From adcd2aeaea51608099eafbca4fc31da40bf572fd Mon Sep 17 00:00:00 2001 From: Anastassios Nanos Date: Wed, 4 Aug 2021 16:23:07 +0000 Subject: [PATCH] virtcontainers: fc: properly remove jailed block device When running a firecracker instance jailed, block devices are not removed correctly, as the jailerRoot path is not stripped from the PATCH command sent to the FC API. This patch differentiates the jailed case from the non-jailed one and allows the firecracker instance to be properly terminated. Fixes #2387 Signed-off-by: Anastassios Nanos (cherry picked from commit 64dd35ba4fe0476df185be13c513d4c04dc4b6eb) --- src/runtime/virtcontainers/fc.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/runtime/virtcontainers/fc.go b/src/runtime/virtcontainers/fc.go index 7dac0e78a0..4c90b46097 100644 --- a/src/runtime/virtcontainers/fc.go +++ b/src/runtime/virtcontainers/fc.go @@ -1057,7 +1057,12 @@ func (fc *firecracker) hotplugBlockDevice(ctx context.Context, drive config.Bloc fc.umountResource(driveID) // use previous raw file created at createDiskPool, that way // the resource is released by firecracker and it can be destroyed in the host - path = filepath.Join(fc.jailerRoot, driveID) + if fc.jailed { + // use path relative to the jail + path = filepath.Join("/", driveID) + } else { + path = filepath.Join(fc.jailerRoot, driveID) + } } return nil, fc.fcUpdateBlockDrive(ctx, path, driveID)