I tried temporarily disabling jailer to try and debug an issue that I suspect might have been related to running firecracker under jailer.
When not using jailer, the default firecracker command runner sets stdin, stdout, stderr to os.Stdin, os.Stdout, os.Stderr respectively. I didn't want that behavior (especially stdin), because I'm running several VMs at once from the same go binary. So I tried to override it.
However, I discovered that the SDK makes it difficult to override these. The default firecracker command is set here:
|
m.cmd = configureBuilder(defaultFirecrackerVMMCommandBuilder, cfg).Build(ctx) |
Note, it uses a private function, configureBuilder:
|
func configureBuilder(builder VMCommandBuilder, cfg Config) VMCommandBuilder { |
|
return builder. |
|
WithSocketPath(cfg.SocketPath). |
|
AddArgs("--id", cfg.VMID). |
|
AddArgs(seccompArgs(&cfg)...) |
|
} |
At first glance, that function seems small enough to just copy. However, it references this private seccompArgs function, which would also need to be copied:
|
func seccompArgs(cfg *Config) []string { |
|
var args []string |
|
if !cfg.Seccomp.Enabled { |
|
args = append(args, "--no-seccomp") |
|
} else if len(cfg.Seccomp.Filter) > 0 { |
|
args = append(args, "--seccomp-filter", cfg.Seccomp.Filter) |
|
} |
|
return args |
|
} |
I think maybe a better alternative to WithProcessRunner in this case could be to have a function like WithCommandModifier(defaultBuilder VMCommandBuilder) VMCommandBuilder that allows modifying the default command builder, instead of just the WithProcessRunner(cmd *exec.Command) which requires code-copying from the SDK.
I tried temporarily disabling jailer to try and debug an issue that I suspect might have been related to running firecracker under jailer.
When not using jailer, the default firecracker command runner sets stdin, stdout, stderr to os.Stdin, os.Stdout, os.Stderr respectively. I didn't want that behavior (especially stdin), because I'm running several VMs at once from the same go binary. So I tried to override it.
However, I discovered that the SDK makes it difficult to override these. The default firecracker command is set here:
firecracker-go-sdk/machine.go
Line 384 in e5e3dea
Note, it uses a private function,
configureBuilder:firecracker-go-sdk/machine.go
Lines 352 to 357 in e5e3dea
At first glance, that function seems small enough to just copy. However, it references this private
seccompArgsfunction, which would also need to be copied:firecracker-go-sdk/machine.go
Lines 342 to 350 in e5e3dea
I think maybe a better alternative to
WithProcessRunnerin this case could be to have a function likeWithCommandModifier(defaultBuilder VMCommandBuilder) VMCommandBuilderthat allows modifying the default command builder, instead of just theWithProcessRunner(cmd *exec.Command)which requires code-copying from the SDK.