diff --git a/Cargo.lock b/Cargo.lock index f6532c4b49a..7a697b86c86 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -554,6 +554,7 @@ name = "firecracker" version = "1.5.0-dev" dependencies = [ "api_server", + "bincode", "cargo_toml", "displaydoc", "event-manager", diff --git a/build.rs b/build.rs deleted file mode 100644 index c5a11dfd802..00000000000 --- a/build.rs +++ /dev/null @@ -1,147 +0,0 @@ -// Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -use std::path::{Path, PathBuf}; -use std::process::Command; -use std::{env, fs}; - -const ADVANCED_BINARY_FILTER_FILE_NAME: &str = "seccomp_filter.bpf"; - -const JSON_DIR: &str = "../../resources/seccomp"; -const SECCOMPILER_BUILD_DIR: &str = "../../build/seccompiler"; -const SECCOMPILER_SRC_DIR: &str = "../seccompiler/src"; - -// This script is run on every modification in the target-specific JSON file in `resources/seccomp`. -// It compiles the JSON seccomp policies into a serializable BPF format, using seccompiler-bin. -// The generated binary code will get included in Firecracker's code, at compile-time. -fn main() { - // this build script is called on every `devtool build`, - // embedding the FIRECRACKER_VERSION directly in the resulting binary - let firecracker_version = env!("CARGO_PKG_VERSION").to_string(); - println!( - "cargo:rustc-env=FIRECRACKER_VERSION={}", - firecracker_version - ); - - // Only compile the seccomp filters for the firecracker binary - otherwise - // we'll get stuck in an infinite loop as seccompiler-bin (which is invoked below) - // also executes this build script to set the firecracker version env variable. - if let Ok(package) = std::env::var("CARGO_MANIFEST_DIR") { - if !package.ends_with("firecracker") { - return; - } - } - - cpuid(); - - let target = env::var("TARGET").expect("Missing target."); - let out_dir = env::var("OUT_DIR").expect("Missing build-level OUT_DIR."); - - // Path to the JSON seccomp policy. - let mut json_path = PathBuf::from(JSON_DIR); - json_path.push(format!("{}.json", target)); - - // If the current target doesn't have a default filter, use a default, empty filter. - // This is to make sure that Firecracker builds even with libc toolchains for which we don't - // provide a default filter. For example, GNU libc. - if !json_path.exists() { - json_path.pop(); - json_path.push("unimplemented.json"); - - println!( - "cargo:warning=No default seccomp policy for target: {}. Defaulting to \ - `resources/seccomp/unimplemented.json`.", - target - ); - } - - // Retrigger the build script if the JSON file has changed. - let json_path = json_path.to_str().expect("Invalid bytes"); - println!("cargo:rerun-if-changed={}", json_path); - - // Also retrigger the build script on any seccompiler source code change. - register_seccompiler_src_watchlist(Path::new(SECCOMPILER_SRC_DIR)); - - // Run seccompiler-bin, getting the default, advanced filter. - let mut bpf_out_path = PathBuf::from(&out_dir); - bpf_out_path.push(ADVANCED_BINARY_FILTER_FILE_NAME); - run_seccompiler_bin(json_path, bpf_out_path.to_str().expect("Invalid bytes.")); -} - -// Run seccompiler with the given arguments. -fn run_seccompiler_bin(json_path: &str, out_path: &str) { - // We have a global `target` directive in our .cargo/config file specifying x86_64 architecture. - // However, seccompiler-bin has to be compiled for the host architecture. Without this, cargo - // would produce a x86_64 binary on aarch64 host, causing this compilation step to fail as such - // a binary would not be executable. - let host_arch = env::var("HOST").expect("Could not determine compilation host"); - let target_arch = env::var("CARGO_CFG_TARGET_ARCH").expect("Missing target arch."); - - // Command for running seccompiler-bin - let mut command = Command::new("cargo"); - command.args([ - "run", - "-p", - "seccompiler", - "--verbose", - "--target", - &host_arch, - // We need to specify a separate build directory for seccompiler-bin. Otherwise, cargo will - // deadlock waiting to acquire a lock on the build folder that the parent cargo process is - // holding. - "--target-dir", - SECCOMPILER_BUILD_DIR, - "--", - "--input-file", - json_path, - "--target-arch", - &target_arch, - "--output-file", - out_path, - ]); - - match command.output() { - Err(error) => panic!("\nSeccompiler-bin error: {:?}\n", error), - Ok(result) if !result.status.success() => { - panic!( - "\nSeccompiler-bin returned non-zero exit code:\nstderr: {}\nstdout: {}\n", - String::from_utf8(result.stderr).unwrap(), - String::from_utf8(result.stdout).unwrap(), - ); - } - Ok(_) => {} - } -} - -// Recursively traverse the entire seccompiler source folder and trigger a re-run of this build -// script on any modification of these files. -fn register_seccompiler_src_watchlist(src_dir: &Path) { - let contents = fs::read_dir(src_dir).expect("Unable to read folder contents."); - for entry in contents { - let path = entry.unwrap().path(); - let metadata = fs::metadata(&path).expect("Unable to read file/folder metadata."); - - if metadata.is_file() { - // Watch all source files. - println!( - "cargo:rerun-if-changed={}", - path.to_str().expect("Invalid unicode bytes.") - ); - } else if metadata.is_dir() { - // If is a folder, recurse. - register_seccompiler_src_watchlist(&path); - } - } -} - -fn cpuid() { - // Sets a `--cfg` flag for conditional compilation. - // - // TODO: Use `core::arch::x86_64::has_cpuid` - // (https://github.com/firecracker-microvm/firecracker/issues/3271). - #[cfg(any( - all(target_arch = "x86", target_feature = "sse", not(target_env = "sgx")), - all(target_arch = "x86_64", not(target_env = "sgx")) - ))] - println!("cargo:rustc-cfg=cpuid"); -} diff --git a/src/cpu-template-helper/Cargo.toml b/src/cpu-template-helper/Cargo.toml index b6a24660214..1f640108764 100644 --- a/src/cpu-template-helper/Cargo.toml +++ b/src/cpu-template-helper/Cargo.toml @@ -3,7 +3,6 @@ name = "cpu-template-helper" version = "1.5.0-dev" authors = ["Amazon Firecracker team "] edition = "2021" -build = "../../build.rs" license = "Apache-2.0" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html diff --git a/src/cpu-template-helper/src/utils/mod.rs b/src/cpu-template-helper/src/utils/mod.rs index 08a8000a99e..74eb5288871 100644 --- a/src/cpu-template-helper/src/utils/mod.rs +++ b/src/cpu-template-helper/src/utils/mod.rs @@ -19,7 +19,7 @@ pub mod aarch64; #[cfg(target_arch = "x86_64")] pub mod x86_64; -pub const CPU_TEMPLATE_HELPER_VERSION: &str = env!("FIRECRACKER_VERSION"); +pub const CPU_TEMPLATE_HELPER_VERSION: &str = env!("CARGO_PKG_VERSION"); /// Trait for key of `HashMap`-based modifier. /// diff --git a/src/firecracker/Cargo.toml b/src/firecracker/Cargo.toml index cb07a440b43..efe4390fb27 100644 --- a/src/firecracker/Cargo.toml +++ b/src/firecracker/Cargo.toml @@ -3,7 +3,7 @@ name = "firecracker" version = "1.5.0-dev" authors = ["Amazon Firecracker team "] edition = "2021" -build = "../../build.rs" +build = "build.rs" description = "Firecracker enables you to deploy workloads in lightweight virtual machines, called microVMs, which provide enhanced security and workload isolation over traditional VMs, while enabling the speed and resource efficiency of containers." homepage = "https://firecracker-microvm.github.io/" license = "Apache-2.0" @@ -36,6 +36,12 @@ regex = { version = "1.9.5", default-features = false, features = ["std", "unico serde = { version = "1.0.188", features = ["derive"] } userfaultfd = "0.6.1" +[build-dependencies] +bincode = "1.2.1" +seccompiler = { path = "../seccompiler" } +serde = { version = "1.0.188" } +serde_json = "1.0.107" + [[example]] name = "uffd_malicious_handler" path = "examples/uffd/malicious_handler.rs" diff --git a/src/firecracker/build.rs b/src/firecracker/build.rs new file mode 100644 index 00000000000..b20e1cd4e1e --- /dev/null +++ b/src/firecracker/build.rs @@ -0,0 +1,62 @@ +// Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +use std::collections::BTreeMap; +use std::fs::File; +use std::path::Path; + +use seccompiler::common::BpfProgram; +use seccompiler::compiler::{Compiler, JsonFile}; + +const ADVANCED_BINARY_FILTER_FILE_NAME: &str = "seccomp_filter.bpf"; + +const JSON_DIR: &str = "../../resources/seccomp"; +const SECCOMPILER_SRC_DIR: &str = "../seccompiler/src"; + +// This script is run on every modification in the target-specific JSON file in `resources/seccomp`. +// It compiles the JSON seccomp policies into a serializable BPF format, using seccompiler-bin. +// The generated binary code will get included in Firecracker's code, at compile-time. +fn main() { + // Target triple + let target = std::env::var("TARGET").expect("Missing target."); + let out_dir = std::env::var("OUT_DIR").expect("Missing build-level OUT_DIR."); + // Target arch (x86_64 / aarch64) + let target_arch = std::env::var("CARGO_CFG_TARGET_ARCH").expect("Missing target arch."); + + let seccomp_json_path = format!("{}/{}.json", JSON_DIR, target); + // If the current target doesn't have a default filter, use a default, empty filter. + // This is to make sure that Firecracker builds even with libc toolchains for which we don't + // provide a default filter. For example, GNU libc. + let seccomp_json_path = if Path::new(&seccomp_json_path).exists() { + seccomp_json_path + } else { + println!( + "cargo:warning=No default seccomp policy for target: {}. Defaulting to \ + `resources/seccomp/unimplemented.json`.", + target + ); + format!("{}/unimplemented.json", JSON_DIR) + }; + + // Retrigger the build script if the JSON file has changed. + // let json_path = json_path.to_str().expect("Invalid bytes"); + println!("cargo:rerun-if-changed={}", seccomp_json_path); + // Also retrigger the build script on any seccompiler source code change. + println!("cargo:rerun-if-changed={}", SECCOMPILER_SRC_DIR); + + let input = std::fs::read_to_string(seccomp_json_path).expect("Correct input file"); + let filters: JsonFile = serde_json::from_str(&input).expect("Input read"); + + let arch = target_arch.as_str().try_into().expect("Target"); + let compiler = Compiler::new(arch); + + // transform the IR into a Map of BPFPrograms + let bpf_data: BTreeMap = compiler + .compile_blob(filters.0, false) + .expect("Successfull compilation"); + + // serialize the BPF programs & output them to a file + let out_path = format!("{}/{}", out_dir, ADVANCED_BINARY_FILTER_FILE_NAME); + let output_file = File::create(out_path).expect("Create seccompiler output path"); + bincode::serialize_into(output_file, &bpf_data).expect("Seccompiler serialization"); +} diff --git a/src/firecracker/src/main.rs b/src/firecracker/src/main.rs index cbeab38a199..8a1d7734726 100644 --- a/src/firecracker/src/main.rs +++ b/src/firecracker/src/main.rs @@ -36,7 +36,7 @@ use crate::seccomp::SeccompConfig; // see https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch03s15.html for more information. const DEFAULT_API_SOCK_PATH: &str = "/run/firecracker.socket"; const DEFAULT_INSTANCE_ID: &str = "anonymous-instance"; -const FIRECRACKER_VERSION: &str = env!("FIRECRACKER_VERSION"); +const FIRECRACKER_VERSION: &str = env!("CARGO_PKG_VERSION"); const MMDS_CONTENT_ARG: &str = "metadata"; #[derive(Debug, thiserror::Error, displaydoc::Display)] diff --git a/src/jailer/Cargo.toml b/src/jailer/Cargo.toml index e262b69b31f..65a615da3da 100644 --- a/src/jailer/Cargo.toml +++ b/src/jailer/Cargo.toml @@ -3,7 +3,6 @@ name = "jailer" version = "1.5.0-dev" authors = ["Amazon Firecracker team "] edition = "2021" -build = "../../build.rs" description = "Process for starting Firecracker in production scenarios; applies a cgroup/namespace isolation barrier and then drops privileges." homepage = "https://firecracker-microvm.github.io/" license = "Apache-2.0" diff --git a/src/jailer/src/main.rs b/src/jailer/src/main.rs index 1f618b08170..ef2f5752575 100644 --- a/src/jailer/src/main.rs +++ b/src/jailer/src/main.rs @@ -18,7 +18,7 @@ mod chroot; mod env; mod resource_limits; -const JAILER_VERSION: &str = env!("FIRECRACKER_VERSION"); +const JAILER_VERSION: &str = env!("CARGO_PKG_VERSION"); #[derive(Debug, thiserror::Error)] pub enum JailerError { diff --git a/src/rebase-snap/Cargo.toml b/src/rebase-snap/Cargo.toml index 74ea0265adb..a411d81b20f 100644 --- a/src/rebase-snap/Cargo.toml +++ b/src/rebase-snap/Cargo.toml @@ -3,7 +3,6 @@ name = "rebase-snap" version = "1.5.0-dev" authors = ["Amazon Firecracker team "] edition = "2021" -build = "../../build.rs" license = "Apache-2.0" [[bin]] diff --git a/src/rebase-snap/src/main.rs b/src/rebase-snap/src/main.rs index 5bd11e4b3ca..5cdc4330b1f 100644 --- a/src/rebase-snap/src/main.rs +++ b/src/rebase-snap/src/main.rs @@ -9,7 +9,7 @@ use std::os::unix::io::AsRawFd; use utils::arg_parser::{ArgParser, Argument, Arguments, Error as ArgError}; use utils::seek_hole::SeekHole; -const REBASE_SNAP_VERSION: &str = env!("FIRECRACKER_VERSION"); +const REBASE_SNAP_VERSION: &str = env!("CARGO_PKG_VERSION"); const BASE_FILE: &str = "base-file"; const DIFF_FILE: &str = "diff-file"; diff --git a/src/seccompiler/Cargo.toml b/src/seccompiler/Cargo.toml index be968352cf5..a9008b71ba4 100644 --- a/src/seccompiler/Cargo.toml +++ b/src/seccompiler/Cargo.toml @@ -3,7 +3,6 @@ name = "seccompiler" version = "1.5.0-dev" authors = ["Amazon Firecracker team "] edition = "2021" -build = "../../build.rs" description = "Program that compiles multi-threaded seccomp-bpf filters expressed as JSON into raw BPF programs, serializing them and outputting them to a file." homepage = "https://firecracker-microvm.github.io/" license = "Apache-2.0" diff --git a/src/seccompiler/src/backend.rs b/src/seccompiler/src/backend.rs index c5ea255236b..24f9c96849d 100644 --- a/src/seccompiler/src/backend.rs +++ b/src/seccompiler/src/backend.rs @@ -81,7 +81,7 @@ const SECCOMP_DATA_ARG_SIZE: u8 = 8; /// Dummy placeholder type for a JSON comment. Holds no value. #[derive(PartialEq, Debug, Clone)] -pub(crate) struct Comment; +pub struct Comment; impl<'de> Deserialize<'de> for Comment { fn deserialize(_deserializer: D) -> std::result::Result @@ -96,7 +96,7 @@ impl<'de> Deserialize<'de> for Comment { /// Seccomp filter errors. #[derive(Debug, PartialEq, thiserror::Error, displaydoc::Display)] -pub(crate) enum FilterError { +pub enum FilterError { /// The seccomp rules vector is empty. EmptyRulesVector, /// The seccomp filter contains too many BPF instructions. @@ -112,7 +112,7 @@ pub(crate) enum FilterError { /// Supported target architectures. #[allow(non_camel_case_types)] #[derive(Debug, PartialEq, Clone, Copy)] -pub(crate) enum TargetArch { +pub enum TargetArch { /// x86_64 arch x86_64, /// aarch64 arch @@ -121,7 +121,7 @@ pub(crate) enum TargetArch { /// Errors related to target arch. #[derive(Debug, PartialEq, thiserror::Error, displaydoc::Display)] -pub(crate) enum TargetArchError { +pub enum TargetArchError { /// Invalid target arch string: {0} InvalidString(String), } @@ -164,7 +164,7 @@ impl From for &str { /// Comparison to perform when matching a condition. #[derive(Clone, Debug, Deserialize, PartialEq)] #[serde(rename_all = "snake_case")] -pub(crate) enum SeccompCmpOp { +pub enum SeccompCmpOp { /// Argument value is equal to the specified value. Eq, /// Argument value is greater than or equal to the specified value. @@ -184,7 +184,7 @@ pub(crate) enum SeccompCmpOp { /// Seccomp argument value length. #[derive(Clone, Debug, Deserialize, PartialEq)] #[serde(rename_all = "lowercase")] -pub(crate) enum SeccompCmpArgLen { +pub enum SeccompCmpArgLen { /// Argument value length is 4 bytes. Dword, /// Argument value length is 8 bytes. @@ -194,7 +194,7 @@ pub(crate) enum SeccompCmpArgLen { /// Condition that syscall must match in order to satisfy a rule. #[derive(Clone, Debug, PartialEq, Deserialize)] #[serde(deny_unknown_fields)] -pub(crate) struct SeccompCondition { +pub struct SeccompCondition { /// Index of the argument that is to be compared. #[serde(rename = "index")] arg_number: u8, @@ -214,7 +214,7 @@ pub(crate) struct SeccompCondition { /// Actions that `seccomp` can apply to process calling a syscall. #[derive(Clone, Debug, PartialEq, Deserialize)] #[serde(rename_all = "snake_case")] -pub(crate) enum SeccompAction { +pub enum SeccompAction { /// Allows syscall. Allow, /// Returns from syscall with specified error number. @@ -237,7 +237,7 @@ pub(crate) enum SeccompAction { /// The action of the first rule that matches will be applied to the calling process. /// If no rule matches the default action is applied. #[derive(Clone, Debug, PartialEq)] -pub(crate) struct SeccompRule { +pub struct SeccompRule { /// Conditions of rule that need to match in order for the rule to get matched. conditions: Vec, /// Action applied to calling process if rule gets matched. @@ -245,11 +245,11 @@ pub(crate) struct SeccompRule { } /// Type that associates the syscall number to its SeccompRules. -pub(crate) type SeccompRuleMap = BTreeMap>; +pub type SeccompRuleMap = BTreeMap>; /// Filter containing rules assigned to syscall numbers. #[derive(Clone, Debug, PartialEq)] -pub(crate) struct SeccompFilter { +pub struct SeccompFilter { /// Map of syscall numbers and corresponding rule chains. rules: SeccompRuleMap, /// Default action to apply to syscall numbers that do not exist in the hash map. diff --git a/src/seccompiler/src/common.rs b/src/seccompiler/src/common.rs index 3507214f3d8..61d28eb22d1 100644 --- a/src/seccompiler/src/common.rs +++ b/src/seccompiler/src/common.rs @@ -7,7 +7,7 @@ use serde::{Deserialize, Serialize}; /// The maximum seccomp-BPF program length allowed by the linux kernel. -pub(crate) const BPF_MAX_LEN: usize = 4096; +pub const BPF_MAX_LEN: usize = 4096; /// BPF instruction structure definition. /// See /usr/include/linux/filter.h . diff --git a/src/seccompiler/src/compiler.rs b/src/seccompiler/src/compiler.rs index 58c9b85b40a..956269fcdb6 100644 --- a/src/seccompiler/src/compiler.rs +++ b/src/seccompiler/src/compiler.rs @@ -33,7 +33,7 @@ use crate::syscall_table::SyscallTable; /// Errors compiling Filters into BPF. #[derive(Debug, PartialEq, thiserror::Error, displaydoc::Display)] -pub(crate) enum CompilationError { +pub enum CompilationError { /// `filter_action` and `default_action` are equal. IdenticalActions, /// {0} @@ -44,7 +44,7 @@ pub(crate) enum CompilationError { /// Deserializable object that represents the Json filter file. #[derive(Debug)] -pub(crate) struct JsonFile(pub BTreeMap); +pub struct JsonFile(pub BTreeMap); // Implement a custom deserializer, that returns an error for duplicate thread keys. impl<'de> Deserialize<'de> for JsonFile { @@ -84,7 +84,7 @@ impl<'de> Deserialize<'de> for JsonFile { /// Deserializable object representing a syscall rule. #[derive(Debug, Deserialize, PartialEq, Clone)] #[serde(deny_unknown_fields)] -pub(crate) struct SyscallRule { +pub struct SyscallRule { /// Name of the syscall. syscall: String, /// Rule conditions. @@ -113,7 +113,7 @@ impl SyscallRule { /// Deserializable seccomp filter. Refers to one thread category. #[derive(Deserialize, PartialEq, Debug, Clone)] #[serde(deny_unknown_fields)] -pub(crate) struct Filter { +pub struct Filter { /// Default action if no rules match. e.g. `Kill` for an AllowList. default_action: SeccompAction, /// Default action if a rule matches. e.g. `Allow` for an AllowList. @@ -143,7 +143,7 @@ impl Filter { /// [`BpfProgram`](../common/type.BpfProgram.html)s. /// Uses the [`SeccompFilter`](../backend/struct.SeccompFilter.html) interface as an IR language. #[derive(Debug)] -pub(crate) struct Compiler { +pub struct Compiler { /// Target architecture. Can be different from the current `target_arch`. arch: TargetArch, /// Target-specific syscall table. diff --git a/src/seccompiler/src/lib.rs b/src/seccompiler/src/lib.rs index d2dfb310ac3..8986c05b7f4 100644 --- a/src/seccompiler/src/lib.rs +++ b/src/seccompiler/src/lib.rs @@ -6,7 +6,11 @@ //! The library crate that defines common helper functions that are generally used in //! conjunction with seccompiler-bin. -mod common; +pub mod backend; +pub mod common; +pub mod compiler; +/// Syscall tables +pub mod syscall_table; use std::collections::HashMap; use std::fmt::Debug; diff --git a/src/seccompiler/src/seccompiler_bin.rs b/src/seccompiler/src/seccompiler_bin.rs index 76a0ceed152..725a898bed6 100644 --- a/src/seccompiler/src/seccompiler_bin.rs +++ b/src/seccompiler/src/seccompiler_bin.rs @@ -50,7 +50,7 @@ use compiler::{CompilationError, Compiler, JsonFile}; use serde_json::error::Error as JSONError; use utils::arg_parser::{ArgParser, Argument, Arguments as ArgumentsBag, Error as ArgParserError}; -const SECCOMPILER_VERSION: &str = env!("FIRECRACKER_VERSION"); +const SECCOMPILER_VERSION: &str = env!("CARGO_PKG_VERSION"); const DEFAULT_OUTPUT_FILENAME: &str = "seccomp_binary_filter.out"; #[derive(Debug, thiserror::Error)] diff --git a/src/seccompiler/src/syscall_table/aarch64.rs b/src/seccompiler/src/syscall_table/aarch64.rs index af56b90552a..386d09b78d3 100644 --- a/src/seccompiler/src/syscall_table/aarch64.rs +++ b/src/seccompiler/src/syscall_table/aarch64.rs @@ -8,7 +8,7 @@ use std::collections::HashMap; -pub(crate) fn make_syscall_table(map: &mut HashMap) { +pub fn make_syscall_table(map: &mut HashMap) { map.insert("accept4".to_string(), 242); map.insert("accept".to_string(), 202); map.insert("acct".to_string(), 89); diff --git a/src/seccompiler/src/syscall_table/mod.rs b/src/seccompiler/src/syscall_table/mod.rs index 94c861636bc..3dca50c748d 100644 --- a/src/seccompiler/src/syscall_table/mod.rs +++ b/src/seccompiler/src/syscall_table/mod.rs @@ -10,7 +10,7 @@ use crate::backend::TargetArch; /// Creates and owns a mapping from the arch-specific syscall name to the right number. #[derive(Debug)] -pub(crate) struct SyscallTable { +pub struct SyscallTable { map: HashMap, arch: TargetArch, } @@ -19,6 +19,7 @@ pub(crate) struct SyscallTable { const MAP_CAPACITY: usize = 351; impl SyscallTable { + /// Create new syscall table pub fn new(arch: TargetArch) -> Self { let mut instance = Self { arch, diff --git a/src/seccompiler/src/syscall_table/x86_64.rs b/src/seccompiler/src/syscall_table/x86_64.rs index 2ff471755af..9350bd5ce57 100644 --- a/src/seccompiler/src/syscall_table/x86_64.rs +++ b/src/seccompiler/src/syscall_table/x86_64.rs @@ -8,7 +8,7 @@ use std::collections::HashMap; -pub(crate) fn make_syscall_table(map: &mut HashMap) { +pub fn make_syscall_table(map: &mut HashMap) { map.insert("accept4".to_string(), 288); map.insert("accept".to_string(), 43); map.insert("access".to_string(), 21); diff --git a/src/snapshot-editor/Cargo.toml b/src/snapshot-editor/Cargo.toml index 3df26d88aaa..b15df0040aa 100644 --- a/src/snapshot-editor/Cargo.toml +++ b/src/snapshot-editor/Cargo.toml @@ -3,7 +3,6 @@ name = "snapshot-editor" version = "1.5.0" authors = ["Amazon Firecracker team "] edition = "2021" -build = "../../build.rs" license = "Apache-2.0" [[bin]] diff --git a/src/snapshot-editor/src/main.rs b/src/snapshot-editor/src/main.rs index d4ee1321b79..cc940b341f4 100644 --- a/src/snapshot-editor/src/main.rs +++ b/src/snapshot-editor/src/main.rs @@ -26,7 +26,7 @@ enum SnapEditorError { } #[derive(Debug, Parser)] -#[command(version = format!("v{}", env!("FIRECRACKER_VERSION")))] +#[command(version = format!("v{}", env!("CARGO_PKG_VERSION")))] struct Cli { #[command(subcommand)] command: Command,