From 6f752dd95ce04c4d2011329ccfcd526de5bbf6d8 Mon Sep 17 00:00:00 2001 From: Olivier Le Thanh Duong Date: Thu, 17 Oct 2024 16:38:59 +0200 Subject: [PATCH] FirecrackerVM drive not working if /var/lib and /var/cache on two separate partions Jira Ticket ALEPH-238 Similar issue to https://github.com/aleph-im/aleph-vm/pull/682 That was merged inside https://github.com/aleph-im/aleph-vm/pull/686 We have fixed a variation of this alread but this one triggered for additional volumes only Explanation: The prepare step for jailer is failing because it attempt create a hardlink to a file between the CACHE and EXECUTION dir which is not allowed between separate partition Solution: Make a hardlink Similiarly to the previous resolution, we cannot make a symlink as it is not accessible inside the jailer enclave --- src/aleph/vm/hypervisors/firecracker/microvm.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/aleph/vm/hypervisors/firecracker/microvm.py b/src/aleph/vm/hypervisors/firecracker/microvm.py index 3cf3e308..7a8fe787 100644 --- a/src/aleph/vm/hypervisors/firecracker/microvm.py +++ b/src/aleph/vm/hypervisors/firecracker/microvm.py @@ -365,7 +365,7 @@ def compute_device_name(index: int) -> str: def enable_drive(self, drive_path: Path, read_only: bool = True) -> Drive: """Make a volume available to the VM. - Creates a symlink to the volume file if jailer is in use. + Creates a hardlink or a copy to the volume file if jailer is in use. """ index = len(self.drives) device_name = self.compute_device_name(index) @@ -376,6 +376,11 @@ def enable_drive(self, drive_path: Path, read_only: bool = True) -> Drive: try: Path(f"{self.jailer_path}/{jailer_path_on_host}").hardlink_to(drive_path) + except OSError as err: + if err.errno == errno.EXDEV: + # Invalid cross-device link: cannot make hard link between partition. + # In this case, copy the file instead: + shutil.copyfile(drive_path, f"{self.jailer_path}/{jailer_path_on_host}") except FileExistsError: logger.debug(f"File {jailer_path_on_host} already exists") drive_path = Path(jailer_path_on_host)