github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-25 15:02:45 +00:00
Code Issues Projects Releases Wiki Activity

FC: jailer failed when importing new flag "--config-file"

Browse Source 
When we used jailer to launch firecracker, kata container failed due
to the following causes:
1. new flag `--config-file` belongs to the jailed firecracker,
so, adhering to the `end of command options` convention, we need to
give `--config-file` a prefix `--`.
2. The path of the config file(`fcConfig.json`) should be also
relative to the jailed firecracker.
3. Since we do the configuration before func `fcInit` now, we also need
to bring `jailer check` ahead.
4. The config file should be umounted and cleaned up.

Fixes: #2362

Signed-off-by: Penny Zheng <penny.zheng@arm.com>
This commit is contained in:
Penny Zheng 2019-12-18 09:02:18 +00:00
parent a198efcf1d
commit 09198eed84
1 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
virtcontainers/fc.go
View File

@ -303,6 +303,7 @@ func (fc *firecracker) newFireClient() *client.Firecracker {
func (fc *firecracker) vmRunning() bool { func (fc *firecracker) vmRunning() bool {
resp, err := fc.client().Operations.DescribeInstance(nil) resp, err := fc.client().Operations.DescribeInstance(nil)
if err != nil { if err != nil {
fc.Logger().WithError(err).Error("getting vm status failed")
return false return false
} }
@ -380,10 +381,6 @@ func (fc *firecracker) fcInit(timeout int) error {
span, _ := fc.trace("fcInit") span, _ := fc.trace("fcInit")
defer span.Finish() defer span.Finish()
if fc.config.JailerPath != "" {
fc.jailed = true
}
// Fetch sandbox network to be able to access it from the sandbox structure. // Fetch sandbox network to be able to access it from the sandbox structure.
var networkNS NetworkNamespace var networkNS NetworkNamespace
if fc.store != nil { if fc.store != nil {
@ -417,7 +414,11 @@ func (fc *firecracker) fcInit(timeout int) error {
} }
var cmd *exec.Cmd var cmd *exec.Cmd
args := []string{"--config-file", fc.fcConfigPath} var args []string
if fc.fcConfigPath, err = fc.fcJailResource(fc.fcConfigPath, defaultFcConfig); err != nil {
return err
}
if !fc.config.Debug && fc.stateful { if !fc.config.Debug && fc.stateful {
args = append(args, "--daemonize") args = append(args, "--daemonize")
@ -442,10 +443,13 @@ func (fc *firecracker) fcInit(timeout int) error {
if fc.netNSPath != "" { if fc.netNSPath != "" {
args = append(args, "--netns", fc.netNSPath) args = append(args, "--netns", fc.netNSPath)
} }
args = append(args, "--", "--config-file", fc.fcConfigPath)
cmd = exec.Command(fc.config.JailerPath, args...) cmd = exec.Command(fc.config.JailerPath, args...)
} else { } else {
args = append(args, "--api-sock", fc.socketPath) args = append(args,
"--api-sock", fc.socketPath,
"--config-file", fc.fcConfigPath)
cmd = exec.Command(fc.config.HypervisorPath, args...) cmd = exec.Command(fc.config.HypervisorPath, args...)
} }
@ -706,6 +710,10 @@ func (fc *firecracker) fcListenToFifo(fifoName string) (string, error) {
} }
func (fc *firecracker) fcInitConfiguration() error { func (fc *firecracker) fcInitConfiguration() error {
if fc.config.JailerPath != "" {
fc.jailed = true
}
fc.fcSetVMBaseConfig(int64(fc.config.MemorySize), fc.fcSetVMBaseConfig(int64(fc.config.MemorySize),
int64(fc.config.NumVCPUs), false) int64(fc.config.NumVCPUs), false)
@ -857,6 +865,7 @@ func (fc *firecracker) cleanupJail() {
fc.umountResource(fcRootfs) fc.umountResource(fcRootfs)
fc.umountResource(fcLogFifo) fc.umountResource(fcLogFifo)
fc.umountResource(fcMetricsFifo) fc.umountResource(fcMetricsFifo)
fc.umountResource(defaultFcConfig)
fc.Logger().WithField("cleaningJail", fc.vmPath).Info() fc.Logger().WithField("cleaningJail", fc.vmPath).Info()
if err := os.RemoveAll(fc.vmPath); err != nil { if err := os.RemoveAll(fc.vmPath); err != nil {