def test_empty_jailer_id(test_microvm_with_api):
"""
Test that the jailer ID cannot be empty.
@type: security
"""
test_microvm = test_microvm_with_api
fc_binary, _ = build_tools.get_firecracker_binaries()
# Set the jailer ID to None.
test_microvm.jailer = JailerContext(
jailer_id="",
exec_file=fc_binary,
)
# pylint: disable=W0703
try:
test_microvm.spawn()
# If the exception is not thrown, it means that Firecracker was
# started successfully, hence there's a bug in the code due to which
# we can set an empty ID.
assert False
except Exception as err:
expected_err = "Jailer error: Invalid instance ID: invalid len (0);" \
" the length must be between 1 and 64"
assert expected_err in str(err)
def __init__(
self,
resource_path,
fc_binary_path,
jailer_binary_path,
microvm_id,
monitor_memory=True,
bin_cloner_path=None,
):
"""Set up microVM attributes, paths, and data structures."""
# Unique identifier for this machine.
self._microvm_id = microvm_id
# Compose the paths to the resources specific to this microvm.
self._path = os.path.join(resource_path, microvm_id)
self._kernel_path = os.path.join(self._path, MICROVM_KERNEL_RELPATH)
self._fsfiles_path = os.path.join(self._path, MICROVM_FSFILES_RELPATH)
self._kernel_file = ''
self._rootfs_file = ''
self._initrd_file = ''
# The binaries this microvm will use to start.
self._fc_binary_path = fc_binary_path
assert os.path.exists(self._fc_binary_path)
self._jailer_binary_path = jailer_binary_path
assert os.path.exists(self._jailer_binary_path)
# Create the jailer context associated with this microvm.
self._jailer = JailerContext(
jailer_id=self._microvm_id,
exec_file=self._fc_binary_path,
)
self.jailer_clone_pid = None
# Copy the /etc/localtime file in the jailer root
self.jailer.copy_into_root(
"/etc/localtime", create_jail=True)
# Now deal with the things specific to the api session used to
# communicate with this machine.
self._api_session = None
self._api_socket = None
# Session name is composed of the last part of the temporary path
# allocated by the current test session and the unique id of this
# microVM. It should be unique.
self._session_name = os.path.basename(os.path.normpath(
resource_path
)) + self._microvm_id
# nice-to-have: Put these in a dictionary.
self.actions = None
self.balloon = None
self.boot = None
self.desc_inst = None
self.drive = None
self.logger = None
self.metrics = None
self.mmds = None
self.network = None
self.machine_cfg = None
self.vm = None
self.vsock = None
self.snapshot_create = None
self.snapshot_load = None
# Initialize the logging subsystem.
self.logging_thread = None
self._log_data = ""
# The ssh config dictionary is populated with information about how
# to connect to a microVM that has ssh capability. The path of the
# private key is populated by microvms with ssh capabilities and the
# hostname is set from the MAC address used to configure the microVM.
self._ssh_config = {
'username': '******',
'netns_file_path': self._jailer.netns_file_path()
}
# Deal with memory monitoring.
if monitor_memory:
self._memory_monitor = mem_tools.MemoryMonitor()
else:
self._memory_monitor = None
# Cpu load monitoring has to be explicitly enabled using
# the `enable_cpu_load_monitor` method.
self._cpu_load_monitor = None
self._vcpus_count = None
# External clone/exec tool, because Python can't into clone
self.bin_cloner_path = bin_cloner_path
def __init__(self,
resource_path,
fc_binary_path,
jailer_binary_path,
microvm_id,
build_feature='',
monitor_memory=True,
aux_bin_paths=None):
"""Set up microVM attributes, paths, and data structures."""
# Unique identifier for this machine.
self._microvm_id = microvm_id
# This is used in tests to identify if the microvm was started
# using a vsock build or a default build.
self.build_feature = build_feature
# Compose the paths to the resources specific to this microvm.
self._path = os.path.join(resource_path, microvm_id)
self._kernel_path = os.path.join(self._path, MICROVM_KERNEL_RELPATH)
self._fsfiles_path = os.path.join(self._path, MICROVM_FSFILES_RELPATH)
self._kernel_file = ''
self._rootfs_file = ''
# The binaries this microvm will use to start.
self._fc_binary_path = fc_binary_path
assert os.path.exists(self._fc_binary_path)
self._jailer_binary_path = jailer_binary_path
assert os.path.exists(self._jailer_binary_path)
# Create the jailer context associated with this microvm.
self._jailer = JailerContext(jailer_id=self._microvm_id,
exec_file=self._fc_binary_path)
self.jailer_clone_pid = None
# Now deal with the things specific to the api session used to
# communicate with this machine.
self._api_session = None
self._api_socket = None
# Session name is composed of the last part of the temporary path
# allocated by the current test session and the unique id of this
# microVM. It should be unique.
self._session_name = os.path.basename(
os.path.normpath(resource_path)) + self._microvm_id
# nice-to-have: Put these in a dictionary.
self.actions = None
self.boot = None
self.drive = None
self.logger = None
self.mmds = None
self.network = None
self.machine_cfg = None
self.vsock = None
# The ssh config dictionary is populated with information about how
# to connect to a microVM that has ssh capability. The path of the
# private key is populated by microvms with ssh capabilities and the
# hostname is set from the MAC address used to configure the microVM.
self._ssh_config = {
'username': '******',
'netns_file_path': self._jailer.netns_file_path()
}
# Deal with memory monitoring.
if monitor_memory:
self._memory_events_queue = Queue()
else:
self._memory_events_queue = None
# External clone/exec tool, because Python can't into clone
self.aux_bin_paths = aux_bin_paths
