lxc: Mount /dev/shm which might host XDG_RUNTIME_DIR

[waydroid.git] / tools / helpers / lxc.py

diff --git a/tools/helpers/lxc.py b/tools/helpers/lxc.py
index e1a81e04ddb0396c41c75b002a8e9c5df58940f3..cb0b56c4fc7deba64bc2ffe36602c46ed5066483 100644 (file)
--- a/tools/helpers/lxc.py
+++ b/tools/helpers/lxc.py
@@ -91,6 +91,8 @@ def generate_nodes_lxc_config(args):
 
     # Recursive mount /run to provide necessary host sockets
     make_entry("/run", options="rbind,create=dir 0 0")
+    # And /dev/shm
+    make_entry("/dev/shm", options="rbind,create=dir,optional 0 0")
 
     # Necessary sw_sync node for HWC
     make_entry("/dev/sw_sync")
@@ -134,7 +136,11 @@ def get_apparmor_status(args):
         enabled = (tools.helpers.run.user(args, ["aa-status", "--quiet"], check=False) == 0)
     if not enabled and shutil.which("systemctl"):
         enabled = (tools.helpers.run.user(args, ["systemctl", "is-active", "-q", "apparmor"], check=False) == 0)
-    enabled &= os.path.exists(os.path.join("/etc/apparmor.d/lxc", LXC_APPARMOR_PROFILE))
+    try:
+        with open("/sys/kernel/security/apparmor/profiles", "r") as f:
+            enabled &= (LXC_APPARMOR_PROFILE in f.read())
+    except:
+        enabled = False
     return enabled
 
 def set_lxc_config(args):
@@ -146,11 +152,11 @@ def set_lxc_config(args):
     seccomp_profile = tools.config.tools_src + "/data/configs/waydroid.seccomp"
 
     config_snippets = [ config_paths + "base" ]
-    # lxc v1 is a bit special because some options got renamed later
-    if lxc_ver == 1:
+    # lxc v1 and v2 are bit special because some options got renamed later
+    if lxc_ver <= 2:
         config_snippets.append(config_paths + "1")
     else:
-        for ver in range(2, 5):
+        for ver in range(3, 5):
             snippet = config_paths + str(ver)
             if lxc_ver >= ver and os.path.exists(snippet):
                 config_snippets.append(snippet)