Add config field to specify chroot mapping for exec driver

client/config/config.go

@@ -99,6 +99,10 @@ type Config struct {
 	// devices and IPs.
 	GloballyReservedPorts []int
 
+	// A mapping of directories on the host OS to attempt to embed inside each
+	// task's chroot.
+	ChrootEnv map[string]string
+
 	// Options provides arbitrary key-value configuration for nomad internals,
 	// like fingerprinters and drivers. The format is:
 	//

client/driver/exec.go

@@ -132,6 +132,7 @@ func (d *ExecDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle,
 		Cmd:            command,
 		Args:           driverConfig.Args,
 		FSIsolation:    true,
+		ChrootEnv:      d.config.ChrootEnv,
 		ResourceLimits: true,
 		User:           getExecutorUser(task),
 	}, executorCtx)

client/driver/executor/executor.go

@@ -126,6 +126,10 @@ type ExecCommand struct {
 	// FSIsolation determines whether the command would be run in a chroot.
 	FSIsolation bool
 
+	// A mapping of directories on the host OS to attempt to embed inside each
+	// task's chroot.
+	ChrootEnv map[string]string
+
 	// User is the user which the executor uses to run the command.
 	User string
 

client/driver/executor/executor_linux.go

@@ -227,7 +227,12 @@ func (e *UniversalExecutor) configureChroot() error {
 		return err
 	}
 
-	if err := allocDir.Embed(e.ctx.Task.Name, chrootEnv); err != nil {
+	chroot := chrootEnv
+	if e.command.ChrootEnv != nil && len(e.command.ChrootEnv) > 0 {
+		chroot = e.command.ChrootEnv
+	}
+
+	if err := allocDir.Embed(e.ctx.Task.Name, chroot); err != nil {
 		return err
 	}
 

client/driver/java.go

@@ -219,6 +219,7 @@ func (d *JavaDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle,
 		Cmd:            absPath,
 		Args:           args,
 		FSIsolation:    true,
+		ChrootEnv:      d.config.ChrootEnv,
 		ResourceLimits: true,
 		User:           getExecutorUser(task),
 	}, executorCtx)

command/agent/agent.go

@@ -274,6 +274,7 @@ func (a *Agent) clientConfig() (*clientconfig.Config, error) {
 	if a.config.Client.NetworkInterface != "" {
 		conf.NetworkInterface = a.config.Client.NetworkInterface
 	}
+	conf.ChrootEnv = a.config.Client.ChrootEnv
 	conf.Options = a.config.Client.Options
 	// Logging deprecation messages about consul related configuration in client
 	// options

command/agent/config.go

@@ -156,6 +156,10 @@ type ClientConfig struct {
 	// Metadata associated with the node
 	Meta map[string]string `mapstructure:"meta"`
 
+	// A mapping of directories on the host OS to attempt to embed inside each
+	// task's chroot.
+	ChrootEnv map[string]string `mapstructure:"chroot_env"`
+
 	// Interface to use for network fingerprinting
 	NetworkInterface string `mapstructure:"network_interface"`
 
@@ -718,6 +722,14 @@ func (a *ClientConfig) Merge(b *ClientConfig) *ClientConfig {
 		result.Meta[k] = v
 	}
 
+	// Add the chroot_env map values
+	if result.ChrootEnv == nil {
+		result.ChrootEnv = make(map[string]string)
+	}
+	for k, v := range b.ChrootEnv {
+		result.ChrootEnv[k] = v
+	}
+
 	return &result
 }
 

command/agent/config_parse.go

@@ -315,6 +315,7 @@ func parseClient(result **ClientConfig, list *ast.ObjectList) error {
 		"node_class",
 		"options",
 		"meta",
+		"chroot_env",
 		"network_interface",
 		"network_speed",
 		"max_kill_timeout",
@@ -334,6 +335,7 @@ func parseClient(result **ClientConfig, list *ast.ObjectList) error {
 
 	delete(m, "options")
 	delete(m, "meta")
+	delete(m, "chroot_env")
 	delete(m, "reserved")
 	delete(m, "stats")
 
@@ -370,6 +372,20 @@ func parseClient(result **ClientConfig, list *ast.ObjectList) error {
 		}
 	}
 
+	// Parse out chroot_env fields. These are in HCL as a list so we need to
+	// iterate over them and merge them.
+	if chrootEnvO := listVal.Filter("chroot_env"); len(chrootEnvO.Items) > 0 {
+		for _, o := range chrootEnvO.Elem().Items {
+			var m map[string]interface{}
+			if err := hcl.DecodeObject(&m, o.Val); err != nil {
+				return err
+			}
+			if err := mapstructure.WeakDecode(m, &config.ChrootEnv); err != nil {
+				return err
+			}
+		}
+	}
+
 	// Parse reserved config
 	if o := listVal.Filter("reserved"); len(o.Items) > 0 {
 		if err := parseReserved(&config.Reserved, o); err != nil {