Merge pull request #453 from kzys/log-rename

kzys · web-flow · commit 5a89577724b0 · 2020-11-05T14:43:06.000-08:00
Rename the files inside a jail to avoid conflicts
diff --git a/runtime/runc_jailer.go b/runtime/runc_jailer.go
@@ -270,10 +270,14 @@ func (j *runcJailer) BuildJailedRootHandler(cfg *config.Config, machineConfig *f
 	}
 }
 
-func (j *runcJailer) makeLinkInJail(src string) (string, error) {
+// makeLinkInJail creates a hard link to `src` inside the jail directory.
+func (j *runcJailer) makeLinkInJail(src, base string) (string, error) {
 	root := j.RootPath()
 
-	base := filepath.Base(src)
+	if strings.ContainsRune(base, os.PathSeparator) {
+		return "", fmt.Errorf("%q must not contain %q", base, os.PathSeparator)
+	}
+
 	dst := filepath.Join(root, base)
 
 	// Since Firecracker is unaware that we are in a jailed environment and
@@ -294,13 +298,13 @@ func (j *runcJailer) BuildLinkFifoHandler() firecracker.Handler {
 	return firecracker.Handler{
 		Name: jailerFifoHandlerName,
 		Fn: func(ctx context.Context, m *firecracker.Machine) error {
-			logFifo, err := j.makeLinkInJail(m.Cfg.LogPath)
+			logFifo, err := j.makeLinkInJail(m.Cfg.LogPath, internal.FirecrackerLogFifoName)
 			if err != nil {
 				return err
 			}
 			m.Cfg.LogFifo = logFifo
 
-			metricsFifo, err := j.makeLinkInJail(m.Cfg.MetricsPath)
+			metricsFifo, err := j.makeLinkInJail(m.Cfg.MetricsPath, internal.FirecrackerMetricsFifoName)
 			if err != nil {
 				return err
 			}
diff --git a/runtime/runc_jailer_test.go b/runtime/runc_jailer_test.go
@@ -171,3 +171,66 @@ func TestBindMountToJail_Isolated(t *testing.T) {
 	)
 	require.Error(t, err)
 }
+
+func TestFifoHandler_Isolated(t *testing.T) {
+	// Because of chown(2).
+	internal.RequiresIsolation(t)
+
+	testcases := []struct {
+		name        string
+		logPath     string
+		metricsPath string
+	}{
+		{
+			"Different basename",
+			"log.fifo",
+			"metrics.fifo",
+		},
+		{
+			"Same basename",
+			"log/vmid.fifo",
+			"metrics/vmid.fifo",
+		},
+	}
+
+	for _, tc := range testcases {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			dir, err := ioutil.TempDir("", testNameToVMID(t.Name()))
+			require.NoError(t, err)
+
+			logPath := filepath.Join(dir, tc.logPath)
+			metricsPath := filepath.Join(dir, tc.metricsPath)
+
+			err = os.MkdirAll(filepath.Dir(logPath), 0750)
+			require.NoError(t, err)
+			err = ioutil.WriteFile(logPath, []byte("log"), 0644)
+			require.NoError(t, err)
+
+			err = os.MkdirAll(filepath.Dir(metricsPath), 0750)
+			require.NoError(t, err)
+			err = ioutil.WriteFile(metricsPath, []byte("metrics"), 0644)
+			require.NoError(t, err)
+
+			j := runcJailer{
+				Config: runcJailerConfig{
+					OCIBundlePath: dir,
+				},
+			}
+			err = os.Mkdir(j.RootPath(), 0750)
+			require.NoError(t, err)
+
+			handler := j.BuildLinkFifoHandler()
+			err = handler.Fn(
+				context.Background(),
+				&firecracker.Machine{
+					Cfg: firecracker.Config{
+						LogPath:     logPath,
+						MetricsPath: metricsPath,
+					},
+				},
+			)
+			require.NoError(t, err)
+		})
+	}
+}
