Fixes jailer to handle fifos correctly

This fix includes proper handling of fifos as before the SDK was not
adding the fifo files to the correct root path during jailing. We now
have a new handler, CreateLogFilesHandler, that will now create the
fifos in the appropriate location and ensure that the fifos have correct
permissions.

Signed-off-by: xibz <[email protected]>

Author: jeromegn

handlers.go

@@ -22,6 +22,7 @@ import (
 const (
 	StartVMMHandlerName                = "fcinit.StartVMM"
 	BootstrapLoggingHandlerName        = "fcinit.BootstrapLogging"
+	CreateLogFilesHandlerName          = "fcinit.CreateLogFilesHandler"
 	CreateMachineHandlerName           = "fcinit.CreateMachine"
 	CreateBootSourceHandlerName        = "fcinit.CreateBootSource"
 	AttachDrivesHandlerName            = "fcinit.AttachDrives"
@@ -107,6 +108,24 @@ var StartVMMHandler = Handler{
 	},
 }
 
+// CreateLogFilesHandler is a named handler that will create the fifo log files
+var CreateLogFilesHandler = Handler{
+	Name: CreateLogFilesHandlerName,
+	Fn: func(ctx context.Context, m *Machine) error {
+		logFifoPath := m.cfg.LogFifo
+		metricsFifoPath := m.cfg.MetricsFifo
+
+		if err := createFifos(logFifoPath, metricsFifoPath); err != nil {
+			m.logger.Errorf("Unable to set up logging: %s", err)
+			return err
+		}
+
+		m.logger.Debug("Created metrics and logging fifos.")
+
+		return nil
+	},
+}
+
 // BootstrapLoggingHandler is a named handler that will set up fifo logging of
 // firecracker process.
 var BootstrapLoggingHandler = Handler{
@@ -180,6 +199,7 @@ func NewSetMetadataHandler(metadata interface{}) Handler {
 
 var defaultFcInitHandlerList = HandlerList{}.Append(
 	StartVMMHandler,
+	CreateLogFilesHandler,
 	BootstrapLoggingHandler,
 	CreateMachineHandler,
 	CreateBootSourceHandler,

jailer.go

@@ -375,6 +375,24 @@ func LinkFilesHandler(rootfs, kernelImageFileName string) Handler {
 			}
 
 			m.cfg.KernelImagePath = kernelImageFileName
+
+			for _, fifoPath := range []string{m.cfg.LogFifo, m.cfg.MetricsFifo} {
+				if fifoPath == "" {
+					continue
+				}
+				fileName := filepath.Base(fifoPath)
+				if err := linkFileToRootFS(
+					m.cfg.JailerCfg,
+					filepath.Join(rootfs, fileName),
+					fifoPath,
+				); err != nil {
+					return err
+				}
+				if err := os.Chown(filepath.Join(rootfs, fileName), *m.cfg.JailerCfg.UID, *m.cfg.JailerCfg.GID); err != nil {
+					return err
+				}
+			}
+
 			return nil
 		},
 	}
@@ -406,7 +424,7 @@ func (s NaiveChrootStrategy) AdaptHandlers(handlers *Handlers) error {
 	}
 
 	handlers.FcInit = handlers.FcInit.AppendAfter(
-		CreateMachineHandlerName,
+		CreateLogFilesHandlerName,
 		LinkFilesHandler(filepath.Join(s.Rootfs, rootfsFolderName), filepath.Base(s.KernelImagePath)),
 	)
 

machine.go

@@ -152,6 +152,14 @@ func (m *Machine) Logger() *log.Entry {
 	return m.logger.WithField("subsystem", userAgent)
 }
 
+// PID returns the machine's process ID
+func (m *Machine) PID() (int, error) {
+	if m.cmd == nil || m.cmd.Process == nil {
+		return 0, errors.New("firecracker process is not running")
+	}
+	return m.cmd.Process.Pid, nil
+}
+
 // NetworkInterface represents a Firecracker microVM's network interface.
 type NetworkInterface struct {
 	// MacAddress defines the MAC address that should be assigned to the network
@@ -417,13 +425,6 @@ func (m *Machine) setupLogging(ctx context.Context) error {
 		return nil
 	}
 
-	if err := createFifos(m.cfg.LogFifo, m.cfg.MetricsFifo); err != nil {
-		m.logger.Errorf("Unable to set up logging: %s", err)
-		return err
-	}
-
-	m.logger.Debug("Created metrics and logging fifos.")
-
 	l := models.Logger{
 		LogFifo:       String(m.cfg.LogFifo),
 		Level:         String(m.cfg.LogLevel),