[libvirt] [sandbox v2 00/11] Actually use host-image mounts on /
Hi all, In the virt-sandbox documentation we had examples with host-image mounts targetting /. However the / in the sandbox was still the host one. The main goal of this patch series is to fix that problem. This will also be needed to run docker container with libvirt-sandbox. I also added some configure flags to disable lzma or zlib support at build time. At least opensuse 13.2 doesn't have static lzma. Diff to v1: * Fixed Dan's comments * Fixed the container case: * Made init-lxc all-static * Moved the init copy code to libvirt-sandbox-builder.c * Use setenv to set the LD_LIBRARY_PATH rather than reset the whole environment using execve Cédric Bosdonnat (11): Allow disabling build with lzma. Allow disabling zlib support. Enable strcmp checks in libvirt-sandbox-init-qemu.c Make init-lxc all static Copy all needed init programs and all its deps to config subdir Remove init-common dependency on libvirt-sandbox.so init-qemu: extract the mounts.cfg ntry mounting code qemu: use mounts targeting / as root Add function to check if there is a mount with / target Don't add sandbox:root device if we have a mount targetting / container builder: don't expose host rootfs if unneeded cfg.mk | 2 - configure.ac | 37 ++++- libvirt-sandbox/Makefile.am | 45 +++--- .../libvirt-sandbox-builder-container.c | 37 +++-- libvirt-sandbox/libvirt-sandbox-builder-machine.c | 22 +-- libvirt-sandbox/libvirt-sandbox-builder.c | 159 ++++++++++++++++++- libvirt-sandbox/libvirt-sandbox-builder.h | 2 + libvirt-sandbox/libvirt-sandbox-config-all.h | 62 ++++++++ libvirt-sandbox/libvirt-sandbox-config-disk.c | 2 +- libvirt-sandbox/libvirt-sandbox-config-initrd.c | 2 +- .../libvirt-sandbox-config-interactive.c | 2 +- .../libvirt-sandbox-config-mount-file.c | 2 +- .../libvirt-sandbox-config-mount-guest-bind.c | 2 +- .../libvirt-sandbox-config-mount-host-bind.c | 2 +- .../libvirt-sandbox-config-mount-host-image.c | 2 +- libvirt-sandbox/libvirt-sandbox-config-mount-ram.c | 2 +- libvirt-sandbox/libvirt-sandbox-config-mount.c | 2 +- .../libvirt-sandbox-config-network-address.c | 2 +- ...rt-sandbox-config-network-filterref-parameter.c | 2 +- .../libvirt-sandbox-config-network-filterref.c | 2 +- .../libvirt-sandbox-config-network-route.c | 2 +- libvirt-sandbox/libvirt-sandbox-config-network.c | 2 +- .../libvirt-sandbox-config-service-generic.c | 2 +- .../libvirt-sandbox-config-service-systemd.c | 2 +- libvirt-sandbox/libvirt-sandbox-config-service.c | 2 +- libvirt-sandbox/libvirt-sandbox-config.c | 23 ++- libvirt-sandbox/libvirt-sandbox-config.h | 1 + libvirt-sandbox/libvirt-sandbox-init-common.c | 5 +- libvirt-sandbox/libvirt-sandbox-init-lxc.c | 16 +- libvirt-sandbox/libvirt-sandbox-init-qemu.c | 175 +++++++++++++++++---- libvirt-sandbox/libvirt-sandbox-util.c | 2 +- libvirt-sandbox/libvirt-sandbox.sym | 1 + 32 files changed, 519 insertions(+), 104 deletions(-) create mode 100644 libvirt-sandbox/libvirt-sandbox-config-all.h -- 2.1.4
Some linux distributions don't package static lzma library. Allow disabling it. --- configure.ac | 14 +++++++++++++- libvirt-sandbox/libvirt-sandbox-init-qemu.c | 12 ++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 140fb8c..834a444 100644 --- a/configure.ac +++ b/configure.ac @@ -81,7 +81,14 @@ PKG_CHECK_MODULES(LIBVIRT_GLIB, libvirt-glib-1.0 >= $LIBVIRT_GOBJECT_REQUIRED) PKG_CHECK_MODULES(LIBVIRT_GOBJECT, libvirt-gobject-1.0 >= $LIBVIRT_GOBJECT_REQUIRED) PKG_CHECK_MODULES(LIBVIRT_GCONFIG, libvirt-gconfig-1.0 >= $LIBVIRT_GCONFIG_REQUIRED) PKG_CHECK_MODULES(ZLIB, zlib >= $ZLIB_REQUIRED) -PKG_CHECK_MODULES(LZMA, liblzma >= $LZMA_REQUIRED) +AC_ARG_WITH([lzma], + [AS_HELP_STRING([--with-lzma], + [add LZMA support @<:@default=yes@:>@])]) +m4_divert_text([DEFAULTS], [with_lzma=yes]) + +if test "$with_lzma" = "yes" ; then + PKG_CHECK_MODULES(LZMA, liblzma >= $LZMA_REQUIRED) +fi LIBVIRT_SANDBOX_CAPNG LIBVIRT_SANDBOX_GETTEXT @@ -118,6 +125,11 @@ AC_MSG_NOTICE([]) AC_MSG_NOTICE([]) AC_MSG_NOTICE([ Libraries:]) AC_MSG_NOTICE([]) +if test "$with_lzma" != "no" ; then +AC_MSG_NOTICE([ LZMA: $LZMA_CFLAGS $LZMA_LIBS]) +else +AC_MSG_NOTICE([ LZMA: no]) +fi AC_MSG_NOTICE([ GOBJECT: $GOBJECT_CFLAGS $GOBJECT_LIBS]) AC_MSG_NOTICE([ LIBVIRT_GOBJECT: $LIBVIRT_GOBJECT_CFLAGS $LIBVIRT_GOBJECT_LIBS]) AC_MSG_NOTICE([]) diff --git a/libvirt-sandbox/libvirt-sandbox-init-qemu.c b/libvirt-sandbox/libvirt-sandbox-init-qemu.c index eabf9aa..a9e6263 100644 --- a/libvirt-sandbox/libvirt-sandbox-init-qemu.c +++ b/libvirt-sandbox/libvirt-sandbox-init-qemu.c @@ -42,7 +42,9 @@ #include <fcntl.h> #include <sys/reboot.h> #include <termios.h> +#if WITH_LZMA #include <lzma.h> +#endif /* WITH_LZMA */ #include <zlib.h> #define ATTR_UNUSED __attribute__((__unused__)) @@ -400,6 +402,7 @@ has_suffix(const char *filename, const char *ext) offset[strlen(ext)] == '\0'); } +#if WITH_LZMA static char * load_module_file_lzma(const char *filename, size_t *len) { @@ -456,6 +459,15 @@ load_module_file_lzma(const char *filename, size_t *len) free(xzdata); return data; } +#else +static char * +load_module_file_lzma(const char *filename, size_t *len) +{ + fprintf(stderr, "libvirt-sandbox-init-qemu: %s: " + "lzma support disabled, can't read module %s\n", __func__, filename); + exit_poweroff(); +} +#endif /* WITH_LZMA */ static char * load_module_file_zlib(const char *filename, size_t *len) -- 2.1.4
On Mon, Jun 29, 2015 at 06:44:09PM +0200, Cédric Bosdonnat wrote:
Some linux distributions don't package static lzma library. Allow disabling it. --- configure.ac | 14 +++++++++++++- libvirt-sandbox/libvirt-sandbox-init-qemu.c | 12 ++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac index 140fb8c..834a444 100644 --- a/configure.ac +++ b/configure.ac @@ -81,7 +81,14 @@ PKG_CHECK_MODULES(LIBVIRT_GLIB, libvirt-glib-1.0 >= $LIBVIRT_GOBJECT_REQUIRED) PKG_CHECK_MODULES(LIBVIRT_GOBJECT, libvirt-gobject-1.0 >= $LIBVIRT_GOBJECT_REQUIRED) PKG_CHECK_MODULES(LIBVIRT_GCONFIG, libvirt-gconfig-1.0 >= $LIBVIRT_GCONFIG_REQUIRED) PKG_CHECK_MODULES(ZLIB, zlib >= $ZLIB_REQUIRED) -PKG_CHECK_MODULES(LZMA, liblzma >= $LZMA_REQUIRED) +AC_ARG_WITH([lzma], + [AS_HELP_STRING([--with-lzma], + [add LZMA support @<:@default=yes@:>@])]) +m4_divert_text([DEFAULTS], [with_lzma=yes]) + +if test "$with_lzma" = "yes" ; then + PKG_CHECK_MODULES(LZMA, liblzma >= $LZMA_REQUIRED)
Needs an AC_DEFINE() to get WITH_LZMA in config.h
diff --git a/libvirt-sandbox/libvirt-sandbox-init-qemu.c b/libvirt-sandbox/libvirt-sandbox-init-qemu.c index eabf9aa..a9e6263 100644 --- a/libvirt-sandbox/libvirt-sandbox-init-qemu.c +++ b/libvirt-sandbox/libvirt-sandbox-init-qemu.c @@ -42,7 +42,9 @@ #include <fcntl.h> #include <sys/reboot.h> #include <termios.h> +#if WITH_LZMA #include <lzma.h> +#endif /* WITH_LZMA */
To make this work. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
Some distributions may not have static zlib package. Allow disabling it at build time. --- configure.ac | 16 +++++++++++++++- libvirt-sandbox/libvirt-sandbox-init-qemu.c | 12 ++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 834a444..99d22d7 100644 --- a/configure.ac +++ b/configure.ac @@ -80,7 +80,16 @@ PKG_CHECK_MODULES(LIBVIRT, libvirt >= $LIBVIRT_REQUIRED) PKG_CHECK_MODULES(LIBVIRT_GLIB, libvirt-glib-1.0 >= $LIBVIRT_GOBJECT_REQUIRED) PKG_CHECK_MODULES(LIBVIRT_GOBJECT, libvirt-gobject-1.0 >= $LIBVIRT_GOBJECT_REQUIRED) PKG_CHECK_MODULES(LIBVIRT_GCONFIG, libvirt-gconfig-1.0 >= $LIBVIRT_GCONFIG_REQUIRED) -PKG_CHECK_MODULES(ZLIB, zlib >= $ZLIB_REQUIRED) + +AC_ARG_WITH([zlib], + [AS_HELP_STRING([--with-zlib], + [add ZLIB support @<:@default=yes@:>@])]) +m4_divert_text([DEFAULTS], [with_zlib=yes]) + +if test "$with_zlib" = "yes" ; then + PKG_CHECK_MODULES(ZLIB, zlib >= $ZLIB_REQUIRED) + fi + AC_ARG_WITH([lzma], [AS_HELP_STRING([--with-lzma], [add LZMA support @<:@default=yes@:>@])]) @@ -130,6 +139,11 @@ AC_MSG_NOTICE([ LZMA: $LZMA_CFLAGS $LZMA_LIBS]) else AC_MSG_NOTICE([ LZMA: no]) fi +if test "$with_zlib" != "no" ; then +AC_MSG_NOTICE([ ZLIB: $ZLIB_CFLAGS $ZLIB_LIBS]) +else +AC_MSG_NOTICE([ ZLIB: no]) +fi AC_MSG_NOTICE([ GOBJECT: $GOBJECT_CFLAGS $GOBJECT_LIBS]) AC_MSG_NOTICE([ LIBVIRT_GOBJECT: $LIBVIRT_GOBJECT_CFLAGS $LIBVIRT_GOBJECT_LIBS]) AC_MSG_NOTICE([]) diff --git a/libvirt-sandbox/libvirt-sandbox-init-qemu.c b/libvirt-sandbox/libvirt-sandbox-init-qemu.c index a9e6263..d5a0b7a 100644 --- a/libvirt-sandbox/libvirt-sandbox-init-qemu.c +++ b/libvirt-sandbox/libvirt-sandbox-init-qemu.c @@ -45,7 +45,9 @@ #if WITH_LZMA #include <lzma.h> #endif /* WITH_LZMA */ +#if WITH_ZLIB #include <zlib.h> +#endif /* WITH_ZLIB */ #define ATTR_UNUSED __attribute__((__unused__)) @@ -469,6 +471,7 @@ load_module_file_lzma(const char *filename, size_t *len) } #endif /* WITH_LZMA */ +#if WITH_ZLIB static char * load_module_file_zlib(const char *filename, size_t *len) { @@ -519,6 +522,15 @@ load_module_file_zlib(const char *filename, size_t *len) gzclose(fp); return data; } +#else +static char * +load_module_file_zlib(const char *filename, size_t *len) +{ + fprintf(stderr, "libvirt-sandbox-init-qemu: %s: " + "zlib support disabled, can't read module %s\n", __func__, filename); + exit_poweroff(); +} +#endif /* WITH_ZLIB */ static char * load_module_file_raw(const char *filename, size_t *len) -- 2.1.4
On Mon, Jun 29, 2015 at 06:44:10PM +0200, Cédric Bosdonnat wrote:
Some distributions may not have static zlib package. Allow disabling it at build time. --- configure.ac | 16 +++++++++++++++- libvirt-sandbox/libvirt-sandbox-init-qemu.c | 12 ++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac index 834a444..99d22d7 100644 --- a/configure.ac +++ b/configure.ac @@ -80,7 +80,16 @@ PKG_CHECK_MODULES(LIBVIRT, libvirt >= $LIBVIRT_REQUIRED) PKG_CHECK_MODULES(LIBVIRT_GLIB, libvirt-glib-1.0 >= $LIBVIRT_GOBJECT_REQUIRED) PKG_CHECK_MODULES(LIBVIRT_GOBJECT, libvirt-gobject-1.0 >= $LIBVIRT_GOBJECT_REQUIRED) PKG_CHECK_MODULES(LIBVIRT_GCONFIG, libvirt-gconfig-1.0 >= $LIBVIRT_GCONFIG_REQUIRED) -PKG_CHECK_MODULES(ZLIB, zlib >= $ZLIB_REQUIRED) + +AC_ARG_WITH([zlib], + [AS_HELP_STRING([--with-zlib], + [add ZLIB support @<:@default=yes@:>@])]) +m4_divert_text([DEFAULTS], [with_zlib=yes]) + +if test "$with_zlib" = "yes" ; then + PKG_CHECK_MODULES(ZLIB, zlib >= $ZLIB_REQUIRED) + fi
Indentation bug, and AC_DEFINE issue too Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--- cfg.mk | 2 -- libvirt-sandbox/libvirt-sandbox-init-qemu.c | 6 ++++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cfg.mk b/cfg.mk index 83ded15..37e5050 100644 --- a/cfg.mk +++ b/cfg.mk @@ -132,5 +132,3 @@ exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = ^libvirt-sandbox/tes exclude_file_name_regexp--sc_bindtextdomain = ^(libvirt-sandbox/tests)|(libvirt-sandbox/libvirt-sandbox-init-*)|(bin/virt-sandbox.c)|(bin/virt-sandbox-service-util.c) exclude_file_name_regexp--sc_preprocessor_indentation = ^*/*.[ch] - -exclude_file_name_regexp--sc_prohibit_strcmp = ^libvirt-sandbox/libvirt-sandbox-init-qemu.c diff --git a/libvirt-sandbox/libvirt-sandbox-init-qemu.c b/libvirt-sandbox/libvirt-sandbox-init-qemu.c index d5a0b7a..44305fd 100644 --- a/libvirt-sandbox/libvirt-sandbox-init-qemu.c +++ b/libvirt-sandbox/libvirt-sandbox-init-qemu.c @@ -51,6 +51,8 @@ #define ATTR_UNUSED __attribute__((__unused__)) +#define STREQ(x,y) (strcmp(x,y) == 0) + static void print_uptime (void); static void insmod (const char *filename); static void set_debug(void); @@ -283,7 +285,7 @@ main(int argc ATTR_UNUSED, char **argv ATTR_UNUSED) __func__, source, target, type, opts); - if (strcmp(type, "") == 0) { + if (STREQ(type, "")) { struct stat st; type = NULL; flags |= MS_BIND; @@ -297,7 +299,7 @@ main(int argc ATTR_UNUSED, char **argv ATTR_UNUSED) else mount_mkfile(target, 644); } else { - if (strcmp(type, "tmpfs") == 0) + if (STREQ(type, "tmpfs")) flags |= MS_NOSUID | MS_NODEV; mount_mkdir(target, 0755); -- 2.1.4
When running a sandbox with a / different from the host one, we will need to copy all init-lxc dependencies into a mounted folder... but we have no way to tell libvirt to set the LD_LIBRARY_PATH for the init command. Turning init-lxc all-static help us work around that problem, and drops the useless dependencies on glib and libvirt-sandbox. --- libvirt-sandbox/Makefile.am | 11 +---------- libvirt-sandbox/libvirt-sandbox-init-lxc.c | 8 ++++---- 2 files changed, 5 insertions(+), 14 deletions(-) diff --git a/libvirt-sandbox/Makefile.am b/libvirt-sandbox/Makefile.am index b6fcdf7..1cd6ea3 100644 --- a/libvirt-sandbox/Makefile.am +++ b/libvirt-sandbox/Makefile.am @@ -202,22 +202,13 @@ libvirt_sandbox_init_lxc_CFLAGS = \ -DSANDBOXCONFIGDIR="\"$(sandboxconfigdir)\"" \ -I$(top_srcdir) \ -I$(top_builddir) \ - $(GIO_UNIX_CFLAGS) \ - $(LIBVIRT_GLIB_CFLAGS) \ - $(LIBVIRT_GOBJECT_CFLAGS) \ $(WARN_CFLAGS) \ $(NULL) libvirt_sandbox_init_lxc_LDFLAGS = \ - libvirt-sandbox-1.0.la \ + -all-static \ $(COVERAGE_CFLAGS:-f%=-Wc,f%) \ - $(GIO_UNIX_LIBS) \ - $(LIBVIRT_GLIB_LIBS) \ - $(LIBVIRT_GOBJECT_LIBS) \ $(WARN_CFLAGS) \ $(NULL) -libvirt_sandbox_init_lxc_LDADD = \ - libvirt-sandbox-1.0.la \ - $(NULL) libvirt_sandbox_init_qemu_SOURCES = libvirt-sandbox-init-qemu.c libvirt_sandbox_init_qemu_CFLAGS = \ diff --git a/libvirt-sandbox/libvirt-sandbox-init-lxc.c b/libvirt-sandbox/libvirt-sandbox-init-lxc.c index 61f46a1..798af37 100644 --- a/libvirt-sandbox/libvirt-sandbox-init-lxc.c +++ b/libvirt-sandbox/libvirt-sandbox-init-lxc.c @@ -28,8 +28,6 @@ #include <config.h> -#include <glib.h> - #include <stdio.h> #include <sys/wait.h> #include <termios.h> @@ -38,6 +36,8 @@ #include <string.h> #include <errno.h> +#define STRNEQ(x,y) (strcmp(x,y) != 0) + static void set_debug(void); static int has_command_arg(const char *name, char **val); @@ -45,7 +45,7 @@ static int has_command_arg(const char *name, static int debug = 0; int -main(int argc G_GNUC_UNUSED, char **argv G_GNUC_UNUSED) +main(int argc, char **argv) { const char *args[50]; int narg = 0; @@ -69,7 +69,7 @@ main(int argc G_GNUC_UNUSED, char **argv G_GNUC_UNUSED) args[narg++] = "/tmp/sandbox.log"; args[narg++] = "-f"; args[narg++] = "-ff"; - if (strace && !g_str_equal(strace, "1")) { + if (strace && STRNEQ(strace, "1")) { args[narg++] = "-e"; args[narg++] = strace; } -- 2.1.4
In order to be able to mount a custom host-image as / we need to be able to access libvirt-sandbox-init-common and all its needed dependencies. In the container case we also need to copy libvirt-sandbox-init-lxc. They are now copied into SANDBOXCONFIGDIR /.libs. Hard linking is not possible since we may be working on separate partitions, and symlinks wouldn't help to work with apparmor. Copying makes apparmor happy and solves our problem. --- configure.ac | 7 + .../libvirt-sandbox-builder-container.c | 15 +- libvirt-sandbox/libvirt-sandbox-builder.c | 159 ++++++++++++++++++++- libvirt-sandbox/libvirt-sandbox-builder.h | 2 + libvirt-sandbox/libvirt-sandbox-init-lxc.c | 8 +- libvirt-sandbox/libvirt-sandbox-init-qemu.c | 9 +- 6 files changed, 196 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 99d22d7..608f56b 100644 --- a/configure.ac +++ b/configure.ac @@ -109,6 +109,13 @@ LIBVIRT_SANDBOX_SELINUX LIBVIRT_SANDBOX_STATIC_LIBC +dnl search for LDD path +AC_PATH_PROG([LDD_PATH], [ldd]) +if test -z "$LDD_PATH"; then + AC_MSG_ERROR([Failed to find ldd.]) +fi +AC_DEFINE_UNQUOTED([LDD_PATH], "$LDD_PATH", [path to ldd binary]) + GOBJECT_INTROSPECTION_CHECK([$GOBJECT_INTROSPECTION_REQUIRED]) dnl Should be in m4/virt-gettext.m4 but intltoolize is too diff --git a/libvirt-sandbox/libvirt-sandbox-builder-container.c b/libvirt-sandbox/libvirt-sandbox-builder-container.c index c23b82b..d226d35 100644 --- a/libvirt-sandbox/libvirt-sandbox-builder-container.c +++ b/libvirt-sandbox/libvirt-sandbox-builder-container.c @@ -184,7 +184,7 @@ static gboolean gvir_sandbox_builder_container_construct_os(GVirSandboxBuilder * gvir_config_domain_os_set_arch(os, gvir_sandbox_config_get_arch(config)); gvir_config_domain_os_set_init(os, - LIBEXECDIR "/libvirt-sandbox-init-lxc"); + SANDBOXCONFIGDIR "/.libs/libvirt-sandbox-init-lxc"); gvir_config_domain_os_set_cmdline(os, cmdline); gvir_config_domain_set_os(domain, os); @@ -444,6 +444,18 @@ static const gchar *gvir_sandbox_builder_container_get_disk_prefix(GVirSandboxBu return "sd"; } + +static GList *gvir_sandbox_builder_container_get_files_to_copy(GVirSandboxBuilder *builder, + GVirSandboxConfig *config G_GNUC_UNUSED) +{ + GList * tocopy = GVIR_SANDBOX_BUILDER_CLASS(gvir_sandbox_builder_container_parent_class)-> + get_files_to_copy(builder, config); + gchar *file = g_strdup_printf("%s/libvirt-sandbox-init-lxc", LIBEXECDIR); + + return g_list_append(tocopy, file); +} + + static void gvir_sandbox_builder_container_class_init(GVirSandboxBuilderContainerClass *klass) { GObjectClass *object_class = G_OBJECT_CLASS(klass); @@ -458,6 +470,7 @@ static void gvir_sandbox_builder_container_class_init(GVirSandboxBuilderContaine builder_class->construct_features = gvir_sandbox_builder_container_construct_features; builder_class->construct_devices = gvir_sandbox_builder_container_construct_devices; builder_class->get_disk_prefix = gvir_sandbox_builder_container_get_disk_prefix; + builder_class->get_files_to_copy = gvir_sandbox_builder_container_get_files_to_copy; g_type_class_add_private(klass, sizeof(GVirSandboxBuilderContainerPrivate)); } diff --git a/libvirt-sandbox/libvirt-sandbox-builder.c b/libvirt-sandbox/libvirt-sandbox-builder.c index aa932db..2726868 100644 --- a/libvirt-sandbox/libvirt-sandbox-builder.c +++ b/libvirt-sandbox/libvirt-sandbox-builder.c @@ -107,6 +107,8 @@ static gboolean gvir_sandbox_builder_clean_post_stop_default(GVirSandboxBuilder GVirSandboxConfig *config, const gchar *statedir, GError **error); +static GList *gvir_sandbox_builder_get_files_to_copy(GVirSandboxBuilder *builder, + GVirSandboxConfig *config); static void gvir_sandbox_builder_get_property(GObject *object, guint prop_id, @@ -176,6 +178,7 @@ static void gvir_sandbox_builder_class_init(GVirSandboxBuilderClass *klass) klass->construct_security = gvir_sandbox_builder_construct_security; klass->clean_post_start = gvir_sandbox_builder_clean_post_start_default; klass->clean_post_stop = gvir_sandbox_builder_clean_post_stop_default; + klass->get_files_to_copy = gvir_sandbox_builder_get_files_to_copy; g_object_class_install_property(object_class, PROP_CONNECTION, @@ -247,6 +250,108 @@ GVirConnection *gvir_sandbox_builder_get_connection(GVirSandboxBuilder *builder) } +static gboolean gvir_sandbox_builder_copy_file(const char *path, + const char *libsdir, + GError **error) +{ + gchar *name = g_path_get_basename(path); + gchar *target = g_build_filename(libsdir, name, NULL); + GFile *srcFile = g_file_new_for_path(path); + GFile *tgtFile = g_file_new_for_path(target); + gboolean result = FALSE; + + + if (!g_file_query_exists(tgtFile, NULL) && + !g_file_copy(srcFile, tgtFile, 0, NULL, NULL, NULL, error)) + goto cleanup; + + result = TRUE; + + cleanup: + g_object_unref(tgtFile); + g_object_unref(srcFile); + g_free(target); + g_free(name); + + return result; +} + +static gboolean gvir_sandbox_builder_copy_program(const char *program, + const char *dest, + GError **error) +{ + gchar *out = NULL; + gchar *line, *tmp; + const gchar *argv[] = {LDD_PATH, program, NULL}; + gboolean result = FALSE; + + if (!gvir_sandbox_builder_copy_file(program, dest, error)) + goto cleanup; + + + /* Get all the dependencies to be hard linked */ + if (!g_spawn_sync(NULL, (gchar **)argv, NULL, 0, + NULL, NULL, &out, NULL, NULL, error)) + goto cleanup; + + /* Loop over the output lines to get the path to the libraries to copy */ + line = out; + while ((tmp = strchr(line, '\n'))) { + gchar *start, *end; + *tmp = '\0'; + + /* Search the line for the library path */ + start = strstr(line, " => "); + end = strstr(line, " ("); + + if (start && end) { + start = start + 4; + *end = '\0'; + + if (!gvir_sandbox_builder_copy_file(start, dest, error)) + goto cleanup; + } + + line = tmp + 1; + } + result = TRUE; + + cleanup: + g_free(out); + + return result; +} + +static gboolean gvir_sandbox_builder_copy_init(GVirSandboxBuilder *builder, + GVirSandboxConfig *config, + const gchar *statedir, + GError **error) +{ + gchar *libsdir; + GVirSandboxBuilderClass *klass = GVIR_SANDBOX_BUILDER_GET_CLASS(builder); + GList *tocopy = NULL, *tmp = NULL; + gboolean result = FALSE; + + libsdir = g_build_filename(statedir, "config", ".libs", NULL); + g_mkdir_with_parents(libsdir, 0755); + + tmp = tocopy = klass->get_files_to_copy(builder, config); + while (tmp) { + if (!gvir_sandbox_builder_copy_program(tmp->data, libsdir, error)) + goto cleanup; + + tmp = tmp->next; + } + result = TRUE; + + cleanup: + g_free(libsdir); + g_list_free_full(tocopy, g_free); + + return result; +} + + static gboolean gvir_sandbox_builder_construct_domain(GVirSandboxBuilder *builder, GVirSandboxConfig *config, const gchar *statedir, @@ -255,6 +360,9 @@ static gboolean gvir_sandbox_builder_construct_domain(GVirSandboxBuilder *builde { GVirSandboxBuilderClass *klass = GVIR_SANDBOX_BUILDER_GET_CLASS(builder); + if (!gvir_sandbox_builder_copy_init(builder, config, statedir, error)) + return FALSE; + if (!(klass->construct_basic(builder, config, statedir, domain, error))) return FALSE; @@ -511,6 +619,15 @@ static gboolean gvir_sandbox_builder_clean_post_stop_default(GVirSandboxBuilder return TRUE; } +static GList *gvir_sandbox_builder_get_files_to_copy(GVirSandboxBuilder *builder, + GVirSandboxConfig *config G_GNUC_UNUSED) +{ + GList *tocopy = NULL; + gchar *file = g_strdup_printf("%s/libvirt-sandbox-init-common", LIBEXECDIR); + return g_list_append(tocopy, file); +} + + /** * gvir_sandbox_builder_construct: * @builder: (transfer none): the sandbox builder @@ -577,8 +694,48 @@ gboolean gvir_sandbox_builder_clean_post_stop(GVirSandboxBuilder *builder, GError **error) { GVirSandboxBuilderClass *klass = GVIR_SANDBOX_BUILDER_GET_CLASS(builder); + gchar *libsdir = g_build_filename(statedir, "config", ".libs", NULL); + GFile *libsFile = g_file_new_for_path(libsdir); + GFileEnumerator *enumerator = NULL; + GFileInfo *info = NULL; + GFile *child = NULL; + gboolean ret = TRUE; + + ret = klass->clean_post_stop(builder, config, statedir, error); + + if (!(enumerator = g_file_enumerate_children(libsFile, "*", G_FILE_QUERY_INFO_NONE, + NULL, error)) && + (*error)->code != G_IO_ERROR_NOT_FOUND) { + ret = FALSE; + goto cleanup; + } + + while ((info = g_file_enumerator_next_file(enumerator, NULL, error))) { + child = g_file_enumerator_get_child(enumerator, info); + if (!g_file_delete(child, NULL, error)) + ret = FALSE; + g_object_unref(child); + child = NULL; + g_object_unref(info); + info = NULL; + } + + if (!g_file_enumerator_close(enumerator, NULL, error)) + ret = FALSE; - return klass->clean_post_stop(builder, config, statedir, error); + if (!g_file_delete(libsFile, NULL, error) && + (*error)->code != G_IO_ERROR_NOT_FOUND) + ret = FALSE; + + cleanup: + if (child) + g_object_unref(child); + if (info) + g_object_unref(info); + g_object_unref(enumerator); + g_object_unref(libsFile); + g_free(libsdir); + return ret; } diff --git a/libvirt-sandbox/libvirt-sandbox-builder.h b/libvirt-sandbox/libvirt-sandbox-builder.h index 81df92a..2d22f1a 100644 --- a/libvirt-sandbox/libvirt-sandbox-builder.h +++ b/libvirt-sandbox/libvirt-sandbox-builder.h @@ -97,6 +97,8 @@ struct _GVirSandboxBuilderClass const gchar *(*get_disk_prefix)(GVirSandboxBuilder *builder, GVirSandboxConfig *config, GVirSandboxConfigDisk *disk); + GList *(*get_files_to_copy)(GVirSandboxBuilder *builder, + GVirSandboxConfig *config); gpointer padding[LIBVIRT_SANDBOX_CLASS_PADDING]; }; diff --git a/libvirt-sandbox/libvirt-sandbox-init-lxc.c b/libvirt-sandbox/libvirt-sandbox-init-lxc.c index 798af37..e2fe7f0 100644 --- a/libvirt-sandbox/libvirt-sandbox-init-lxc.c +++ b/libvirt-sandbox/libvirt-sandbox-init-lxc.c @@ -77,10 +77,16 @@ main(int argc, char **argv) args[narg++] = "1000"; } - args[narg++] = LIBEXECDIR "/libvirt-sandbox-init-common"; + args[narg++] = SANDBOXCONFIGDIR "/.libs/libvirt-sandbox-init-common"; if (debug) args[narg++] = "-d"; + if (setenv("LD_LIBRARY_PATH", SANDBOXCONFIGDIR "/.libs", 1) != 0) { + fprintf(stderr, "libvirt-sandbox-init-lxc: %s: cannot set LD_LIBRARY_PATH: %s\n", + __func__, strerror(errno)); + exit(EXIT_FAILURE); + } + if (debug) fprintf(stderr, "Running interactive\n"); execv(args[0], (char**)args); diff --git a/libvirt-sandbox/libvirt-sandbox-init-qemu.c b/libvirt-sandbox/libvirt-sandbox-init-qemu.c index 44305fd..62e8e40 100644 --- a/libvirt-sandbox/libvirt-sandbox-init-qemu.c +++ b/libvirt-sandbox/libvirt-sandbox-init-qemu.c @@ -338,10 +338,17 @@ main(int argc ATTR_UNUSED, char **argv ATTR_UNUSED) args[narg++] = "1000"; } - args[narg++] = LIBEXECDIR "/libvirt-sandbox-init-common"; + args[narg++] = SANDBOXCONFIGDIR "/.libs/libvirt-sandbox-init-common"; if (debug) args[narg++] = "-d"; + if (setenv("LD_LIBRARY_PATH", SANDBOXCONFIGDIR "/.libs", 1) < 0) { + fprintf(stderr, "libvirt-sandbox-init-qemu: %s: cannot set LD_LIBRARY_PATH: %s\n", + __func__, strerror(errno)); + exit_poweroff(); + } + + if (debug) fprintf(stderr, "libvirt-sandbox-init-qemu: Running common init %s\n", args[0]); execv(args[0], (char**)args); -- 2.1.4
On Mon, Jun 29, 2015 at 06:44:13PM +0200, Cédric Bosdonnat wrote:
In order to be able to mount a custom host-image as / we need to be able to access libvirt-sandbox-init-common and all its needed dependencies. In the container case we also need to copy libvirt-sandbox-init-lxc.
They are now copied into SANDBOXCONFIGDIR /.libs. Hard linking is not possible since we may be working on separate partitions, and symlinks wouldn't help to work with apparmor. Copying makes apparmor happy and solves our problem. --- configure.ac | 7 + .../libvirt-sandbox-builder-container.c | 15 +- libvirt-sandbox/libvirt-sandbox-builder.c | 159 ++++++++++++++++++++- libvirt-sandbox/libvirt-sandbox-builder.h | 2 + libvirt-sandbox/libvirt-sandbox-init-lxc.c | 8 +- libvirt-sandbox/libvirt-sandbox-init-qemu.c | 9 +- 6 files changed, 196 insertions(+), 4 deletions(-)
diff --git a/libvirt-sandbox/libvirt-sandbox-init-lxc.c b/libvirt-sandbox/libvirt-sandbox-init-lxc.c index 798af37..e2fe7f0 100644 --- a/libvirt-sandbox/libvirt-sandbox-init-lxc.c +++ b/libvirt-sandbox/libvirt-sandbox-init-lxc.c @@ -77,10 +77,16 @@ main(int argc, char **argv) args[narg++] = "1000"; }
- args[narg++] = LIBEXECDIR "/libvirt-sandbox-init-common"; + args[narg++] = SANDBOXCONFIGDIR "/.libs/libvirt-sandbox-init-common"; if (debug) args[narg++] = "-d";
+ if (setenv("LD_LIBRARY_PATH", SANDBOXCONFIGDIR "/.libs", 1) != 0) { + fprintf(stderr, "libvirt-sandbox-init-lxc: %s: cannot set LD_LIBRARY_PATH: %s\n", + __func__, strerror(errno)); + exit(EXIT_FAILURE); + } + if (debug) fprintf(stderr, "Running interactive\n"); execv(args[0], (char**)args); diff --git a/libvirt-sandbox/libvirt-sandbox-init-qemu.c b/libvirt-sandbox/libvirt-sandbox-init-qemu.c index 44305fd..62e8e40 100644 --- a/libvirt-sandbox/libvirt-sandbox-init-qemu.c +++ b/libvirt-sandbox/libvirt-sandbox-init-qemu.c @@ -338,10 +338,17 @@ main(int argc ATTR_UNUSED, char **argv ATTR_UNUSED) args[narg++] = "1000"; }
- args[narg++] = LIBEXECDIR "/libvirt-sandbox-init-common"; + args[narg++] = SANDBOXCONFIGDIR "/.libs/libvirt-sandbox-init-common"; if (debug) args[narg++] = "-d";
+ if (setenv("LD_LIBRARY_PATH", SANDBOXCONFIGDIR "/.libs", 1) < 0) { + fprintf(stderr, "libvirt-sandbox-init-qemu: %s: cannot set LD_LIBRARY_PATH: %s\n", + __func__, strerror(errno)); + exit_poweroff(); + } + + if (debug) fprintf(stderr, "libvirt-sandbox-init-qemu: Running common init %s\n", args[0]); execv(args[0], (char**)args);
We need to unsetenv() in init-common to clear the LD_LIBRARY_PATH setting to prevent it being used by the user application too Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
Removing this dependency avoids getting all libvirt.so dependencies loaded in our container. --- libvirt-sandbox/Makefile.am | 34 ++++++++---- libvirt-sandbox/libvirt-sandbox-config-all.h | 62 ++++++++++++++++++++++ libvirt-sandbox/libvirt-sandbox-config-disk.c | 2 +- libvirt-sandbox/libvirt-sandbox-config-initrd.c | 2 +- .../libvirt-sandbox-config-interactive.c | 2 +- .../libvirt-sandbox-config-mount-file.c | 2 +- .../libvirt-sandbox-config-mount-guest-bind.c | 2 +- .../libvirt-sandbox-config-mount-host-bind.c | 2 +- .../libvirt-sandbox-config-mount-host-image.c | 2 +- libvirt-sandbox/libvirt-sandbox-config-mount-ram.c | 2 +- libvirt-sandbox/libvirt-sandbox-config-mount.c | 2 +- .../libvirt-sandbox-config-network-address.c | 2 +- ...rt-sandbox-config-network-filterref-parameter.c | 2 +- .../libvirt-sandbox-config-network-filterref.c | 2 +- .../libvirt-sandbox-config-network-route.c | 2 +- libvirt-sandbox/libvirt-sandbox-config-network.c | 2 +- .../libvirt-sandbox-config-service-generic.c | 2 +- .../libvirt-sandbox-config-service-systemd.c | 2 +- libvirt-sandbox/libvirt-sandbox-config-service.c | 2 +- libvirt-sandbox/libvirt-sandbox-config.c | 2 +- libvirt-sandbox/libvirt-sandbox-init-common.c | 5 +- libvirt-sandbox/libvirt-sandbox-util.c | 2 +- 22 files changed, 105 insertions(+), 34 deletions(-) create mode 100644 libvirt-sandbox/libvirt-sandbox-config-all.h diff --git a/libvirt-sandbox/Makefile.am b/libvirt-sandbox/Makefile.am index 1cd6ea3..7b3ea27 100644 --- a/libvirt-sandbox/Makefile.am +++ b/libvirt-sandbox/Makefile.am @@ -50,10 +50,7 @@ SANDBOX_RPC_FILES = \ libvirt-sandbox-rpcpacket.h \ $(NULL) -SANDBOX_HEADER_FILES = \ - libvirt-sandbox.h \ - libvirt-sandbox-main.h \ - libvirt-sandbox-util.h \ +SANDBOX_CONFIG_HEADER_FILES = \ libvirt-sandbox-config.h \ libvirt-sandbox-config-disk.h \ libvirt-sandbox-config-network.h \ @@ -72,6 +69,12 @@ SANDBOX_HEADER_FILES = \ libvirt-sandbox-config-service.h \ libvirt-sandbox-config-service-systemd.h \ libvirt-sandbox-config-service-generic.h \ + $(NULL) + +SANDBOX_HEADER_FILES = \ + libvirt-sandbox.h \ + libvirt-sandbox-main.h \ + libvirt-sandbox-util.h \ libvirt-sandbox-builder.h \ libvirt-sandbox-builder-initrd.h \ libvirt-sandbox-builder-machine.h \ @@ -82,9 +85,10 @@ SANDBOX_HEADER_FILES = \ libvirt-sandbox-context.h \ libvirt-sandbox-context-interactive.h \ libvirt-sandbox-context-service.h \ + $(SANDBOX_CONFIG_HEADER_FILES) \ $(NULL) -SANDBOX_SOURCE_FILES = \ - libvirt-sandbox-main.c \ + +SANDBOX_CONFIG_SOURCE_FILES = \ libvirt-sandbox-util.c \ libvirt-sandbox-config.c \ libvirt-sandbox-config-disk.c \ @@ -104,6 +108,10 @@ SANDBOX_SOURCE_FILES = \ libvirt-sandbox-config-service.c \ libvirt-sandbox-config-service-systemd.c \ libvirt-sandbox-config-service-generic.c \ + $(NULL) + +SANDBOX_SOURCE_FILES = \ + libvirt-sandbox-main.c \ libvirt-sandbox-builder.c \ libvirt-sandbox-builder-initrd.c \ libvirt-sandbox-builder-machine.c \ @@ -115,6 +123,8 @@ SANDBOX_SOURCE_FILES = \ libvirt-sandbox-context.c \ libvirt-sandbox-context-interactive.c \ libvirt-sandbox-context-service.c \ + libvirt-sandbox-config-all.h \ + $(SANDBOX_CONFIG_SOURCE_FILES) \ $(NULL) libvirt_sandbox_1_0_ladir = $(includedir)/libvirt-sandbox-1.0/libvirt-sandbox @@ -169,31 +179,33 @@ libvirt_sandbox_1_0_la_LDFLAGS = \ libvirt_sandbox_init_common_SOURCES = libvirt-sandbox-init-common.c \ $(SANDBOX_GENERATED_RPC_FILES) \ $(SANDBOX_RPC_FILES) \ + $(SANDBOX_CONFIG_HEADER_FILES) \ + $(SANDBOX_CONFIG_SOURCE_FILES) \ $(NULL) libvirt_sandbox_init_common_CFLAGS = \ -DLIBEXECDIR="\"$(libexecdir)\"" \ -DSANDBOXCONFIGDIR="\"$(sandboxconfigdir)\"" \ -DLOCALEDIR="\"$(datadir)/locale"\" \ + -DLIBVIRT_SANDBOX_BUILD \ $(COVERAGE_CFLAGS) \ -I$(top_srcdir) \ -I$(top_builddir) \ + $(LIBVIRT_GCONFIG_CFLAGS) \ $(GIO_UNIX_CFLAGS) \ - $(LIBVIRT_GLIB_CFLAGS) \ - $(LIBVIRT_GOBJECT_CFLAGS) \ $(CAPNG_CFLAGS) \ + $(SELINUX_CFLAGS) \ $(WARN_CFLAGS) \ $(NULL) libvirt_sandbox_init_common_LDFLAGS = \ -lutil \ $(COVERAGE_CFLAGS:-f%=-Wc,f%) \ $(GIO_UNIX_LIBS) \ - $(LIBVIRT_GLIB_LIBS) \ - $(LIBVIRT_GOBJECT_LIBS) \ + $(LIBVIRT_GCONFIG_LIBS) \ $(CAPNG_LIBS) \ + $(SELINUX_LIBS) \ $(WARN_CFLAGS) \ $(NULL) libvirt_sandbox_init_common_LDADD = \ - libvirt-sandbox-1.0.la \ $(NULL) libvirt_sandbox_init_lxc_SOURCES = libvirt-sandbox-init-lxc.c diff --git a/libvirt-sandbox/libvirt-sandbox-config-all.h b/libvirt-sandbox/libvirt-sandbox-config-all.h new file mode 100644 index 0000000..8cb25c4 --- /dev/null +++ b/libvirt-sandbox/libvirt-sandbox-config-all.h @@ -0,0 +1,62 @@ +/* + * libvirt-sandbox.h: libvirt sandbox integration +[ * + * Copyright (C) 2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + * + * Author: Daniel P. Berrange <berrange@redhat.com> + */ + +#ifndef __LIBVIRT_SANDBOX_CONFIG_ALL_H__ +#define __LIBVIRT_SANDBOX_CONFIG_ALL_H__ + +/* External include */ +#include <libvirt-gconfig/libvirt-gconfig.h> +#include <glib.h> +#include <glib-object.h> +#include <gio/gio.h> + +/* Local includes */ +#include <libvirt-sandbox/libvirt-sandbox-util.h> +#include <libvirt-sandbox/libvirt-sandbox-config-disk.h> +#include <libvirt-sandbox/libvirt-sandbox-config-mount.h> +#include <libvirt-sandbox/libvirt-sandbox-config-mount-file.h> +#include <libvirt-sandbox/libvirt-sandbox-config-mount-host-bind.h> +#include <libvirt-sandbox/libvirt-sandbox-config-mount-host-image.h> +#include <libvirt-sandbox/libvirt-sandbox-config-mount-guest-bind.h> +#include <libvirt-sandbox/libvirt-sandbox-config-mount-ram.h> +#include <libvirt-sandbox/libvirt-sandbox-config-network-address.h> +#include <libvirt-sandbox/libvirt-sandbox-config-network-filterref-parameter.h> +#include <libvirt-sandbox/libvirt-sandbox-config-network-filterref.h> +#include <libvirt-sandbox/libvirt-sandbox-config-network-route.h> +#include <libvirt-sandbox/libvirt-sandbox-config-network.h> +#include <libvirt-sandbox/libvirt-sandbox-config.h> +#include <libvirt-sandbox/libvirt-sandbox-config-initrd.h> +#include <libvirt-sandbox/libvirt-sandbox-config-interactive.h> +#include <libvirt-sandbox/libvirt-sandbox-config-service.h> +#include <libvirt-sandbox/libvirt-sandbox-config-service-systemd.h> +#include <libvirt-sandbox/libvirt-sandbox-config-service-generic.h> + +#endif /* __LIBVIRT_SANDBOX_CONFIG_ALL_H__ */ + +/* + * Local variables: + * c-indent-level: 4 + * c-basic-offset: 4 + * indent-tabs-mode: nil + * tab-width: 8 + * End: + */ diff --git a/libvirt-sandbox/libvirt-sandbox-config-disk.c b/libvirt-sandbox/libvirt-sandbox-config-disk.c index 0781714..9837735 100644 --- a/libvirt-sandbox/libvirt-sandbox-config-disk.c +++ b/libvirt-sandbox/libvirt-sandbox-config-disk.c @@ -23,7 +23,7 @@ #include <config.h> #include <string.h> -#include "libvirt-sandbox/libvirt-sandbox.h" +#include "libvirt-sandbox/libvirt-sandbox-config-all.h" /** * SECTION: libvirt-sandbox-config-disk diff --git a/libvirt-sandbox/libvirt-sandbox-config-initrd.c b/libvirt-sandbox/libvirt-sandbox-config-initrd.c index f272053..ed35c36 100644 --- a/libvirt-sandbox/libvirt-sandbox-config-initrd.c +++ b/libvirt-sandbox/libvirt-sandbox-config-initrd.c @@ -23,7 +23,7 @@ #include <config.h> #include <string.h> -#include "libvirt-sandbox/libvirt-sandbox.h" +#include "libvirt-sandbox/libvirt-sandbox-config-all.h" /** * SECTION: libvirt-sandbox-config-initrd diff --git a/libvirt-sandbox/libvirt-sandbox-config-interactive.c b/libvirt-sandbox/libvirt-sandbox-config-interactive.c index 82d9431..27b4c16 100644 --- a/libvirt-sandbox/libvirt-sandbox-config-interactive.c +++ b/libvirt-sandbox/libvirt-sandbox-config-interactive.c @@ -23,7 +23,7 @@ #include <config.h> #include <string.h> -#include "libvirt-sandbox/libvirt-sandbox.h" +#include "libvirt-sandbox/libvirt-sandbox-config-all.h" /** * SECTION: libvirt-sandbox-config-interactive diff --git a/libvirt-sandbox/libvirt-sandbox-config-mount-file.c b/libvirt-sandbox/libvirt-sandbox-config-mount-file.c index d6a3122..e53929f 100644 --- a/libvirt-sandbox/libvirt-sandbox-config-mount-file.c +++ b/libvirt-sandbox/libvirt-sandbox-config-mount-file.c @@ -23,7 +23,7 @@ #include <config.h> #include <string.h> -#include "libvirt-sandbox/libvirt-sandbox.h" +#include "libvirt-sandbox/libvirt-sandbox-config-all.h" /** * SECTION: libvirt-sandbox-config-mount-file diff --git a/libvirt-sandbox/libvirt-sandbox-config-mount-guest-bind.c b/libvirt-sandbox/libvirt-sandbox-config-mount-guest-bind.c index 5b3b87f..061f625 100644 --- a/libvirt-sandbox/libvirt-sandbox-config-mount-guest-bind.c +++ b/libvirt-sandbox/libvirt-sandbox-config-mount-guest-bind.c @@ -23,7 +23,7 @@ #include <config.h> #include <string.h> -#include "libvirt-sandbox/libvirt-sandbox.h" +#include "libvirt-sandbox/libvirt-sandbox-config-all.h" /** * SECTION: libvirt-sandbox-config-mount-guest-bind diff --git a/libvirt-sandbox/libvirt-sandbox-config-mount-host-bind.c b/libvirt-sandbox/libvirt-sandbox-config-mount-host-bind.c index d65f51f..c0c911b 100644 --- a/libvirt-sandbox/libvirt-sandbox-config-mount-host-bind.c +++ b/libvirt-sandbox/libvirt-sandbox-config-mount-host-bind.c @@ -23,7 +23,7 @@ #include <config.h> #include <string.h> -#include "libvirt-sandbox/libvirt-sandbox.h" +#include "libvirt-sandbox/libvirt-sandbox-config-all.h" /** * SECTION: libvirt-sandbox-config-mount-host-bind diff --git a/libvirt-sandbox/libvirt-sandbox-config-mount-host-image.c b/libvirt-sandbox/libvirt-sandbox-config-mount-host-image.c index 37573ef..cf7ce49 100644 --- a/libvirt-sandbox/libvirt-sandbox-config-mount-host-image.c +++ b/libvirt-sandbox/libvirt-sandbox-config-mount-host-image.c @@ -23,7 +23,7 @@ #include <config.h> #include <string.h> -#include "libvirt-sandbox/libvirt-sandbox.h" +#include "libvirt-sandbox/libvirt-sandbox-config-all.h" /** * SECTION: libvirt-sandbox-config-mount-image diff --git a/libvirt-sandbox/libvirt-sandbox-config-mount-ram.c b/libvirt-sandbox/libvirt-sandbox-config-mount-ram.c index f4ad6e2..1e0c352 100644 --- a/libvirt-sandbox/libvirt-sandbox-config-mount-ram.c +++ b/libvirt-sandbox/libvirt-sandbox-config-mount-ram.c @@ -23,7 +23,7 @@ #include <config.h> #include <string.h> -#include "libvirt-sandbox/libvirt-sandbox.h" +#include "libvirt-sandbox/libvirt-sandbox-config-all.h" /** * SECTION: libvirt-sandbox-config-mount-ram diff --git a/libvirt-sandbox/libvirt-sandbox-config-mount.c b/libvirt-sandbox/libvirt-sandbox-config-mount.c index b84199e..21a8684 100644 --- a/libvirt-sandbox/libvirt-sandbox-config-mount.c +++ b/libvirt-sandbox/libvirt-sandbox-config-mount.c @@ -23,7 +23,7 @@ #include <config.h> #include <string.h> -#include "libvirt-sandbox/libvirt-sandbox.h" +#include "libvirt-sandbox/libvirt-sandbox-config-all.h" /** * SECTION: libvirt-sandbox-config-mount diff --git a/libvirt-sandbox/libvirt-sandbox-config-network-address.c b/libvirt-sandbox/libvirt-sandbox-config-network-address.c index b2e58dc..68b0268 100644 --- a/libvirt-sandbox/libvirt-sandbox-config-network-address.c +++ b/libvirt-sandbox/libvirt-sandbox-config-network-address.c @@ -23,7 +23,7 @@ #include <config.h> #include <string.h> -#include "libvirt-sandbox/libvirt-sandbox.h" +#include "libvirt-sandbox/libvirt-sandbox-config-all.h" /** * SECTION: libvirt-sandbox-config-network_address diff --git a/libvirt-sandbox/libvirt-sandbox-config-network-filterref-parameter.c b/libvirt-sandbox/libvirt-sandbox-config-network-filterref-parameter.c index 5086ac6..2807b4f 100644 --- a/libvirt-sandbox/libvirt-sandbox-config-network-filterref-parameter.c +++ b/libvirt-sandbox/libvirt-sandbox-config-network-filterref-parameter.c @@ -23,7 +23,7 @@ #include <config.h> #include <string.h> -#include "libvirt-sandbox/libvirt-sandbox.h" +#include "libvirt-sandbox/libvirt-sandbox-config-all.h" /** * SECTION: libvirt-sandbox-config-network-filterref-parameter diff --git a/libvirt-sandbox/libvirt-sandbox-config-network-filterref.c b/libvirt-sandbox/libvirt-sandbox-config-network-filterref.c index c0c8e01..1770c0b 100644 --- a/libvirt-sandbox/libvirt-sandbox-config-network-filterref.c +++ b/libvirt-sandbox/libvirt-sandbox-config-network-filterref.c @@ -24,7 +24,7 @@ #include <config.h> #include <string.h> -#include "libvirt-sandbox/libvirt-sandbox.h" +#include "libvirt-sandbox/libvirt-sandbox-config-all.h" /** * SECTION: libvirt-sandbox-config-network-filterref diff --git a/libvirt-sandbox/libvirt-sandbox-config-network-route.c b/libvirt-sandbox/libvirt-sandbox-config-network-route.c index 311b2e7..1664d18 100644 --- a/libvirt-sandbox/libvirt-sandbox-config-network-route.c +++ b/libvirt-sandbox/libvirt-sandbox-config-network-route.c @@ -23,7 +23,7 @@ #include <config.h> #include <string.h> -#include "libvirt-sandbox/libvirt-sandbox.h" +#include "libvirt-sandbox/libvirt-sandbox-config-all.h" /** * SECTION: libvirt-sandbox-config-network_route diff --git a/libvirt-sandbox/libvirt-sandbox-config-network.c b/libvirt-sandbox/libvirt-sandbox-config-network.c index 2bb55bf..df21700 100644 --- a/libvirt-sandbox/libvirt-sandbox-config-network.c +++ b/libvirt-sandbox/libvirt-sandbox-config-network.c @@ -23,7 +23,7 @@ #include <config.h> #include <string.h> -#include "libvirt-sandbox/libvirt-sandbox.h" +#include "libvirt-sandbox/libvirt-sandbox-config-all.h" /** * SECTION: libvirt-sandbox-config-network diff --git a/libvirt-sandbox/libvirt-sandbox-config-service-generic.c b/libvirt-sandbox/libvirt-sandbox-config-service-generic.c index a9e8858..d1118c2 100644 --- a/libvirt-sandbox/libvirt-sandbox-config-service-generic.c +++ b/libvirt-sandbox/libvirt-sandbox-config-service-generic.c @@ -23,7 +23,7 @@ #include <config.h> #include <string.h> -#include "libvirt-sandbox/libvirt-sandbox.h" +#include "libvirt-sandbox/libvirt-sandbox-config-all.h" /** * SECTION: libvirt-sandbox-config-service-generic diff --git a/libvirt-sandbox/libvirt-sandbox-config-service-systemd.c b/libvirt-sandbox/libvirt-sandbox-config-service-systemd.c index 8436a25..dc2e4a5 100644 --- a/libvirt-sandbox/libvirt-sandbox-config-service-systemd.c +++ b/libvirt-sandbox/libvirt-sandbox-config-service-systemd.c @@ -23,7 +23,7 @@ #include <config.h> #include <string.h> -#include "libvirt-sandbox/libvirt-sandbox.h" +#include "libvirt-sandbox/libvirt-sandbox-config-all.h" /** * SECTION: libvirt-sandbox-config-service-systemd diff --git a/libvirt-sandbox/libvirt-sandbox-config-service.c b/libvirt-sandbox/libvirt-sandbox-config-service.c index a99f42a..388ec63 100644 --- a/libvirt-sandbox/libvirt-sandbox-config-service.c +++ b/libvirt-sandbox/libvirt-sandbox-config-service.c @@ -23,7 +23,7 @@ #include <config.h> #include <string.h> -#include "libvirt-sandbox/libvirt-sandbox.h" +#include "libvirt-sandbox/libvirt-sandbox-config-all.h" /** * SECTION: libvirt-sandbox-config-service diff --git a/libvirt-sandbox/libvirt-sandbox-config.c b/libvirt-sandbox/libvirt-sandbox-config.c index 6057213..b9c13a7 100644 --- a/libvirt-sandbox/libvirt-sandbox-config.c +++ b/libvirt-sandbox/libvirt-sandbox-config.c @@ -26,7 +26,7 @@ #include <glib/gi18n.h> -#include "libvirt-sandbox/libvirt-sandbox.h" +#include "libvirt-sandbox/libvirt-sandbox-config-all.h" #include "libvirt-sandbox/libvirt-sandbox-util.h" #include <errno.h> #include <selinux/selinux.h> diff --git a/libvirt-sandbox/libvirt-sandbox-init-common.c b/libvirt-sandbox/libvirt-sandbox-init-common.c index 27c2924..1652ff2 100644 --- a/libvirt-sandbox/libvirt-sandbox-init-common.c +++ b/libvirt-sandbox/libvirt-sandbox-init-common.c @@ -22,7 +22,7 @@ #include <config.h> -#include <libvirt-sandbox/libvirt-sandbox.h> +#include <libvirt-sandbox/libvirt-sandbox-config-all.h> #include <glib/gi18n.h> #include <stdio.h> @@ -1225,9 +1225,6 @@ int main(int argc, char **argv) { exit(EXIT_FAILURE); } - if (!gvir_sandbox_init_check(&argc, &argv, &error)) - exit(EXIT_FAILURE); - g_set_application_name(_("Libvirt Sandbox Init Common")); context = g_option_context_new (_("- Libvirt Sandbox")); diff --git a/libvirt-sandbox/libvirt-sandbox-util.c b/libvirt-sandbox/libvirt-sandbox-util.c index 07a2287..6385291 100644 --- a/libvirt-sandbox/libvirt-sandbox-util.c +++ b/libvirt-sandbox/libvirt-sandbox-util.c @@ -25,7 +25,7 @@ #include <errno.h> #include <glib/gi18n.h> -#include "libvirt-sandbox/libvirt-sandbox.h" +#include "libvirt-sandbox/libvirt-sandbox-config-all.h" #define GVIR_SANDBOX_UTIL_ERROR gvir_sandbox_util_error_quark() -- 2.1.4
Create a mount_entry function from the code mounting the entries defined in mounts.cfg in order to be able to reuse that code. This will later be useful to mount a / from mounts.cfg. --- libvirt-sandbox/libvirt-sandbox-init-qemu.c | 63 ++++++++++++++++------------- 1 file changed, 36 insertions(+), 27 deletions(-) diff --git a/libvirt-sandbox/libvirt-sandbox-init-qemu.c b/libvirt-sandbox/libvirt-sandbox-init-qemu.c index 62e8e40..4a3883d 100644 --- a/libvirt-sandbox/libvirt-sandbox-init-qemu.c +++ b/libvirt-sandbox/libvirt-sandbox-init-qemu.c @@ -181,6 +181,41 @@ mount_9pfs(const char *src, const char *dst, int mode, int readonly) } +static void +mount_entry(const char *source, + const char *target, + const char *type, + const char * opts) +{ + int flags = 0; + + if (STREQ(type, "")) { + struct stat st; + type = NULL; + flags |= MS_BIND; + if (stat(source, &st) < 0) { + fprintf(stderr, "libvirt-sandbox-init-qemu: %s: cannot read mount source %s: %s\n", + __func__, source, strerror(errno)); + exit_poweroff(); + } + if (S_ISDIR(st.st_mode)) + mount_mkdir(target, 755); + else + mount_mkfile(target, 644); + } else { + if (STREQ(type, "tmpfs")) + flags |= MS_NOSUID | MS_NODEV; + + mount_mkdir(target, 0755); + } + + if (mount(source, target, type, flags, opts) < 0) { + fprintf(stderr, "libvirt-sandbox-init-qemu: %s: cannot mount %s on %s (%s, %s): %s\n", + __func__, source, target, type, opts, strerror(errno)); + exit_poweroff(); + } +} + int main(int argc ATTR_UNUSED, char **argv ATTR_UNUSED) { @@ -278,38 +313,12 @@ main(int argc ATTR_UNUSED, char **argv ATTR_UNUSED) opts++; char *tmp = strchr(opts, '\n'); *tmp = '\0'; - int flags = 0; if (debug) fprintf(stderr, "libvirt-sandbox-init-qemu: %s: %s -> %s (%s, %s)\n", __func__, source, target, type, opts); - - if (STREQ(type, "")) { - struct stat st; - type = NULL; - flags |= MS_BIND; - if (stat(source, &st) < 0) { - fprintf(stderr, "libvirt-sandbox-init-qemu: %s: cannot read mount source %s: %s\n", - __func__, source, strerror(errno)); - exit_poweroff(); - } - if (S_ISDIR(st.st_mode)) - mount_mkdir(target, 755); - else - mount_mkfile(target, 644); - } else { - if (STREQ(type, "tmpfs")) - flags |= MS_NOSUID | MS_NODEV; - - mount_mkdir(target, 0755); - } - - if (mount(source, target, type, flags, opts) < 0) { - fprintf(stderr, "libvirt-sandbox-init-qemu: %s: cannot mount %s on %s (%s, %s): %s\n", - __func__, source, target, type, opts, strerror(errno)); - exit_poweroff(); - } + mount_entry(source, target, type, opts); } fclose(fp); -- 2.1.4
So far a mount with / as target doesn't change anything: the host / is still the one mounted as /. libvirt-sandbox-init-qemu now detects the presence of a / target in mounts.cfg and mounts it instead of sandbox:root. --- libvirt-sandbox/libvirt-sandbox-init-qemu.c | 79 ++++++++++++++++++++++++++++- 1 file changed, 77 insertions(+), 2 deletions(-) diff --git a/libvirt-sandbox/libvirt-sandbox-init-qemu.c b/libvirt-sandbox/libvirt-sandbox-init-qemu.c index 4a3883d..09580da 100644 --- a/libvirt-sandbox/libvirt-sandbox-init-qemu.c +++ b/libvirt-sandbox/libvirt-sandbox-init-qemu.c @@ -52,6 +52,7 @@ #define ATTR_UNUSED __attribute__((__unused__)) #define STREQ(x,y) (strcmp(x,y) == 0) +#define STRNEQ(x,y) (strcmp(x,y) != 0) static void print_uptime (void); static void insmod (const char *filename); @@ -216,6 +217,79 @@ mount_entry(const char *source, } } +static void +mount_root(const char *path) +{ + int foundRoot = 0; + + /* Loop over mounts.cfg to see if we have a candidate for / */ + mount_mkdir(SANDBOXCONFIGDIR, 0755); + mount_9pfs("sandbox:config", SANDBOXCONFIGDIR, 0755, 1); + + FILE *fp = fopen(SANDBOXCONFIGDIR "/mounts.cfg", "r"); + while (fgets(line, sizeof line, fp) && !foundRoot) { + char *source = line; + char *target = strchr(source, '\t'); + *target = '\0'; + target++; + char *type = strchr(target, '\t'); + *type = '\0'; + type++; + char *opts = strchr(type, '\t'); + *opts = '\0'; + opts++; + char *tmp = strchr(opts, '\n'); + *tmp = '\0'; + + if (STREQ(target, "/")) { + int needsDev = strncmp(source, "/dev/", 5) == 0; + + if (debug) + fprintf(stderr, "libvirt-sandbox-init-qemu: found root from %s\n", + source); + + /* In this case, we need to have a /dev before the chroot */ + if (needsDev) { + mount_other("/proc", "proc", 0755); + mount_other("/dev", "devtmpfs", 0755); + } + + mount_entry(source, path, type, opts); + + if (needsDev) { + if (umount("/dev") < 0) { + fprintf(stderr, + "libvirt-sandbox-init-qemu: %s: " + "cannot unmount temporary /dev: %s\n", + __func__, strerror(errno)); + exit_poweroff(); + } + if (umount("/proc") < 0) { + fprintf(stderr, + "libvirt-sandbox-init-qemu: %s: " + "cannot unmount temporary /proc: %s\n", + __func__, strerror(errno)); + exit_poweroff(); + } + } + foundRoot = 1; + } + } + fclose(fp); + + if (umount(SANDBOXCONFIGDIR) < 0) { + fprintf(stderr, + "libvirt-sandbox-init-qemu: %s: " + "cannot unmount temporary %s: %s\n", + __func__, SANDBOXCONFIGDIR, strerror(errno)); + exit_poweroff(); + } + + /* If we couldn't get a / in the mounts, then use the host one */ + if (!foundRoot) + mount_9pfs("sandbox:root", path, 0755, 1); +} + int main(int argc ATTR_UNUSED, char **argv ATTR_UNUSED) { @@ -259,7 +333,7 @@ main(int argc ATTR_UNUSED, char **argv ATTR_UNUSED) if (debug) fprintf(stderr, "libvirt-sandbox-init-qemu: mounting new root on /tmproot\n"); - mount_9pfs("sandbox:root", "/tmproot", 0755, 1); + mount_root("/tmproot"); /* Note that pivot_root won't work. See the note in * Documentation/filesystems/ramfs-rootfs-initramfs.txt @@ -318,7 +392,8 @@ main(int argc ATTR_UNUSED, char **argv ATTR_UNUSED) fprintf(stderr, "libvirt-sandbox-init-qemu: %s: %s -> %s (%s, %s)\n", __func__, source, target, type, opts); - mount_entry(source, target, type, opts); + if (STRNEQ(target, "/")) + mount_entry(source, target, type, opts); } fclose(fp); -- 2.1.4
gvir_sandbox_config_has_root_mount is a convenience function to check if there is a mount with target '/' --- libvirt-sandbox/libvirt-sandbox-config.c | 21 +++++++++++++++++++++ libvirt-sandbox/libvirt-sandbox-config.h | 1 + libvirt-sandbox/libvirt-sandbox.sym | 1 + 3 files changed, 23 insertions(+) diff --git a/libvirt-sandbox/libvirt-sandbox-config.c b/libvirt-sandbox/libvirt-sandbox-config.c index b9c13a7..2506072 100644 --- a/libvirt-sandbox/libvirt-sandbox-config.c +++ b/libvirt-sandbox/libvirt-sandbox-config.c @@ -1561,6 +1561,27 @@ gboolean gvir_sandbox_config_has_mounts_with_type(GVirSandboxConfig *config, } +gboolean gvir_sandbox_config_has_root_mount(GVirSandboxConfig *config) +{ + GList *tmp = NULL, *mounts = NULL; + gboolean hasRoot = FALSE; + + tmp = mounts = gvir_sandbox_config_get_mounts(config); + while (tmp && !hasRoot) { + const gchar *target; + GVirSandboxConfigMount *mount = GVIR_SANDBOX_CONFIG_MOUNT(tmp->data); + target = gvir_sandbox_config_mount_get_target(mount); + if (g_str_equal(target, "/")) + hasRoot = TRUE; + tmp = tmp->next; + } + g_list_foreach(mounts, (GFunc)g_object_unref, NULL); + g_list_free(mounts); + + return hasRoot; +} + + /** diff --git a/libvirt-sandbox/libvirt-sandbox-config.h b/libvirt-sandbox/libvirt-sandbox-config.h index ebbebf2..2c5f0a6 100644 --- a/libvirt-sandbox/libvirt-sandbox-config.h +++ b/libvirt-sandbox/libvirt-sandbox-config.h @@ -150,6 +150,7 @@ gboolean gvir_sandbox_config_add_mount_strv(GVirSandboxConfig *config, gboolean gvir_sandbox_config_has_mounts(GVirSandboxConfig *config); gboolean gvir_sandbox_config_has_mounts_with_type(GVirSandboxConfig *config, GType type); +gboolean gvir_sandbox_config_has_root_mount(GVirSandboxConfig *config); gboolean gvir_sandbox_config_add_host_include_strv(GVirSandboxConfig *config, gchar **includes, diff --git a/libvirt-sandbox/libvirt-sandbox.sym b/libvirt-sandbox/libvirt-sandbox.sym index e5f8660..65b0db5 100644 --- a/libvirt-sandbox/libvirt-sandbox.sym +++ b/libvirt-sandbox/libvirt-sandbox.sym @@ -212,6 +212,7 @@ LIBVIRT_SANDBOX_0.2.1 { LIBVIRT_SANDBOX_0.5.2 { global: + gvir_sandbox_config_has_root_mount; gvir_sandbox_config_mount_guest_bind_get_format; gvir_sandbox_config_add_disk; gvir_sandbox_config_add_disk_strv; -- 2.1.4
There is no need to expose the host file system if the user defined a mount targetting / --- libvirt-sandbox/libvirt-sandbox-builder-machine.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/libvirt-sandbox/libvirt-sandbox-builder-machine.c b/libvirt-sandbox/libvirt-sandbox-builder-machine.c index 74ef852..4cbd566 100644 --- a/libvirt-sandbox/libvirt-sandbox-builder-machine.c +++ b/libvirt-sandbox/libvirt-sandbox-builder-machine.c @@ -515,17 +515,19 @@ static gboolean gvir_sandbox_builder_machine_construct_devices(GVirSandboxBuilde construct_devices(builder, config, statedir, domain, error)) goto cleanup; - fs = gvir_config_domain_filesys_new(); - gvir_config_domain_filesys_set_type(fs, GVIR_CONFIG_DOMAIN_FILESYS_MOUNT); - gvir_config_domain_filesys_set_access_type(fs, GVIR_CONFIG_DOMAIN_FILESYS_ACCESS_SQUASH); - gvir_config_domain_filesys_set_source(fs, - gvir_sandbox_config_get_root(config)); - gvir_config_domain_filesys_set_target(fs, "sandbox:root"); - gvir_config_domain_filesys_set_readonly(fs, TRUE); + if (!gvir_sandbox_config_has_root_mount(config)) { + fs = gvir_config_domain_filesys_new(); + gvir_config_domain_filesys_set_type(fs, GVIR_CONFIG_DOMAIN_FILESYS_MOUNT); + gvir_config_domain_filesys_set_access_type(fs, GVIR_CONFIG_DOMAIN_FILESYS_ACCESS_SQUASH); + gvir_config_domain_filesys_set_source(fs, + gvir_sandbox_config_get_root(config)); + gvir_config_domain_filesys_set_target(fs, "sandbox:root"); + gvir_config_domain_filesys_set_readonly(fs, TRUE); - gvir_config_domain_add_device(domain, - GVIR_CONFIG_DOMAIN_DEVICE(fs)); - g_object_unref(fs); + gvir_config_domain_add_device(domain, + GVIR_CONFIG_DOMAIN_DEVICE(fs)); + g_object_unref(fs); + } fs = gvir_config_domain_filesys_new(); -- 2.1.4
If the user defined a mount targeting / don't add the host / as mount to /. --- .../libvirt-sandbox-builder-container.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/libvirt-sandbox/libvirt-sandbox-builder-container.c b/libvirt-sandbox/libvirt-sandbox-builder-container.c index d226d35..66e1fc6 100644 --- a/libvirt-sandbox/libvirt-sandbox-builder-container.c +++ b/libvirt-sandbox/libvirt-sandbox-builder-container.c @@ -256,17 +256,19 @@ static gboolean gvir_sandbox_builder_container_construct_devices(GVirSandboxBuil g_list_free(disks); - fs = gvir_config_domain_filesys_new(); - gvir_config_domain_filesys_set_type(fs, GVIR_CONFIG_DOMAIN_FILESYS_MOUNT); - gvir_config_domain_filesys_set_access_type(fs, GVIR_CONFIG_DOMAIN_FILESYS_ACCESS_PASSTHROUGH); - gvir_config_domain_filesys_set_source(fs, - gvir_sandbox_config_get_root(config)); - gvir_config_domain_filesys_set_target(fs, "/"); - gvir_config_domain_filesys_set_readonly(fs, TRUE); + if (!gvir_sandbox_config_has_root_mount(config)) { + fs = gvir_config_domain_filesys_new(); + gvir_config_domain_filesys_set_type(fs, GVIR_CONFIG_DOMAIN_FILESYS_MOUNT); + gvir_config_domain_filesys_set_access_type(fs, GVIR_CONFIG_DOMAIN_FILESYS_ACCESS_PASSTHROUGH); + gvir_config_domain_filesys_set_source(fs, + gvir_sandbox_config_get_root(config)); + gvir_config_domain_filesys_set_target(fs, "/"); + gvir_config_domain_filesys_set_readonly(fs, TRUE); - gvir_config_domain_add_device(domain, - GVIR_CONFIG_DOMAIN_DEVICE(fs)); - g_object_unref(fs); + gvir_config_domain_add_device(domain, + GVIR_CONFIG_DOMAIN_DEVICE(fs)); + g_object_unref(fs); + } -- 2.1.4
On Mon, Jun 29, 2015 at 06:44:08PM +0200, Cédric Bosdonnat wrote:
Hi all,
In the virt-sandbox documentation we had examples with host-image mounts targetting /. However the / in the sandbox was still the host one. The main goal of this patch series is to fix that problem. This will also be needed to run docker container with libvirt-sandbox.
I also added some configure flags to disable lzma or zlib support at build time. At least opensuse 13.2 doesn't have static lzma.
So, I've actually tested this series successfully now and it works fine in the common case, so I've pushed it with the couple of fixes I mentioned inline. As discussed on IRC we still have an issue with using older distros for the root filesystem, due to some glib/ld-linux compatibility issues. I'll work on a fix for that now... Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
participants (2)
-
Cédric Bosdonnat -
Daniel P. Berrange