[OpenWrt-Devel] [PATCH v2] procd: detect lxc container and behave accordingly
Hans Dedecker
dedeckeh at gmail.com
Sun May 5 03:53:24 EDT 2019
On Sat, May 4, 2019 at 10:30 PM Paul Spooren <mail at aparcar.org> wrote:
>
> meaning to not mount some specific parts witch cause trouble.
>
> The patch is based on previous work of @mikma to combine OpenWrt with
> lxd[0]. This patch however adds a detection copied from *virt-what* to
> check /proc/1/environment for the string "container".
>
> Thanks to @dangowrt for the cleanup.
>
> [0]: https://github.com/containercraft/openwrt-lxd/blob/master/patches/procd-openwrt-18.06/001_lxd_no_mounts.patch
>
> Signed-off-by: Paul Spooren <mail at aparcar.org>
> ---
> container.h | 22 ++++++++++++++++++++++
> initd/early.c | 20 ++++++++++++--------
> initd/zram.c | 11 +++++++----
> plug/coldplug.c | 14 +++++++++-----
> 4 files changed, 50 insertions(+), 17 deletions(-)
> create mode 100644 container.h
>
> diff --git a/container.h b/container.h
> new file mode 100644
> index 0000000..c9b5e46
> --- /dev/null
> +++ b/container.h
> @@ -0,0 +1,22 @@
> +/*
> + * Copyright (C) 2019 Paul Spooren <mail at aparcar.de>
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU Lesser General Public License version 2.1
> + * as published by the Free Software Foundation
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + */
> +
> +#ifndef __CONTAINER_H
> +#define __CONTAINER_H
> +#include <stdlib.h>
> +
> +static inline unsigned short int is_container() {
Let this function return a bool
Hans
> + return !!getenv("container");
> +}
> +
> +#endif
> diff --git a/initd/early.c b/initd/early.c
> index 2e15112..7b281b2 100644
> --- a/initd/early.c
> +++ b/initd/early.c
> @@ -25,6 +25,7 @@
> #include "../utils/utils.h"
> #include "init.h"
> #include "../libc-compat.h"
> +#include "../container.h"
>
> static void
> early_dev(void)
> @@ -56,14 +57,17 @@ early_mounts(void)
> {
> unsigned int oldumask = umask(0);
>
> - mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, 0);
> - mount("sysfs", "/sys", "sysfs", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, 0);
> - mount("cgroup", "/sys/fs/cgroup", "cgroup", MS_NODEV | MS_NOEXEC | MS_NOSUID, 0);
> - mount("tmpfs", "/dev", "tmpfs", MS_NOATIME | MS_NOSUID, "mode=0755,size=512K");
> - ignore(symlink("/tmp/shm", "/dev/shm"));
> - mkdir("/dev/pts", 0755);
> - mount("devpts", "/dev/pts", "devpts", MS_NOATIME | MS_NOEXEC | MS_NOSUID, "mode=600");
> - early_dev();
> + if (!is_container()) {
> + mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, 0);
> + mount("sysfs", "/sys", "sysfs", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, 0);
> + mount("cgroup", "/sys/fs/cgroup", "cgroup", MS_NODEV | MS_NOEXEC | MS_NOSUID, 0);
> + mount("tmpfs", "/dev", "tmpfs", MS_NOATIME | MS_NOSUID, "mode=0755,size=512K");
> + ignore(symlink("/tmp/shm", "/dev/shm"));
> + mkdir("/dev/pts", 0755);
> + mount("devpts", "/dev/pts", "devpts", MS_NOATIME | MS_NOEXEC | MS_NOSUID, "mode=600");
> +
> + early_dev();
> + }
>
> early_console("/dev/console");
> if (mount_zram_on_tmp()) {
> diff --git a/initd/zram.c b/initd/zram.c
> index b41bfd9..487d3d6 100644
> --- a/initd/zram.c
> +++ b/initd/zram.c
> @@ -12,6 +12,7 @@
> #include <sys/stat.h>
>
> #include "../log.h"
> +#include "../container.h"
>
> #include "init.h"
>
> @@ -116,10 +117,12 @@ mount_zram_on_tmp(void)
> waitpid(pid, NULL, 0);
> }
>
> - ret = mount("/dev/zram0", "/tmp", "ext4", MS_NOSUID | MS_NODEV | MS_NOATIME, "errors=continue,noquota");
> - if (ret < 0) {
> - ERROR("Can't mount /dev/zram0 on /tmp: %m\n");
> - return errno;
> + if (!is_container()) {
> + ret = mount("/dev/zram0", "/tmp", "ext4", MS_NOSUID | MS_NODEV | MS_NOATIME, "errors=continue,noquota");
> + if (ret < 0) {
> + ERROR("Can't mount /dev/zram0 on /tmp: %m\n");
> + return errno;
> + }
> }
>
> LOG("Using up to %ld kB of RAM as ZRAM storage on /mnt\n", zramsize);
> diff --git a/plug/coldplug.c b/plug/coldplug.c
> index c6a89c3..12df421 100644
> --- a/plug/coldplug.c
> +++ b/plug/coldplug.c
> @@ -22,6 +22,7 @@
> #include "../libc-compat.h"
>
> #include "hotplug.h"
> +#include "../container.h"
>
> static struct uloop_process udevtrigger;
>
> @@ -43,13 +44,16 @@ void procd_coldplug(void)
> char *argv[] = { "udevtrigger", NULL };
> unsigned int oldumask = umask(0);
>
> - umount2("/dev/pts", MNT_DETACH);
> - umount2("/dev/", MNT_DETACH);
> - mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755,size=512K");
> + if (!is_container()) {
> + umount2("/dev/pts", MNT_DETACH);
> + umount2("/dev/", MNT_DETACH);
> + mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755,size=512K");
> + mkdir("/dev/pts", 0755);
> + mount("devpts", "/dev/pts", "devpts", MS_NOEXEC | MS_NOSUID, 0);
> + }
> +
> ignore(symlink("/tmp/shm", "/dev/shm"));
> - mkdir("/dev/pts", 0755);
> umask(oldumask);
> - mount("devpts", "/dev/pts", "devpts", MS_NOEXEC | MS_NOSUID, 0);
> udevtrigger.cb = udevtrigger_complete;
> udevtrigger.pid = fork();
> if (!udevtrigger.pid) {
> --
> 2.20.1
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list