On Thu, Jun 25, 2015 at 06:49:41PM +0200, Cédric Bosdonnat wrote:
In order to be able to mount a custom host-image as / we need to be able to access libvirt-sandbox-init-common and all its needed dependencies.
They are now copied into SANDBOXCONFIGDIR /.libs. Hard linking is not possible since we may be working on separate partitions, and symlinks wouldn't help to work with apparmor. Copying makes apparmor happy and solves our problem. --- configure.ac | 7 ++ libvirt-sandbox/libvirt-sandbox-builder-machine.c | 114 ++++++++++++++++++++++ libvirt-sandbox/libvirt-sandbox-init-qemu.c | 5 +- 3 files changed, 124 insertions(+), 2 deletions(-)
Don't we need to change the container builder too ? It will need to be able to run the init-common binary from the real host root FS too IIUC
+static gboolean gvir_sandbox_builder_machine_copy_init(const gchar *statedir, + GError **error) +{ + gchar *libsdir; + const gchar *initPath = LIBEXECDIR "/libvirt-sandbox-init-common"; + gchar *out = NULL; + gchar *line, *tmp; + const gchar *argv[] = {LDD_PATH, initPath, NULL}; + gboolean result = FALSE; + + libsdir = g_build_filename(statedir, "config", ".libs", NULL); + + g_mkdir_with_parents(libsdir, 0755); + + if (!gvir_sandbox_builder_machine_copy_lib(initPath, libsdir, error)) + goto cleanup; + + /* Get all the dependencies to be hard linked */ + if (!g_spawn_sync(NULL, (gchar **)argv, NULL, 0, + NULL, NULL, &out, NULL, NULL, error)) + goto cleanup; + + /* Loop over the output lines to get the path to the libraries to hard link */ + line = out; + while ((tmp = strchr(line, '\n'))) { + gchar *start, *end; + *tmp = '\0'; + + /* Search the line for the library path */ + start = strstr(line, " => "); + end = strstr(line, " ("); + + if (start && end) { + start = start + 4; + *end = '\0'; + + if (!gvir_sandbox_builder_machine_copy_lib(start, libsdir, error)) + goto cleanup; + } + + line = tmp + 1; + } + result = TRUE; + + cleanup: + g_free(libsdir); + g_free(out); + + return result; +}
static gboolean gvir_sandbox_builder_machine_construct_domain(GVirSandboxBuilder *builder, GVirSandboxConfig *config, @@ -370,6 +445,9 @@ static gboolean gvir_sandbox_builder_machine_construct_domain(GVirSandboxBuilder error)) return FALSE;
+ if (!gvir_sandbox_builder_machine_copy_init(statedir, error)) + return FALSE; + if (!GVIR_SANDBOX_BUILDER_CLASS(gvir_sandbox_builder_machine_parent_class)-> construct_domain(builder, config, statedir, domain, error)) return FALSE; @@ -712,12 +790,48 @@ static gboolean gvir_sandbox_builder_machine_clean_post_stop(GVirSandboxBuilder GError **error) { gchar *mntfile = g_strdup_printf("%s/config/mounts.cfg", statedir); + gchar *libsdir = g_build_filename(statedir, "config", ".libs", NULL); + GFile *libsFile = g_file_new_for_path(libsdir); + GFileEnumerator *enumerator = NULL; + GFileInfo *info = NULL; + GFile *child = NULL; gboolean ret = TRUE;
if (unlink(mntfile) < 0 && errno != ENOENT) ret = FALSE; + if (!(enumerator = g_file_enumerate_children(libsFile, "*", G_FILE_QUERY_INFO_NONE, + NULL, error)) && + (*error)->code != G_IO_ERROR_NOT_FOUND) { + ret = FALSE; + goto cleanup; + } + + while ((info = g_file_enumerator_next_file(enumerator, NULL, error))) { + child = g_file_enumerator_get_child(enumerator, info); + if (!g_file_delete(child, NULL, error)) + ret = FALSE; + g_object_unref(child); + child = NULL; + g_object_unref(info); + info = NULL; + }
+ if (!g_file_enumerator_close(enumerator, NULL, error)) + ret = FALSE; + + if (!g_file_delete(libsFile, NULL, error) && + (*error)->code != G_IO_ERROR_NOT_FOUND) + ret = FALSE; + + cleanup: + if (child) + g_object_unref(child); + if (info) + g_object_unref(info); + g_object_unref(enumerator); + g_object_unref(libsFile); + g_free(libsdir); g_free(mntfile); return ret; }
Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|