[OpenWrt-Devel] [PATCH v2] procd: detect lxc container and behave accordingly

Hans Dedecker dedeckeh at gmail.com
Sun May 5 00:53:24 PDT 2019


On Sat, May 4, 2019 at 10:30 PM Paul Spooren <mail at aparcar.org> wrote:
>
> meaning to not mount some specific parts witch cause trouble.
>
> The patch is based on previous work of @mikma to combine OpenWrt with
> lxd[0]. This patch however adds a detection copied from *virt-what* to
> check /proc/1/environment for the string "container".
>
> Thanks to @dangowrt for the cleanup.
>
> [0]: https://github.com/containercraft/openwrt-lxd/blob/master/patches/procd-openwrt-18.06/001_lxd_no_mounts.patch
>
> Signed-off-by: Paul Spooren <mail at aparcar.org>
> ---
>  container.h     | 22 ++++++++++++++++++++++
>  initd/early.c   | 20 ++++++++++++--------
>  initd/zram.c    | 11 +++++++----
>  plug/coldplug.c | 14 +++++++++-----
>  4 files changed, 50 insertions(+), 17 deletions(-)
>  create mode 100644 container.h
>
> diff --git a/container.h b/container.h
> new file mode 100644
> index 0000000..c9b5e46
> --- /dev/null
> +++ b/container.h
> @@ -0,0 +1,22 @@
> +/*
> + * Copyright (C) 2019 Paul Spooren <mail at aparcar.de>
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU Lesser General Public License version 2.1
> + * as published by the Free Software Foundation
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + */
> +
> +#ifndef __CONTAINER_H
> +#define __CONTAINER_H
> +#include <stdlib.h>
> +
> +static inline unsigned short int is_container() {
Let this function return a bool

Hans
> +       return !!getenv("container");
> +}
> +
> +#endif
> diff --git a/initd/early.c b/initd/early.c
> index 2e15112..7b281b2 100644
> --- a/initd/early.c
> +++ b/initd/early.c
> @@ -25,6 +25,7 @@
>  #include "../utils/utils.h"
>  #include "init.h"
>  #include "../libc-compat.h"
> +#include "../container.h"
>
>  static void
>  early_dev(void)
> @@ -56,14 +57,17 @@ early_mounts(void)
>  {
>         unsigned int oldumask = umask(0);
>
> -       mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, 0);
> -       mount("sysfs", "/sys", "sysfs", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, 0);
> -       mount("cgroup", "/sys/fs/cgroup", "cgroup",  MS_NODEV | MS_NOEXEC | MS_NOSUID, 0);
> -       mount("tmpfs", "/dev", "tmpfs", MS_NOATIME | MS_NOSUID, "mode=0755,size=512K");
> -       ignore(symlink("/tmp/shm", "/dev/shm"));
> -       mkdir("/dev/pts", 0755);
> -       mount("devpts", "/dev/pts", "devpts", MS_NOATIME | MS_NOEXEC | MS_NOSUID, "mode=600");
> -       early_dev();
> +       if (!is_container()) {
> +               mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, 0);
> +               mount("sysfs", "/sys", "sysfs", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, 0);
> +               mount("cgroup", "/sys/fs/cgroup", "cgroup",  MS_NODEV | MS_NOEXEC | MS_NOSUID, 0);
> +               mount("tmpfs", "/dev", "tmpfs", MS_NOATIME | MS_NOSUID, "mode=0755,size=512K");
> +               ignore(symlink("/tmp/shm", "/dev/shm"));
> +               mkdir("/dev/pts", 0755);
> +               mount("devpts", "/dev/pts", "devpts", MS_NOATIME | MS_NOEXEC | MS_NOSUID, "mode=600");
> +
> +               early_dev();
> +       }
>
>         early_console("/dev/console");
>         if (mount_zram_on_tmp()) {
> diff --git a/initd/zram.c b/initd/zram.c
> index b41bfd9..487d3d6 100644
> --- a/initd/zram.c
> +++ b/initd/zram.c
> @@ -12,6 +12,7 @@
>  #include <sys/stat.h>
>
>  #include "../log.h"
> +#include "../container.h"
>
>  #include "init.h"
>
> @@ -116,10 +117,12 @@ mount_zram_on_tmp(void)
>                 waitpid(pid, NULL, 0);
>         }
>
> -       ret = mount("/dev/zram0", "/tmp", "ext4", MS_NOSUID | MS_NODEV | MS_NOATIME, "errors=continue,noquota");
> -       if (ret < 0) {
> -               ERROR("Can't mount /dev/zram0 on /tmp: %m\n");
> -               return errno;
> +       if (!is_container()) {
> +               ret = mount("/dev/zram0", "/tmp", "ext4", MS_NOSUID | MS_NODEV | MS_NOATIME, "errors=continue,noquota");
> +               if (ret < 0) {
> +                       ERROR("Can't mount /dev/zram0 on /tmp: %m\n");
> +                       return errno;
> +               }
>         }
>
>         LOG("Using up to %ld kB of RAM as ZRAM storage on /mnt\n", zramsize);
> diff --git a/plug/coldplug.c b/plug/coldplug.c
> index c6a89c3..12df421 100644
> --- a/plug/coldplug.c
> +++ b/plug/coldplug.c
> @@ -22,6 +22,7 @@
>  #include "../libc-compat.h"
>
>  #include "hotplug.h"
> +#include "../container.h"
>
>  static struct uloop_process udevtrigger;
>
> @@ -43,13 +44,16 @@ void procd_coldplug(void)
>         char *argv[] = { "udevtrigger", NULL };
>         unsigned int oldumask = umask(0);
>
> -       umount2("/dev/pts", MNT_DETACH);
> -       umount2("/dev/", MNT_DETACH);
> -       mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755,size=512K");
> +       if (!is_container()) {
> +               umount2("/dev/pts", MNT_DETACH);
> +               umount2("/dev/", MNT_DETACH);
> +               mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755,size=512K");
> +               mkdir("/dev/pts", 0755);
> +               mount("devpts", "/dev/pts", "devpts", MS_NOEXEC | MS_NOSUID, 0);
> +       }
> +
>         ignore(symlink("/tmp/shm", "/dev/shm"));
> -       mkdir("/dev/pts", 0755);
>         umask(oldumask);
> -       mount("devpts", "/dev/pts", "devpts", MS_NOEXEC | MS_NOSUID, 0);
>         udevtrigger.cb = udevtrigger_complete;
>         udevtrigger.pid = fork();
>         if (!udevtrigger.pid) {
> --
> 2.20.1
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list