chore(jailer): drop code supporting Linux 4.14

Remove code to support Linux 4.14. Firecracker/Jailer will only work with kernel 5.10 and above. Signed-off-by: Pablo Barbáchano <pablob@amazon.com>
pb8o · Jul 18, 2024 · c839707 · c839707
1 parent 80ff4a1
commit c839707
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 49 deletions.
diff --git a/src/cpu-template-helper/src/fingerprint/dump.rs b/src/cpu-template-helper/src/fingerprint/dump.rs
@@ -31,13 +31,7 @@ pub fn dump(vmm: Arc<Mutex<Vmm>>) -> Result<Fingerprint, FingerprintDumpError> {
  "/sys/devices/system/cpu/cpu0/regs/identification/revidr_el1",
  )?,
  bios_version: read_sysfs_file("/sys/devices/virtual/dmi/id/bios_version")?,
- // TODO: Replace this with `read_sysfs_file("/sys/devices/virtual/dmi/id/bios_release")`
- // after the end of kernel 4.14 support.
- // https://github.com/firecracker-microvm/firecracker/issues/3677
- bios_revision: run_shell_command(
- "set -o pipefail && dmidecode -t bios | grep \"BIOS Revision\" | cut -d':' -f2 | tr \
- -d ' \\n'",
- )?,
+ bios_revision: read_sysfs_file("/sys/devices/virtual/dmi/id/bios_release")?,
  guest_cpu_config: crate::template::dump::dump(vmm)?,
  })
 }

diff --git a/src/jailer/src/main.rs b/src/jailer/src/main.rs
@@ -3,7 +3,6 @@
 
 use std::ffi::{CString, NulError, OsString};
 use std::fmt::{Debug, Display};
-use std::os::unix::prelude::AsRawFd;
 use std::path::{Path, PathBuf};
 use std::{env as p_env, fs, io};
 
@@ -261,44 +260,10 @@ fn close_fds_by_close_range() -> Result<(), JailerError> {
  .map_err(JailerError::CloseRange)
 }
 
-fn close_fds_by_reading_proc() -> Result<(), JailerError> {
- // Calling this method means that close_range failed (we might be on kernel < 5.9).
- // We can't use std::fs::ReadDir here as under the hood we need access to the dirfd in order to
- // not close it twice
- let path = "/proc/self/fd";
- let mut dir = nix::dir::Dir::open(
- path,
- nix::fcntl::OFlag::O_DIRECTORY | nix::fcntl::OFlag::O_NOATIME,
- nix::sys::stat::Mode::empty(),
- )
- .map_err(|e| JailerError::DirOpen(path.to_string(), e.to_string()))?;
-
- let dirfd = dir.as_raw_fd();
- let mut c = dir.iter();
-
- while let Some(Ok(path)) = c.next() {
- let file_name = path.file_name();
- let fd_str = file_name.to_str().map_err(JailerError::UTF8Parsing)?;
-
- // If the entry is an INT entry, we go ahead and we treat it as an FD identifier.
- if let Ok(fd) = fd_str.parse::<i32>() {
- if fd > 2 && fd != dirfd {
- // SAFETY: Safe because close() cannot fail when passed a valid parameter.
- unsafe { libc::close(fd) };
- }
- }
- }
- Ok(())
-}
-
 // Closes all FDs other than 0 (STDIN), 1 (STDOUT) and 2 (STDERR)
 fn close_inherited_fds() -> Result<(), JailerError> {
- // The approach we take here is to firstly try to use the close_range syscall
- // which is available on kernels > 5.9.
- // We then fallback to using /proc/sef/fd to close open fds.
- if close_fds_by_close_range().is_err() {
- close_fds_by_reading_proc()?;
- }
+ // We use the close_range syscall which is available on kernels > 5.9.
+ close_fds_by_close_range()?;
  Ok(())
 }
 
@@ -439,11 +404,6 @@ mod tests {
  }
  }
 
- #[test]
- fn test_fds_proc() {
- run_close_fds_test(close_fds_by_reading_proc);
- }
-
  #[test]
  fn test_sanitize_process() {
  run_close_fds_test(sanitize_process);