From 6282558abd7ea96fa1dd863666ad143caa5ee21e Mon Sep 17 00:00:00 2001
From: Dmitry <dsagal+git@gmail.com>
Date: Mon, 27 Nov 2023 16:20:43 -0500
Subject: [PATCH] Check gvisor on startup of run.sh, and clean up scripts
 related to gvisor flags (#760)

* Check gvisor on startup
* Clear up get_checkpoint_path.sh script, so it doesn't hurt to run it twice
---
 sandbox/gvisor/get_checkpoint_path.sh | 10 +++++-----
 sandbox/run.sh                        | 11 ++++++++++-
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/sandbox/gvisor/get_checkpoint_path.sh b/sandbox/gvisor/get_checkpoint_path.sh
index b09caf11..c054b175 100755
--- a/sandbox/gvisor/get_checkpoint_path.sh
+++ b/sandbox/gvisor/get_checkpoint_path.sh
@@ -31,7 +31,7 @@ function check_gvisor {
     return
   fi
   # Check if a trivial command works under gvisor with the proposed flags.
-  if runsc --network none "$@" do true 2> /dev/null; then
+  if runsc --network none "$@" "do" true 2> /dev/null; then
     export GVISOR_FLAGS="$@"
     export GVISOR_AVAILABLE=1
   fi
@@ -40,9 +40,9 @@ function check_gvisor {
 check_gvisor --unprivileged --ignore-cgroups
 check_gvisor --unprivileged
 
-# If we can't use --unprivileged, stick with --rootless and no checkpoint
-if [[ -z "$GVISOR_FLAGS" ]]; then
-  check_gvisor --rootless
-else
+# If we can't use --unprivileged, stick with --rootless. We will not make a checkpoint.
+check_gvisor --rootless
+
+if [[ "$GVISOR_FLAGS" =~ "-unprivileged" ]]; then
   export GRIST_CHECKPOINT=/tmp/engine_$(echo $PWD | sed "s/[^a-zA-Z0-9]/_/g")
 fi
diff --git a/sandbox/run.sh b/sandbox/run.sh
index c213d485..89e24e00 100755
--- a/sandbox/run.sh
+++ b/sandbox/run.sh
@@ -3,8 +3,17 @@
 set -e
 
 if [[ "$GRIST_SANDBOX_FLAVOR" = "gvisor" ]]; then
-  ./sandbox/gvisor/update_engine_checkpoint.sh
   source ./sandbox/gvisor/get_checkpoint_path.sh
+
+  # Check GVISOR_FLAGS we ended up with. Don't ignore the output, it may be helpful in troubleshooting.
+  if runsc --network none $GVISOR_FLAGS "do" true; then
+    echo "gvisor check ok (flags: ${GVISOR_FLAGS})"
+  else
+    echo "gvisor check failed (flags: ${GVISOR_FLAGS}); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR"
+    exit 1
+  fi
+
+  ./sandbox/gvisor/update_engine_checkpoint.sh
 fi
 
 NODE_PATH=_build:_build/stubs:_build/ext node _build/stubs/app/server/server.js