func jail()

in jailer.go [285:346]

• 51 lines of code
• 9 McCabe index (conditional complexity)

func jail(ctx context.Context, m *Machine, cfg *Config) error {
	jailerWorkspaceDir := ""
	if len(cfg.JailerCfg.ChrootBaseDir) > 0 {
		jailerWorkspaceDir = filepath.Join(cfg.JailerCfg.ChrootBaseDir, filepath.Base(cfg.JailerCfg.ExecFile), cfg.JailerCfg.ID, rootfsFolderName)
	} else {
		jailerWorkspaceDir = filepath.Join(defaultJailerPath, filepath.Base(cfg.JailerCfg.ExecFile), cfg.JailerCfg.ID, rootfsFolderName)
	}

	var machineSocketPath string
	if cfg.SocketPath != "" {
		machineSocketPath = cfg.SocketPath
	} else {
		machineSocketPath = defaultSocketPath
	}

	cfg.SocketPath = filepath.Join(jailerWorkspaceDir, machineSocketPath)

	stdout := cfg.JailerCfg.Stdout
	if stdout == nil {
		stdout = os.Stdout
	}

	stderr := cfg.JailerCfg.Stderr
	if stderr == nil {
		stderr = os.Stderr
	}

	builder := NewJailerCommandBuilder().
		WithID(cfg.JailerCfg.ID).
		WithUID(*cfg.JailerCfg.UID).
		WithGID(*cfg.JailerCfg.GID).
		WithNumaNode(*cfg.JailerCfg.NumaNode).
		WithExecFile(cfg.JailerCfg.ExecFile).
		WithChrootBaseDir(cfg.JailerCfg.ChrootBaseDir).
		WithDaemonize(cfg.JailerCfg.Daemonize).
		WithFirecrackerArgs(
			"--seccomp-level", cfg.SeccompLevel.String(),
			"--api-sock", machineSocketPath,
		).
		WithStdout(stdout).
		WithStderr(stderr)

	if jailerBinary := cfg.JailerCfg.JailerBinary; jailerBinary != "" {
		builder = builder.WithBin(jailerBinary)
	}

	if cfg.NetNS != "" {
		builder = builder.WithNetNS(cfg.NetNS)
	}

	if stdin := cfg.JailerCfg.Stdin; stdin != nil {
		builder = builder.WithStdin(stdin)
	}

	m.cmd = builder.Build(ctx)

	if err := cfg.JailerCfg.ChrootStrategy.AdaptHandlers(&m.Handlers); err != nil {
		return err
	}

	return nil
}