github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-29 16:57:18 +00:00
Code Issues Projects Releases Wiki Activity

Firecracker: Enable jailer by default

Browse Source 
Add jailer support to configuration files.
Also enable jailer by default in Kata containers.

Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
This commit is contained in:
Manohar Castelino 2019-06-21 13:12:48 -07:00
parent 78ea50c36c
commit 4fed346d53
4 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile
View File

@ -116,6 +116,7 @@ CONFIG_FILE = configuration.toml
HYPERVISOR_ACRN = acrn HYPERVISOR_ACRN = acrn
HYPERVISOR_FC = firecracker HYPERVISOR_FC = firecracker
JAILER_FC = jailer
HYPERVISOR_NEMU = nemu HYPERVISOR_NEMU = nemu
HYPERVISOR_QEMU = qemu HYPERVISOR_QEMU = qemu
@ -130,6 +131,7 @@ QEMUPATH := $(QEMUBINDIR)/$(QEMUCMD)
NEMUPATH := $(NEMUBINDIR)/$(NEMUCMD) NEMUPATH := $(NEMUBINDIR)/$(NEMUCMD)
FCPATH = $(FCBINDIR)/$(FCCMD) FCPATH = $(FCBINDIR)/$(FCCMD)
FCJAILERPATH = $(FCBINDIR)/$(FCJAILERCMD)
ACRNPATH := $(ACRNBINDIR)/$(ACRNCMD) ACRNPATH := $(ACRNBINDIR)/$(ACRNCMD)
ACRNCTLPATH := $(ACRNBINDIR)/$(ACRNCTLCMD) ACRNCTLPATH := $(ACRNBINDIR)/$(ACRNCTLCMD)
@ -355,6 +357,7 @@ USER_VARS += ACRNPATH
USER_VARS += ACRNCTLPATH USER_VARS += ACRNCTLPATH
USER_VARS += FCCMD USER_VARS += FCCMD
USER_VARS += FCPATH USER_VARS += FCPATH
USER_VARS += FCJAILERPATH
USER_VARS += NEMUCMD USER_VARS += NEMUCMD
USER_VARS += NEMUPATH USER_VARS += NEMUPATH
USER_VARS += SYSCONFIG USER_VARS += SYSCONFIG
@ -516,6 +519,7 @@ $(GENERATED_FILES): %: %.in $(MAKEFILE_LIST) VERSION .git-commit
-e "s|@CONFIG_FC_IN@|$(CONFIG_FC_IN)|g" \ -e "s|@CONFIG_FC_IN@|$(CONFIG_FC_IN)|g" \
-e "s|@CONFIG_PATH@|$(CONFIG_PATH)|g" \ -e "s|@CONFIG_PATH@|$(CONFIG_PATH)|g" \
-e "s|@FCPATH@|$(FCPATH)|g" \ -e "s|@FCPATH@|$(FCPATH)|g" \
-e "s|@FCJAILERPATH@|$(FCJAILERPATH)|g" \
-e "s|@NEMUPATH@|$(NEMUPATH)|g" \ -e "s|@NEMUPATH@|$(NEMUPATH)|g" \
-e "s|@ACRNPATH@|$(ACRNPATH)|g" \ -e "s|@ACRNPATH@|$(ACRNPATH)|g" \
-e "s|@ACRNCTLPATH@|$(ACRNCTLPATH)|g" \ -e "s|@ACRNCTLPATH@|$(ACRNCTLPATH)|g" \

2
arch/amd64-options.mk
View File

@ -13,6 +13,8 @@ QEMUCMD := qemu-system-x86_64
# Firecracker binary name # Firecracker binary name
FCCMD := firecracker FCCMD := firecracker
# Firecracker's jailer binary name
FCJAILERCMD := jailer
# NEMU binary name # NEMU binary name
NEMUCMD := nemu-system-x86_64 NEMUCMD := nemu-system-x86_64

5
cli/config/configuration-fc.toml.in
View File

@ -12,6 +12,11 @@
[hypervisor.firecracker] [hypervisor.firecracker]
path = "@FCPATH@" path = "@FCPATH@"
# Path for the jailer specific to firecracker
# If the jailer path is not set kata will launch firecracker
# without a jail. If the jailer is set firecracker will be
# launched in a jailed enviornment created by the jailer
jailer_path = "@FCJAILERPATH@"
kernel = "@KERNELPATH_FC@" kernel = "@KERNELPATH_FC@"
image = "@IMAGEPATH@" image = "@IMAGEPATH@"

13
pkg/katautils/config_test.go
View File

@ -514,6 +514,8 @@ func TestMinimalRuntimeConfig(t *testing.T) {
proxyPath := path.Join(dir, "proxy") proxyPath := path.Join(dir, "proxy")
hypervisorPath := path.Join(dir, "hypervisor") hypervisorPath := path.Join(dir, "hypervisor")
defaultHypervisorPath = hypervisorPath defaultHypervisorPath = hypervisorPath
jailerPath := path.Join(dir, "jailer")
defaultJailerPath = jailerPath
netmonPath := path.Join(dir, "netmon") netmonPath := path.Join(dir, "netmon")
imagePath := path.Join(dir, "image.img") imagePath := path.Join(dir, "image.img")
@ -524,12 +526,14 @@ func TestMinimalRuntimeConfig(t *testing.T) {
savedDefaultImagePath := defaultImagePath savedDefaultImagePath := defaultImagePath
savedDefaultInitrdPath := defaultInitrdPath savedDefaultInitrdPath := defaultInitrdPath
savedDefaultHypervisorPath := defaultHypervisorPath savedDefaultHypervisorPath := defaultHypervisorPath
savedDefaultJailerPath := defaultJailerPath
savedDefaultKernelPath := defaultKernelPath savedDefaultKernelPath := defaultKernelPath
defer func() { defer func() {
defaultImagePath = savedDefaultImagePath defaultImagePath = savedDefaultImagePath
defaultInitrdPath = savedDefaultInitrdPath defaultInitrdPath = savedDefaultInitrdPath
defaultHypervisorPath = savedDefaultHypervisorPath defaultHypervisorPath = savedDefaultHypervisorPath
defaultJailerPath = savedDefaultJailerPath
defaultKernelPath = savedDefaultKernelPath defaultKernelPath = savedDefaultKernelPath
}() }()
@ -538,9 +542,10 @@ func TestMinimalRuntimeConfig(t *testing.T) {
defaultImagePath = imagePath defaultImagePath = imagePath
defaultInitrdPath = initrdPath defaultInitrdPath = initrdPath
defaultHypervisorPath = hypervisorPath defaultHypervisorPath = hypervisorPath
defaultJailerPath = jailerPath
defaultKernelPath = kernelPath defaultKernelPath = kernelPath
for _, file := range []string{defaultImagePath, defaultInitrdPath, defaultHypervisorPath, defaultKernelPath} { for _, file := range []string{defaultImagePath, defaultInitrdPath, defaultHypervisorPath, defaultJailerPath, defaultKernelPath} {
err = WriteFile(file, "foo", testFileMode) err = WriteFile(file, "foo", testFileMode)
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
@ -588,6 +593,11 @@ func TestMinimalRuntimeConfig(t *testing.T) {
t.Error(err) t.Error(err)
} }
err = createEmptyFile(jailerPath)
if err != nil {
t.Error(err)
}
err = createEmptyFile(netmonPath) err = createEmptyFile(netmonPath)
if err != nil { if err != nil {
t.Error(err) t.Error(err)
@ -600,6 +610,7 @@ func TestMinimalRuntimeConfig(t *testing.T) {
expectedHypervisorConfig := vc.HypervisorConfig{ expectedHypervisorConfig := vc.HypervisorConfig{
HypervisorPath: defaultHypervisorPath, HypervisorPath: defaultHypervisorPath,
JailerPath: defaultJailerPath,
KernelPath: defaultKernelPath, KernelPath: defaultKernelPath,
ImagePath: defaultImagePath, ImagePath: defaultImagePath,
InitrdPath: defaultInitrdPath, InitrdPath: defaultInitrdPath,