Adds configurable runc config path

This change allows for a configurable runc config path, RuncConfigPath.
The default value RuncConfigPath is /etc/containerd/firecracker-runc-config.json

Signed-off-by: xibz <[email protected]>

Author: xibz

config/config.go

@@ -25,14 +25,17 @@ import (
 )
 
 const (
-	configPathEnvName  = "FIRECRACKER_CONTAINERD_RUNTIME_CONFIG_PATH"
+	// ConfigPathEnvName is the name of the environment variable used to
+	// overwrite the default runtime config path
+	ConfigPathEnvName  = "FIRECRACKER_CONTAINERD_RUNTIME_CONFIG_PATH"
 	defaultConfigPath  = "/etc/containerd/firecracker-runtime.json"
 	defaultKernelArgs  = "console=ttyS0 noapic reboot=k panic=1 pci=off nomodules rw"
 	defaultFilesPath   = "/var/lib/firecracker-containerd/runtime/"
 	defaultKernelPath  = defaultFilesPath + "default-vmlinux.bin"
 	defaultRootfsPath  = defaultFilesPath + "default-rootfs.img"
 	defaultCPUTemplate = models.CPUTemplateT2
 	defaultShimBaseDir = "/var/lib/firecracker-containerd/shim-base"
+	runcConfigPath     = "/etc/containerd/firecracker-runc-config.json"
 )
 
 // Config represents runtime configuration parameters
@@ -60,12 +63,13 @@ type Config struct {
 // TODO: Add netns field
 type JailerConfig struct {
 	RuncBinaryPath string `json:"runc_binary_path"`
+	RuncConfigPath string `json:"runc_config_path"`
 }
 
 // LoadConfig loads configuration from JSON file at 'path'
 func LoadConfig(path string) (*Config, error) {
 	if path == "" {
-		path = os.Getenv(configPathEnvName)
+		path = os.Getenv(ConfigPathEnvName)
 	}
 
 	if path == "" {
@@ -83,6 +87,9 @@ func LoadConfig(path string) (*Config, error) {
 		RootDrive:       defaultRootfsPath,
 		CPUTemplate:     string(defaultCPUTemplate),
 		ShimBaseDir:     defaultShimBaseDir,
+		JailerConfig: JailerConfig{
+			RuncConfigPath: runcConfigPath,
+		},
 	}
 
 	if err := json.Unmarshal(data, cfg); err != nil {

runtime/jailer.go

@@ -34,10 +34,6 @@ const (
 	rootfsFolder          = "rootfs"
 )
 
-var (
-	runcConfigPath = "/etc/containerd/firecracker-runc-config.json"
-)
-
 // jailer will allow modification and provide options to the the Firecracker VM
 // to allow for jailing. In addition, this will allow for given files to be exposed
 // to the jailed filesystem.
@@ -99,12 +95,13 @@ func newJailer(
 
 	l := logger.WithField("jailer", "runc")
 	config := runcJailerConfig{
-		OCIBundlePath: ociBundlePath,
-		RuncBinPath:   service.config.JailerConfig.RuncBinaryPath,
-		UID:           request.JailerConfig.UID,
-		GID:           request.JailerConfig.GID,
-		CPUs:          request.JailerConfig.CPUs,
-		Mems:          request.JailerConfig.Mems,
+		OCIBundlePath:  ociBundlePath,
+		RuncBinPath:    service.config.JailerConfig.RuncBinaryPath,
+		RuncConfigPath: service.config.JailerConfig.RuncConfigPath,
+		UID:            request.JailerConfig.UID,
+		GID:            request.JailerConfig.GID,
+		CPUs:           request.JailerConfig.CPUs,
+		Mems:           request.JailerConfig.Mems,
 	}
 	return newRuncJailer(ctx, l, service.vmID, config)
 }

runtime/runc_jailer.go

@@ -53,12 +53,13 @@ type runcJailer struct {
 const firecrackerFileName = "firecracker"
 
 type runcJailerConfig struct {
-	OCIBundlePath string
-	RuncBinPath   string
-	UID           uint32
-	GID           uint32
-	CPUs          string
-	Mems          string
+	OCIBundlePath  string
+	RuncBinPath    string
+	RuncConfigPath string
+	UID            uint32
+	GID            uint32
+	CPUs           string
+	Mems           string
 }
 
 func newRuncJailer(ctx context.Context, logger *logrus.Entry, vmID string, cfg runcJailerConfig) (*runcJailer, error) {
@@ -75,13 +76,13 @@ func newRuncJailer(ctx context.Context, logger *logrus.Entry, vmID string, cfg r
 
 	spec := specs.Spec{}
 	var configBytes []byte
-	configBytes, err := ioutil.ReadFile(runcConfigPath)
+	configBytes, err := ioutil.ReadFile(cfg.RuncConfigPath)
 	if err != nil {
-		return nil, errors.Wrapf(err, "failed to read %s", runcConfigPath)
+		return nil, errors.Wrapf(err, "failed to read %s", cfg.RuncConfigPath)
 	}
 
 	if err = json.Unmarshal(configBytes, &spec); err != nil {
-		return nil, errors.Wrapf(err, "failed to unmarshal %s", runcConfigPath)
+		return nil, errors.Wrapf(err, "failed to unmarshal %s", cfg.RuncConfigPath)
 	}
 
 	j.configSpec = spec
@@ -160,8 +161,8 @@ func (j *runcJailer) BuildJailedRootHandler(cfg *config.Config, machineConfig *f
 
 			rootPathToConfig := filepath.Join(ociBundlePath, "config.json")
 			j.logger.WithField("rootPathToConfig", rootPathToConfig).Debug("Copying config")
-			if err := copyFile(runcConfigPath, rootPathToConfig, 0400); err != nil {
-				return errors.Wrapf(err, "failed to copy config from %v to %v", runcConfigPath, rootPathToConfig)
+			if err := copyFile(j.Config.RuncConfigPath, rootPathToConfig, 0400); err != nil {
+				return errors.Wrapf(err, "failed to copy config from %v to %v", j.Config.RuncConfigPath, rootPathToConfig)
 			}
 
 			j.logger.Debug("Overwritting process args of config")

runtime/runc_jailer_test.go

@@ -33,7 +33,6 @@ import (
 
 func TestBuildJailedRootHandler_Isolated(t *testing.T) {
 	internal.RequiresIsolation(t)
-	runcConfigPath = "./firecracker-runc-config.json.example"
 	dir, err := ioutil.TempDir("", "TestBuildJailedRootHandler")
 	require.NoError(t, err, "failed to create temporary directory")
 
@@ -55,10 +54,11 @@ func TestBuildJailedRootHandler_Isolated(t *testing.T) {
 
 	l := logrus.NewEntry(logrus.New())
 	runcConfig := runcJailerConfig{
-		OCIBundlePath: dir,
-		RuncBinPath:   "bin-path",
-		UID:           123,
-		GID:           456,
+		OCIBundlePath:  dir,
+		RuncBinPath:    "bin-path",
+		RuncConfigPath: "./firecracker-runc-config.json.example",
+		UID:            123,
+		GID:            456,
 	}
 	vmID := "foo"
 	jailer, err := newRuncJailer(context.Background(), l, vmID, runcConfig)