Skip to content

Jailer tweaks #5071

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Mar 10, 2025
Merged

Jailer tweaks #5071

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b79a4b8
refactor(jailer): proper path creation
ShadowCurse Mar 6, 2025
8bbbf13
refactor(jailer): remove arch dependent ptr cast
ShadowCurse Mar 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 9 additions & 16 deletions src/jailer/src/env.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -463,12 +463,8 @@
.map_err(|err| JailerError::Chmod(folder_path.to_owned(), err))?;

let c_path = CString::new(folder_path.to_str().unwrap()).unwrap();
#[cfg(target_arch = "x86_64")]
let folder_bytes_ptr = c_path.as_ptr().cast::<i8>();
#[cfg(target_arch = "aarch64")]
let folder_bytes_ptr = c_path.as_ptr();
// SAFETY: This is safe because folder was checked for a null-terminator.
SyscallReturnCode(unsafe { libc::chown(folder_bytes_ptr, self.uid(), self.gid()) })
SyscallReturnCode(unsafe { libc::chown(c_path.as_ptr(), self.uid(), self.gid()) })
.into_empty_result()
.map_err(|err| JailerError::ChangeFileOwner(folder_path.to_owned(), err))
}
Expand All @@ -478,26 +474,23 @@
.exec_file_path
.file_name()
.ok_or_else(|| JailerError::ExtractFileName(self.exec_file_path.clone()))?;
// We do a quick push here to get the global path of the executable inside the chroot,
// without having to create a new PathBuf. We'll then do a pop to revert to the actual
// chroot_dir right after the copy.
// TODO: just now wondering ... is doing a push()/pop() thing better than just creating
// a new PathBuf, with something like chroot_dir.join(exec_file_name) ?!
self.chroot_dir.push(exec_file_name);
let jailer_exec_file_path = self.chroot_dir.join(exec_file_name);

// We do a copy instead of a hard-link for 2 reasons
// 1. hard-linking is not possible if the file is in another device
// 2. while hardlinking would save up disk space and also memory by sharing parts of the
// Firecracker binary (like the executable .text section), this latter part is not
// desirable in Firecracker's threat model. Copying prevents 2 Firecracker processes from
// sharing memory.
fs::copy(&self.exec_file_path, &self.chroot_dir).map_err(|err| {
JailerError::Copy(self.exec_file_path.clone(), self.chroot_dir.clone(), err)
fs::copy(&self.exec_file_path, &jailer_exec_file_path).map_err(|err| {
JailerError::Copy(
self.exec_file_path.clone(),
jailer_exec_file_path.clone(),
err,
)

Check warning on line 490 in src/jailer/src/env.rs

View check run for this annotation

Codecov / codecov/patch

src/jailer/src/env.rs#L486-L490 

Added lines #L486 - L490 were not covered by tests
})?;

// Pop exec_file_name.
self.chroot_dir.pop();
Ok(exec_file_name.to_os_string())
Ok(exec_file_name.to_owned())
}

fn join_netns(path: &str) -> Result<(), JailerError> {
Expand Down