a lot when I was trying to figure out how things worked. I passed in the wrong path entirely to the NaiveChrootStrategy
xibz
force-pushed
the
jailer_update
branch
3 times, most recently
from
d5c4bb9 to
edaca58
Compare
|
The tests are not passing because logging is setup before the linking handler. The logging handler also attempts to The |
|
I've addressed some of my concerns in #96 |
xibz
force-pushed
the
jailer_update
branch
11 times, most recently
from
8c0afd7 to
8270bd8
Compare
xibz
force-pushed
the
jailer_update
branch
2 times, most recently
from
524cd1b to
e4e9d14
Compare
Signed-off-by: xibz <impactbchang@gmail.com>
Fixes #92
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.