fix(pr): address review feedback

Signed-off-by: Ayush <ayushsrisks@gmail.com>

Author: AyushSriv06

docs/hypervisor-support.md

@@ -157,14 +157,15 @@ Cloud Hypervisor can be installed by downloading a pre-built binary from the
 ARCH="$(uname -m)"
 VERSION="v43.0"
 release_url="https://github.com/cloud-hypervisor/cloud-hypervisor/releases"
-curl -L ${release_url}/download/${VERSION}/cloud-hypervisor-static-${ARCH} -o cloud-hypervisor
+if [ "$ARCH" = "x86_64" ]; then
+  curl -L ${release_url}/download/${VERSION}/cloud-hypervisor-static -o cloud-hypervisor
+else
+  curl -L ${release_url}/download/${VERSION}/cloud-hypervisor-static-${ARCH} -o cloud-hypervisor
+fi
 chmod +x cloud-hypervisor
 sudo mv cloud-hypervisor /usr/local/bin/
 ```
 
-It is important to note that `urunc` expects to find the `cloud-hypervisor`
-binary located in the `$PATH` and named `cloud-hypervisor`.
-
 #### Cloud Hypervisor and `urunc`
 
 In the case of [Cloud Hypervisor](https://www.cloudhypervisor.org/), `urunc`
@@ -176,13 +177,12 @@ filesystems between the host and guest.
 
 Supported unikernel frameworks with `urunc`:
 
-- [Unikraft](../unikernel-support#unikraft)
 - [Linux](../unikernel-support#linux)
 
 An example unikernel:
 
 ```bash
-sudo nerdctl run --rm -ti --runtime io.containerd.urunc.v2 harbor.nbfc.io/nubificus/urunc/nginx-cloud-hypervisor-unikraft-initrd:latest
+sudo nerdctl run --rm -ti --runtime io.containerd.urunc.v2 harbor.nbfc.io/nubificus/urunc/nginx-cloud-hypervisor-linux-raw:latest
 ```
 
 ### Solo5-hvt

pkg/unikontainers/hypervisors/cloud_hypervisor.go

@@ -48,7 +48,7 @@ func (ch *CloudHypervisor) UsesKVM() bool {
 // SupportsSharedfs returns true as Cloud Hypervisor supports virtiofs
 func (ch *CloudHypervisor) SupportsSharedfs(fsType string) bool {
 	switch fsType {
-	case "virtio", "virtiofs":
+	case "virtio":
 		return true
 	default:
 		return false
@@ -66,7 +66,11 @@ func (ch *CloudHypervisor) Execve(args types.ExecArgs, ukernel types.Unikernel)
 	exArgs := []string{ch.binaryPath}
 
 	// Memory configuration
-	exArgs = append(exArgs, "--memory", fmt.Sprintf("size=%sM,shared=on", chMem))
+	if args.Sharedfs.Type == "virtio" {
+		exArgs = append(exArgs, "--memory", fmt.Sprintf("size=%sM,shared=on", chMem))
+	} else {
+		exArgs = append(exArgs, "--memory", fmt.Sprintf("size=%sM", chMem))
+	}
 
 	// CPU configuration
 	if args.VCPUs > 0 {
@@ -118,12 +122,12 @@ func (ch *CloudHypervisor) Execve(args types.ExecArgs, ukernel types.Unikernel)
 
 	// Check for extra initrd from unikernel monitor args
 	extraMonArgs := ukernel.MonitorCli()
-	if extraMonArgs.ExtraInitrd != "" && args.InitrdPath == "" {
+	if extraMonArgs.ExtraInitrd != "" {
 		exArgs = append(exArgs, "--initramfs", extraMonArgs.ExtraInitrd)
 	}
 
 	switch args.Sharedfs.Type {
-	case "virtiofs":
+	case "virtio":
 		exArgs = append(exArgs, "--fs", "tag=fs0,socket=/tmp/vhostqemu")
 	default:
 		// No shared filesystem

pkg/unikontainers/ipc.go

@@ -165,7 +165,7 @@ func AwaitMessage(listener *net.UnixListener, expectedMessage IPCMessage) error
 	}
 	msg := string(buf[0:n])
 	if msg != string(expectedMessage) {
-		return fmt.Errorf("received unexpected message: %s (expected %s)", msg, expectedMessage)
+		return fmt.Errorf("received unexpected message: %s", msg)
 	}
 	return nil
 }

pkg/unikontainers/mount.go

@@ -64,7 +64,7 @@ func createTmpfs(monRootfs string, path string, flags uint64, mode string, size
 
 	if mode == "1777" {
 		// sonarcloud:go:S2612 -- This is a tmpfs mount point, sticky bit 1777 is required (like /tmp), controlled path, safe by design
-		err := os.Chmod(dstPath, 01777) // NOSONAR
+		err := os.Chmod(path, 01777) // NOSONAR
 		if err != nil {
 			return fmt.Errorf("failed to chmod %s: %w", path, err)
 		}
@@ -116,23 +116,6 @@ func setupDev(monRootfs string, devPath string) error {
 	// Create the new device node
 	err = unix.Mknod(dstPath, devStat.Mode, int(newDev)) //nolint: gosec
 	if err != nil {
-		// If mknod fails because of permissions (e.g. in a container), try to bind mount it
-		if errors.Is(err, unix.EPERM) || errors.Is(err, unix.EACCES) {
-			uniklog.Warnf("failed to make device node %s: %v. Fallback to bind mount.", dstPath, err)
-			// Create an empty file to be used as mount point
-			f, err1 := os.Create(dstPath)
-			if err1 != nil && !os.IsExist(err1) {
-				return fmt.Errorf("failed to create mount point for device %s: %w", dstPath, err1)
-			}
-			if f != nil {
-				f.Close()
-			}
-			err = unix.Mount(devPath, dstPath, "", unix.MS_BIND, "")
-			if err != nil {
-				return fmt.Errorf("failed to bind mount device %s: %w", devPath, err)
-			}
-			return nil
-		}
 		return fmt.Errorf("failed to make device node %s: %w", dstPath, err)
 	}
 
@@ -196,13 +179,7 @@ func fileFromHost(monRootfs string, hostPath string, target string, mFlags int,
 			}
 		}
 	} else {
-		if withCopy {
-			return ErrCopyDir
-		}
-		err = bindMountFile(hostPath, dstPath, "", 0, mFlags, true)
-		if err != nil {
-			return fmt.Errorf("failed to bind mount file %s: %w", hostPath, err)
-		}
+		return ErrCopyDir
 	}
 
 	if withCopy {

tests/e2e/common.go

@@ -78,7 +78,6 @@ func commonCmdExec(command string) (output string, err error) {
 	var stderrBuf bytes.Buffer
 
 	params := strings.Fields(command)
-	fmt.Printf("Executing command: %s\n", command)
 	cmd := exec.Command(params[0], params[1:]...) //nolint:gosec
 	cmd.Stderr = &stderrBuf
 	outBytes, err := cmd.Output()
@@ -225,13 +224,9 @@ func findValOfKey(searchArea string, key string) (string, error) {
 		return "", err
 	}
 	match := r.FindString(searchArea)
-	if match == "" {
-		return "", fmt.Errorf("key %s not found in search area", key)
-	}
+
 	keyValMatch := strings.Split(match, ":")
-	if len(keyValMatch) < 2 {
-		return "", fmt.Errorf("invalid format for key %s: %s", key, match)
-	}
+
 	val := strings.ReplaceAll(keyValMatch[1], "\"", "")
 	return strings.TrimSpace(val), nil
 }

tests/e2e/nerdctl.go

@@ -125,10 +125,7 @@ func (i *nerdctlInfo) inspectCAndGet(key string) (string, error) {
 	return commonInspectCAndGet(nerdctlName, i.containerID, key)
 }
 
-func (i *nerdctlInfo) inspectPAndGet(key string) (string, error) {
-	if key == "pid" || key == "Pid" {
-		return i.inspectCAndGet("Pid")
-	}
+func (i *nerdctlInfo) inspectPAndGet(string) (string, error) {
 	// Not supported by nerdctl
 	return "", errToolDoesNotSupport
 }

tests/e2e/test_functions.go

@@ -169,28 +169,7 @@ func seccompTest(tool testTool) error {
 	if len(wordsInLine) != 2 {
 		return fmt.Errorf("Invalid format of line. Expecting 2 values, got %d", len(wordsInLine))
 	}
-	seccompStatus := strings.TrimSpace(wordsInLine[1])
-
-	// If main thread doesn't have seccomp, check other threads
-	if seccompStatus == "0" && args.Seccomp {
-		taskPath := "/proc/" + unikernelPID + "/task"
-		tasks, err := os.ReadDir(taskPath)
-		if err == nil {
-			for _, task := range tasks {
-				threadStatusPath := filepath.Join(taskPath, task.Name(), "status")
-				line, err := findLineInFile(threadStatusPath, "Seccomp")
-				if err == nil {
-					words := strings.Split(line, ":")
-					if len(words) == 2 && strings.TrimSpace(words[1]) == "2" {
-						seccompStatus = "2"
-						break
-					}
-				}
-			}
-		}
-	}
-
-	if seccompStatus == "2" {
+	if strings.TrimSpace(wordsInLine[1]) == "2" {
 		if !args.Seccomp {
 			return fmt.Errorf("Seccomp should not be enabled")
 		}

tests/e2e/utils.go

@@ -32,9 +32,8 @@ func pingUnikernel(ipAddress string) error {
 	if err != nil {
 		return fmt.Errorf("failed to create Pinger: %v", err)
 	}
-	pinger.SetPrivileged(true) // Enable privileged mode to use ICMP
-	pinger.Count = 10
-	pinger.Timeout = 15 * time.Second
+	pinger.Count = 3
+	pinger.Timeout = 5 * time.Second
 	err = pinger.Run()
 	if err != nil {
 		return fmt.Errorf("failed to ping %s: %v", ipAddress, err)