@@ -4,8 +4,11 @@ import (
44 "context"
55 "fmt"
66 "os"
7+ "path/filepath"
78 "time"
89
10+ log "github.com/sirupsen/logrus"
11+
912 "github.com/firecracker-microvm/firecracker-go-sdk"
1013 models "github.com/firecracker-microvm/firecracker-go-sdk/client/models"
1114)
@@ -20,13 +23,6 @@ func ExampleWithProcessRunner_logging() {
2023 MachineCfg : models.MachineConfiguration {
2124 VcpuCount : firecracker .Int64 (1 ),
2225 },
23- JailerCfg : firecracker.JailerConfig {
24- GID : firecracker .Int (100 ),
25- UID : firecracker .Int (100 ),
26- ID : "my-micro-vm" ,
27- NumaNode : firecracker .Int (0 ),
28- ExecFile : "/path/to/firecracker" ,
29- },
3026 }
3127
3228 // stdout will be directed to this file
@@ -221,52 +217,72 @@ func ExampleNetworkInterface_rateLimiting() {
221217 }
222218}
223219
224- func ExampleJailerCommandBuilder () {
220+ func ExampleJailerConfig_enablingJailer () {
225221 ctx := context .Background ()
226- // Creates a jailer command using the JailerCommandBuilder.
227- b := firecracker .NewJailerCommandBuilder ().
228- WithID ("my-test-id" ).
229- WithUID (123 ).
230- WithGID (100 ).
231- WithNumaNode (0 ).
232- WithExecFile ("/usr/local/bin/firecracker" ).
233- WithChrootBaseDir ("/tmp" ).
234- WithStdout (os .Stdout ).
235- WithStderr (os .Stderr )
236-
237- const socketPath = "/tmp/firecracker/my-test-id/api.socket"
222+ vmmCtx , vmmCancel := context .WithCancel (ctx )
223+ defer vmmCancel ()
238224
239- cfg := firecracker.Config {
240- SocketPath : socketPath ,
241- KernelImagePath : "./vmlinux" ,
242- Drives : []models.Drive {
243- models.Drive {
244- DriveID : firecracker .String ("1" ),
245- IsRootDevice : firecracker .Bool (true ),
246- IsReadOnly : firecracker .Bool (false ),
247- PathOnHost : firecracker .String ("/path/to/root/drive" ),
248- },
249- },
225+ const id = "my-jailer-test"
226+ const path = "/path/to/jailer-workspace"
227+ pathToWorkspace := filepath .Join (path , "firecracker" , id )
228+ const kernelImagePath = "/path/to/kernel-image"
229+
230+ uid := 123
231+ gid := 100
232+
233+ fcCfg := firecracker.Config {
234+ SocketPath : "api.socket" ,
235+ KernelImagePath : kernelImagePath ,
236+ KernelArgs : "console=ttyS0 reboot=k panic=1 pci=off" ,
237+ Drives : firecracker .NewDrivesBuilder ("/path/to/rootfs" ).Build (),
238+ LogLevel : "Debug" ,
250239 MachineCfg : models.MachineConfiguration {
251- VcpuCount : firecracker .Int64 (1 ),
240+ VcpuCount : firecracker .Int64 (1 ),
241+ HtEnabled : firecracker .Bool (false ),
242+ MemSizeMib : firecracker .Int64 (256 ),
243+ },
244+ EnableJailer : true ,
245+ JailerCfg : firecracker.JailerConfig {
246+ UID : & uid ,
247+ GID : & gid ,
248+ ID : id ,
249+ NumaNode : firecracker .Int (0 ),
250+ ChrootBaseDir : path ,
251+ ChrootStrategy : firecracker .NewNaiveChrootStrategy (pathToWorkspace , kernelImagePath ),
252+ ExecFile : "/path/to/firecracker-binary" ,
252253 },
253- DisableValidation : true ,
254254 }
255255
256- // Passes the custom jailer command into the constructor
257- m , err := firecracker . NewMachine ( ctx , cfg , firecracker . WithProcessRunner ( b . Build ( ctx )) )
256+ // Check if kernel image is readable
257+ f , err := os . Open ( fcCfg . KernelImagePath )
258258 if err != nil {
259- panic (fmt .Errorf ("failed to create new machine: %v" , err ))
259+ panic (fmt .Errorf ("Failed to open kernel image: %v" , err ))
260+ }
261+ f .Close ()
262+
263+ // Check each drive is readable and writable
264+ for _ , drive := range fcCfg .Drives {
265+ drivePath := firecracker .StringValue (drive .PathOnHost )
266+ f , err := os .OpenFile (drivePath , os .O_RDWR , 0666 )
267+ if err != nil {
268+ panic (fmt .Errorf ("Failed to open drive with read/write permissions: %v" , err ))
269+ }
270+ f .Close ()
260271 }
261272
262- // This does not copy any of the files over to the rootfs since a process
263- // runner was specified. This examples assumes that the files have been
264- // properly mounted.
265- if err := m .Start (ctx ); err != nil {
273+ logger := log .New ()
274+ m , err := firecracker .NewMachine (vmmCtx , fcCfg , firecracker .WithLogger (log .NewEntry (logger )))
275+ if err != nil {
266276 panic (err )
267277 }
268278
269- tCtx , cancelFn := context .WithTimeout (ctx , time .Minute )
270- defer cancelFn ()
271- m .Wait (tCtx )
279+ if err := m .Start (vmmCtx ); err != nil {
280+ panic (err )
281+ }
282+ defer m .StopVMM ()
283+
284+ // wait for the VMM to exit
285+ if err := m .Wait (vmmCtx ); err != nil {
286+ panic (err )
287+ }
272288}
0 commit comments