fix: pre-build VMM command before reporting container as started

goyalpalak18 · goyalpalak18 · commit 20cd951bd36f · 2026-01-26T23:18:29.000+05:30
Add BuildExecCmd() method to VMM interface to validate command
construction before sending StartSuccess message. This prevents
reporting a container as "Running" when the VMM command cannot
be built (e.g., due to invalid arguments or failed config writes).

The fix preserves the existing PID 1 execution model where the
reexec process uses syscall.Exec to become the VMM.
diff --git a/pkg/unikontainers/hypervisors/firecracker.go b/pkg/unikontainers/hypervisors/firecracker.go
@@ -97,7 +97,7 @@ func (fc *Firecracker) Path() string {
 	return fc.binaryPath
 }
 
-func (fc *Firecracker) Execve(args types.ExecArgs, ukernel types.Unikernel) error {
+func (fc *Firecracker) BuildExecCmd(args types.ExecArgs, ukernel types.Unikernel) ([]string, error) {
 	// FIXME: Note for getting unikernel specific options.
 	// Due to the way FC operates, we have not encountered any guest specific
 	// options yet. However, we need to revisit how we can use guest specific
@@ -189,12 +189,19 @@ func (fc *Firecracker) Execve(args types.ExecArgs, ukernel types.Unikernel) erro
 	}
 	FCConfigJSON, _ := json.Marshal(FCConfig)
 	if err := os.WriteFile(JSONConfigFile, FCConfigJSON, 0o644); err != nil { //nolint: gosec
-		return fmt.Errorf("failed to save Firecracker json config: %w", err)
+		return nil, fmt.Errorf("failed to save Firecracker json config: %w", err)
 	}
 	vmmLog.WithField("Json", string(FCConfigJSON)).Debug("Firecracker json config")
 
 	exArgs := strings.Split(cmdString, " ")
-	vmmLog.WithField("Firecracker command", exArgs).Debug("Ready to execve Firecracker")
+	return exArgs, nil
+}
 
+func (fc *Firecracker) Execve(args types.ExecArgs, ukernel types.Unikernel) error {
+	exArgs, err := fc.BuildExecCmd(args, ukernel)
+	if err != nil {
+		return err
+	}
+	vmmLog.WithField("Firecracker command", exArgs).Debug("Ready to execve Firecracker")
 	return syscall.Exec(fc.Path(), exArgs, args.Environment) //nolint: gosec
 }
diff --git a/pkg/unikontainers/hypervisors/hedge.go b/pkg/unikontainers/hypervisors/hedge.go
@@ -50,6 +50,10 @@ func (h *Hedge) Path() string {
 	return ""
 }
 
+func (h *Hedge) BuildExecCmd(_ types.ExecArgs, _ types.Unikernel) ([]string, error) {
+	return nil, fmt.Errorf("hedge not implemented yet")
+}
+
 func (h *Hedge) Execve(_ types.ExecArgs, _ types.Unikernel) error {
 	return fmt.Errorf("hedge not implemented yet")
 }
diff --git a/pkg/unikontainers/hypervisors/hvt.go b/pkg/unikontainers/hypervisors/hvt.go
@@ -148,7 +148,7 @@ func (h *HVT) Ok() error {
 	return nil
 }
 
-func (h *HVT) Execve(args types.ExecArgs, ukernel types.Unikernel) error {
+func (h *HVT) BuildExecCmd(args types.ExecArgs, ukernel types.Unikernel) ([]string, error) {
 	hvtMem := BytesToStringMB(args.MemSizeB)
 	cmdString := h.binaryPath + " --mem=" + hvtMem
 	if args.Net.TapDev != "" {
@@ -164,12 +164,20 @@ func (h *HVT) Execve(args types.ExecArgs, ukernel types.Unikernel) error {
 	cmdString = appendNonEmpty(cmdString, " ", extraMonArgs.OtherArgs)
 	cmdString += " " + args.UnikernelPath + " " + args.Command
 	cmdArgs := strings.Split(cmdString, " ")
+	return cmdArgs, nil
+}
+
+func (h *HVT) Execve(args types.ExecArgs, ukernel types.Unikernel) error {
+	cmdArgs, err := h.BuildExecCmd(args, ukernel)
+	if err != nil {
+		return err
+	}
 	if args.Seccomp {
 		err := applySeccompFilter()
 		if err != nil {
 			return err
 		}
 	}
-	vmmLog.WithField("hvt command", cmdString).Debug("Ready to execve hvt")
+	vmmLog.WithField("hvt command", cmdArgs).Debug("Ready to execve hvt")
 	return syscall.Exec(h.binaryPath, cmdArgs, args.Environment) //nolint: gosec
 }
diff --git a/pkg/unikontainers/hypervisors/qemu.go b/pkg/unikontainers/hypervisors/qemu.go
@@ -55,7 +55,7 @@ func (q *Qemu) Path() string {
 	return q.binaryPath
 }
 
-func (q *Qemu) Execve(args types.ExecArgs, ukernel types.Unikernel) error {
+func (q *Qemu) BuildExecCmd(args types.ExecArgs, ukernel types.Unikernel) ([]string, error) {
 	qemuMem := BytesToStringMB(args.MemSizeB)
 	cmdString := q.binaryPath + " -m " + qemuMem + "M"
 	cmdString += " -L /usr/share/qemu"   // Set the path for qemu bios/data
@@ -137,6 +137,14 @@ func (q *Qemu) Execve(args types.ExecArgs, ukernel types.Unikernel) error {
 
 	exArgs := strings.Split(cmdString, " ")
 	exArgs = append(exArgs, "-append", args.Command)
+	return exArgs, nil
+}
+
+func (q *Qemu) Execve(args types.ExecArgs, ukernel types.Unikernel) error {
+	exArgs, err := q.BuildExecCmd(args, ukernel)
+	if err != nil {
+		return err
+	}
 	vmmLog.WithField("qemu command", exArgs).Debug("Ready to execve qemu")
 	return syscall.Exec(q.Path(), exArgs, args.Environment) //nolint: gosec
 }
diff --git a/pkg/unikontainers/hypervisors/spt.go b/pkg/unikontainers/hypervisors/spt.go
@@ -60,7 +60,7 @@ func (s *SPT) Ok() error {
 	return nil
 }
 
-func (s *SPT) Execve(args types.ExecArgs, ukernel types.Unikernel) error {
+func (s *SPT) BuildExecCmd(args types.ExecArgs, ukernel types.Unikernel) ([]string, error) {
 	sptMem := BytesToStringMB(args.MemSizeB)
 	cmdString := s.binaryPath + " --mem=" + sptMem
 	if args.Net.TapDev != "" {
@@ -76,6 +76,14 @@ func (s *SPT) Execve(args types.ExecArgs, ukernel types.Unikernel) error {
 	cmdString = appendNonEmpty(cmdString, " ", extraMonArgs.OtherArgs)
 	cmdString += " " + args.UnikernelPath + " " + args.Command
 	cmdArgs := strings.Split(cmdString, " ")
-	vmmLog.WithField("spt command", cmdString).Debug("Ready to execve spt")
+	return cmdArgs, nil
+}
+
+func (s *SPT) Execve(args types.ExecArgs, ukernel types.Unikernel) error {
+	cmdArgs, err := s.BuildExecCmd(args, ukernel)
+	if err != nil {
+		return err
+	}
+	vmmLog.WithField("spt command", cmdArgs).Debug("Ready to execve spt")
 	return syscall.Exec(s.binaryPath, cmdArgs, args.Environment) //nolint: gosec
 }
diff --git a/pkg/unikontainers/types/types.go b/pkg/unikontainers/types/types.go
@@ -25,6 +25,10 @@ type Unikernel interface {
 }
 
 type VMM interface {
+	// BuildExecCmd builds and validates the VMM command arguments without executing.
+	// This is used to verify the command can be built before reporting container as started.
+	BuildExecCmd(args ExecArgs, ukernel Unikernel) ([]string, error)
+	// Execve replaces the current process with the VMM using syscall.Exec.
 	Execve(args ExecArgs, ukernel Unikernel) error
 	Stop(int) error
 	Path() string
diff --git a/pkg/unikontainers/unikontainers.go b/pkg/unikontainers/unikontainers.go
@@ -493,12 +493,18 @@ func (u *Unikontainer) Exec(metrics m.Writer) error {
 
 	uniklog.Debug("calling vmm execve")
 	metrics.Capture(m.TS18)
-	// metrics.Wait()
-	// TODO: We set the state to running and notify urunc Start that the monitor
-	// started, but we might encounter issues with the monitor execution. We need
-	// to revisit this and check if a failed monitor execution affects this approach.
-	// If it affects then we need to re-design the whole spawning of the monitor.
-	// Notify urunc start
+
+	// Pre-build the VMM command to verify it can be constructed successfully.
+	// This ensures we don't report the container as started if command building fails.
+	_, err = vmm.BuildExecCmd(vmmArgs, unikernel)
+	if err != nil {
+		uniklog.WithError(err).Error("failed to build VMM command")
+		return err
+	}
+
+	// Notify urunc start that the monitor is ready to execute.
+	// We send this after BuildExecCmd succeeds to avoid reporting a container
+	// as started when the VMM command cannot be built.
 	err = u.SendMessage(StartSuccess)
 	if err != nil {
 		return err

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,10 @@ func (h *Hedge) Path() string {`
`50`	`50`	`return ""`
`51`	`51`	`}`
`52`	`52`
	`53`	`+func (h *Hedge) BuildExecCmd(_ types.ExecArgs, _ types.Unikernel) ([]string, error) {`
	`54`	`+ return nil, fmt.Errorf("hedge not implemented yet")`
	`55`	`+}`
	`56`	`+`
`53`	`57`	`func (h *Hedge) Execve(_ types.ExecArgs, _ types.Unikernel) error {`
`54`	`58`	`return fmt.Errorf("hedge not implemented yet")`
`55`	`59`	`}`