Use make's user to build firecracker and its jailer

Building firecracker doesn't need "--privileged" and files generated by
this "docker run" shouldn't be owned by root.

Signed-off-by: Kazuyoshi Kato <[email protected]>

Author: kzys

Makefile

@@ -21,6 +21,9 @@ FIRECRACKER_BIN=testdata/firecracker-master
 JAILER_BIN=testdata/jailer-master
 FIRECRACKER_TARGET?=x86_64-unknown-linux-musl
 
+UID = $(shell id -u)
+GID = $(shell id -g)
+
 # The below files are needed and can be downloaded from the internet
 testdata_objects = testdata/vmlinux testdata/root-drive.img testdata/firecracker
 
@@ -70,18 +73,18 @@ test-images: $(FIRECRACKER_BIN) $(JAILER_BIN)
 
 $(FIRECRACKER_BIN) $(JAILER_BIN): tools/firecracker-builder-stamp
 	docker run --rm -it \
-		--privileged \
+		--user $(UID):$(GID) \
 		--volume $(CURDIR)/testdata:/artifacts \
 		--volume $(CARGO_CACHE_VOLUME_NAME):/usr/local/cargo/registry \
 		-e HOME=/tmp \
 		--workdir=/firecracker \
 		localhost/$(FIRECRACKER_BUILDER_NAME):$(DOCKER_IMAGE_TAG) \
-		$(FIRECRACKER_TARGET)	
+		$(FIRECRACKER_TARGET)
 
 .PHONY: firecracker-clean
 firecracker-clean:
 	- docker run --rm -it \
-		--privileged \
+		--user $(UID):$(GID) \
 		--workdir /firecracker\
 		localhost/$(FIRECRACKER_BUILDER_NAME):$(DOCKER_IMAGE_TAG) \
 		cargo clean

tools/docker/entrypoint.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
 
-cargo build --release --target $@
-cp build/cargo_target/x86_64-unknown-linux-musl/release/firecracker /artifacts/firecracker-master
-cp build/cargo_target/x86_64-unknown-linux-musl/release/jailer /artifacts/jailer-master
+cargo build --release --target-dir=/artifacts --target $@
+cp /artifacts/x86_64-unknown-linux-musl/release/firecracker /artifacts/firecracker-master
+cp /artifacts/x86_64-unknown-linux-musl/release/jailer /artifacts/jailer-master