changelog: update Jailer limitations and suggestions

There was a change in behaviour introduced in Jailer because of which Firecracker pid will always be different from the Jailer PID. Highlight the change in behaviour and suggested workaround in the CHANGELOG and Jailer doc. Signed-off-by: Sudan Landge <sudanl@amazon.com>
firecracker-microvm · Feb 12, 2024 · cc6aa34 · cc6aa34
1 parent 9a53d7d
commit cc6aa34
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -46,6 +46,20 @@ and this project adheres to
   This fixes a bug where a microVM with incompatible balloon and guest memory
   size could be booted, due to the check for this condition happening after
   Firecracker's configuration was updated.
+- [#4259](https://github.com/firecracker-microvm/firecracker/pull/4259):
+  Added a double fork mechanism in the Jailer to avoid setsid failures
+  occurred while running Jailer as the process group leader.
+  However, this changed the behaviour of Jailer and now the Firecracker
+  process will always have a different PID than the Jailer process.
+  [#4440](https://github.com/firecracker-microvm/firecracker/pull/4440):
+  Added a "Known Limitations" section in the Jailer docs to highlight
+  the above change in behaviour introduced in PR#4259.
+  [#4442]https://github.com/firecracker-microvm/firecracker/pull/4442:
+  As a solution to the change in behaviour introduced in PR#4259, provided
+  a mechanism to reliably fetch Firecracker PID.
+  With this change, Firecracker process's PID will always be available
+  in the Jailer's root directory regardless of whether daemonize or
+  new_pid_ns was set.
 
 ## \[1.6.0\]
 

diff --git a/docs/jailer.md b/docs/jailer.md
@@ -280,10 +280,14 @@ Note: default value for `<api-sock>` is `/run/firecracker.socket`.
 ### Known limitations
 
 - When passing the --daemonize option to Firecracker without the --new-ns-pid
-  option, the Firecracker process will have a different pid than the Jailer
-  process. The suggested workaround to get Firecracker process's pid in this
-  case is using `--new-pid-ns` flag and read Firecracker's pid from the
-  `firecracker.pid` file present in the jailer's root directory.
+  option, the Firecracker process will have a different PID than the Jailer
+  process.
+  As a workaround to get Firecracker PID, the Jailer now stores the PID
+  of the child process in the jail root directory inside `<exec_file_name>.pid`
+  for all cases regardless of whether the new_pid_ns flag were set.
+  The suggested way to fetch Firecracker process's pid when using the Jailer
+  is to read Firecracker's PID from the `firecracker.pid` file present in the
+  Jailer's root directory.
 
 ## Caveats