From b1d64acff3fdbe7a0e819ecdd2d3b27620af08b2 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Fri, 23 Jun 2023 23:00:57 +0000 Subject: host/rootfs: prefix VM service names This will allow adding other services that are not specific to any particular VM (e.g. multi-VM bundles) without risking conflicts with user-provided VM names. Signed-off-by: Alyssa Ross --- host/rootfs/etc/mdev/net/add | 4 ++-- host/rootfs/etc/s6-rc/ext-rc-init/up | 28 ++++++++++++------------ host/rootfs/usr/bin/lsvm | 4 ++-- host/rootfs/usr/bin/vm-console | 2 +- host/rootfs/usr/bin/vm-start | 2 +- host/rootfs/usr/bin/vm-stop | 2 +- host/start-vm/ch.rs | 2 +- host/start-vm/lib.rs | 21 ++++++++++++------ host/start-vm/tests/vm_command-basic.rs | 2 +- host/start-vm/tests/vm_command-multiple-disks.rs | 2 +- host/start-vm/tests/vm_command-shared-dir.rs | 4 ++-- 11 files changed, 40 insertions(+), 33 deletions(-) diff --git a/host/rootfs/etc/mdev/net/add b/host/rootfs/etc/mdev/net/add index cc0bd20..64d126c 100755 --- a/host/rootfs/etc/mdev/net/add +++ b/host/rootfs/etc/mdev/net/add @@ -31,8 +31,8 @@ foreground { background { # Wait for the VM to be up. foreground { s6-rc -bu change ext-rc-init } - if { s6-svwait -U /run/service/ext-netvm } + if { s6-svwait -U /run/service/ext-vm-netvm } - ch-remote --api-socket /run/service/ext-netvm/env/cloud-hypervisor.sock + ch-remote --api-socket /run/service/ext-vm-netvm/env/cloud-hypervisor.sock add-device path=/sys${devpath} } diff --git a/host/rootfs/etc/s6-rc/ext-rc-init/up b/host/rootfs/etc/s6-rc/ext-rc-init/up index 92bb15c..f6d0e77 100644 --- a/host/rootfs/etc/s6-rc/ext-rc-init/up +++ b/host/rootfs/etc/s6-rc/ext-rc-init/up @@ -10,34 +10,34 @@ if { forx -po0 -E dir { $dirs } backtick -E name { basename -- $dir } - if { mkdir -- $name ${name}/data ${name}/dependencies.d ${name}/env } - if { ln -s $dir ${name}/data/config } - if { redirfd -w 1 ${name}/type echo longrun } - if { redirfd -w 1 ${name}/notification-fd echo 3 } - if { redirfd -w 1 ${name}/run printf "#!/bin/execlineb -P\n/bin/start-vm" } - if { chmod +x ${name}/run } + if { mkdir vm-${name} vm-${name}/data vm-${name}/dependencies.d vm-${name}/env } + if { ln -s $dir vm-${name}/data/config } + if { redirfd -w 1 vm-${name}/type echo longrun } + if { redirfd -w 1 vm-${name}/notification-fd echo 3 } + if { redirfd -w 1 vm-${name}/run printf "#!/bin/execlineb -P\n/bin/start-vm" } + if { chmod +x vm-${name}/run } if { elglob -0 paths ${dir}/shared-dirs/* forx -po0 -E path { $paths } backtick -E fsname { basename -- $path } - if { cp -R -- /etc/template/fs ${name}-fs-${fsname} } - if { mkdir -- ${name}-fs-${fsname}/data ${name}-fs-${fsname}/env } - if { cp -P -- ${path}/dir ${name}-fs-${fsname}/data/shared-dir } - touch -- ${name}/dependencies.d/${name}-fs-${fsname} + if { cp -R /etc/template/fs fs-${name}-${fsname} } + if { mkdir fs-${name}-${fsname}/data fs-${name}-${fsname}/env } + if { cp -P ${path}/dir fs-${name}-${fsname}/data/shared-dir } + touch vm-${name}/dependencies.d/fs-${name}-${fsname} } if { if -t { test -e ${dir}/wayland } - if { cp -R -- /etc/template/gpu ${name}-gpu } - if { mkdir -- ${name}-gpu/env } - touch -- ${name}/dependencies.d/${name}-gpu + if { cp -R -- /etc/template/gpu gpu-${name} } + if { mkdir -- gpu-${name}/env } + touch -- vm-${name}/dependencies.d/gpu-${name} } elglob -0 paths /ext/svc/data/${name}/providers/net/* forx -po0 -E path { $paths } backtick -E dep { basename -- $path } - touch -- ${name}/dependencies.d/${dep} + touch vm-${name}/dependencies.d/vm-${dep} } if { s6-rc-compile /run/s6-rc.ext.db /run/s6-rc.ext.src } diff --git a/host/rootfs/usr/bin/lsvm b/host/rootfs/usr/bin/lsvm index 082ee3c..b5a979e 100755 --- a/host/rootfs/usr/bin/lsvm +++ b/host/rootfs/usr/bin/lsvm @@ -11,7 +11,7 @@ if { printf "%-20s\t" $vm } ifte { ifte { echo "STOPPED" } { echo "RUNNING" } - test -f /run/service/ext-${vm}/down + test -f /run/service/ext-vm-${vm}/down } { echo "UNKNOWN" } -test -d /run/service/ext-${vm} +test -d /run/service/ext-vm-${vm} diff --git a/host/rootfs/usr/bin/vm-console b/host/rootfs/usr/bin/vm-console index 4db59b4..00d823c 100755 --- a/host/rootfs/usr/bin/vm-console +++ b/host/rootfs/usr/bin/vm-console @@ -4,7 +4,7 @@ backtick -E pty { pipeline -w { jq -r .config.console.file } - ch-remote --api-socket /run/service/ext-${1}/env/cloud-hypervisor.sock info + ch-remote --api-socket /run/service/ext-vm-${1}/env/cloud-hypervisor.sock info } foreground { diff --git a/host/rootfs/usr/bin/vm-start b/host/rootfs/usr/bin/vm-start index 87db927..46668eb 100755 --- a/host/rootfs/usr/bin/vm-start +++ b/host/rootfs/usr/bin/vm-start @@ -3,4 +3,4 @@ # SPDX-FileCopyrightText: 2022 Alyssa Ross foreground { s6-rc -bu change ext-rc } -s6-rc -l /run/s6-rc.ext -u change $1 +s6-rc -l /run/s6-rc.ext -u change vm-${1} diff --git a/host/rootfs/usr/bin/vm-stop b/host/rootfs/usr/bin/vm-stop index bad8981..2322003 100755 --- a/host/rootfs/usr/bin/vm-stop +++ b/host/rootfs/usr/bin/vm-stop @@ -2,4 +2,4 @@ # SPDX-License-Identifier: EUPL-1.2+ # SPDX-FileCopyrightText: 2022 Alyssa Ross -s6-rc -l /run/s6-rc.ext -d change $1 +s6-rc -l /run/s6-rc.ext -d change vm-${1} diff --git a/host/start-vm/ch.rs b/host/start-vm/ch.rs index 84216fb..876a6ed 100644 --- a/host/start-vm/ch.rs +++ b/host/start-vm/ch.rs @@ -14,7 +14,7 @@ const EPERM: NonZeroI32 = unsafe { NonZeroI32::new_unchecked(1) }; const EPROTO: NonZeroI32 = unsafe { NonZeroI32::new_unchecked(71) }; fn command(vm_name: &OsStr, s: impl AsRef) -> Command { - let mut api_socket_path = OsString::from("/run/service/ext-"); + let mut api_socket_path = OsString::from("/run/service/ext-vm-"); api_socket_path.push(vm_name); api_socket_path.push("/env/cloud-hypervisor.sock"); diff --git a/host/start-vm/lib.rs b/host/start-vm/lib.rs index d9d7966..33c19bb 100644 --- a/host/start-vm/lib.rs +++ b/host/start-vm/lib.rs @@ -50,12 +50,19 @@ pub fn create_api_socket() -> Result { pub fn vm_command(dir: &Path, api_socket_fd: RawFd) -> Result { let vm_name = dir .file_name() - .ok_or_else(|| "directory has no name".to_string())?; + .ok_or_else(|| "directory has no name".to_string())? + .as_bytes(); - if vm_name.as_bytes().contains(&b',') { + if !vm_name.starts_with(b"vm-") { + return Err("not running from a VM service directory".to_string()); + } + + if vm_name.contains(&b',') { return Err(format!("VM name may not contain a comma: {:?}", vm_name)); } + let vm_name = OsStr::from_bytes(&vm_name[3..]); + let config_dir = dir.join("data/config"); let mut command = Command::new("cloud-hypervisor"); @@ -130,9 +137,9 @@ pub fn vm_command(dir: &Path, api_socket_fd: RawFd) -> Result { if config_dir.join("wayland").exists() { command.arg("--gpu").arg({ - let mut gpu = OsString::from("socket=../"); + let mut gpu = OsString::from("socket=../gpu-"); gpu.push(vm_name); - gpu.push("-gpu/env/crosvm.sock"); + gpu.push("/env/crosvm.sock"); gpu }); } @@ -151,9 +158,9 @@ pub fn vm_command(dir: &Path, api_socket_fd: RawFd) -> Result { let mut arg = OsString::from("tag="); arg.push(&entry); - arg.push(",socket=../"); + arg.push(",socket=../fs-"); arg.push(vm_name); - arg.push("-fs-"); + arg.push("-"); arg.push(&entry); arg.push("/env/virtiofsd.sock"); command.arg(arg); @@ -179,7 +186,7 @@ mod tests { #[test] fn test_vm_name_comma() { - assert!(vm_command(Path::new("/v,m"), -1) + assert!(vm_command(Path::new("/vm-,"), -1) .unwrap_err() .contains("comma")); } diff --git a/host/start-vm/tests/vm_command-basic.rs b/host/start-vm/tests/vm_command-basic.rs index fac6a3d..92d78d8 100644 --- a/host/start-vm/tests/vm_command-basic.rs +++ b/host/start-vm/tests/vm_command-basic.rs @@ -10,7 +10,7 @@ use test_helper::TempDir; fn main() -> std::io::Result<()> { let tmp_dir = TempDir::new()?; - let service_dir = tmp_dir.path().join("testvm"); + let service_dir = tmp_dir.path().join("vm-testvm"); let kernel_path = service_dir.join("data/config/vmlinux"); let image_path = service_dir.join("data/config/blk/root.img"); diff --git a/host/start-vm/tests/vm_command-multiple-disks.rs b/host/start-vm/tests/vm_command-multiple-disks.rs index ad16f60..e17d505 100644 --- a/host/start-vm/tests/vm_command-multiple-disks.rs +++ b/host/start-vm/tests/vm_command-multiple-disks.rs @@ -12,7 +12,7 @@ use test_helper::TempDir; fn main() -> std::io::Result<()> { let tmp_dir = TempDir::new()?; - let service_dir = tmp_dir.path().join("testvm"); + let service_dir = tmp_dir.path().join("vm-testvm"); let vm_config = service_dir.join("data/config"); create_dir_all(&vm_config)?; diff --git a/host/start-vm/tests/vm_command-shared-dir.rs b/host/start-vm/tests/vm_command-shared-dir.rs index 3e8fe1f..d310d09 100644 --- a/host/start-vm/tests/vm_command-shared-dir.rs +++ b/host/start-vm/tests/vm_command-shared-dir.rs @@ -12,7 +12,7 @@ use test_helper::TempDir; fn main() -> std::io::Result<()> { let tmp_dir = TempDir::new()?; - let service_dir = tmp_dir.path().join("testvm"); + let service_dir = tmp_dir.path().join("vm-testvm"); let vm_config = service_dir.join("data/config"); create_dir_all(&vm_config)?; @@ -34,7 +34,7 @@ fn main() -> std::io::Result<()> { assert!(args.any(|arg| arg == "--fs")); let expected_fs_args = (1..=2) - .map(|i| format!("tag=dir{i},socket=../testvm-fs-dir{i}/env/virtiofsd.sock")) + .map(|i| format!("tag=dir{i},socket=../fs-testvm-dir{i}/env/virtiofsd.sock")) .map(OsString::from) .collect::>(); -- cgit 1.4.1