]> glassweightruler.freedombox.rocks Git - waydroid.git/blobdiff - tools/helpers/lxc.py
projects / waydroid.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix prop set command
[waydroid.git] / tools / helpers / lxc.py
diff --git a/tools/helpers/lxc.py b/tools/helpers/lxc.py
index 45d5e5d0947136bf1f2b2baefb0de2a9b2284b53..0808d984a4ae63a3970c7b3292cadb363eda48c7 100644 (file)
--- a/tools/helpers/lxc.py
+++ b/tools/helpers/lxc.py
@@ -6,6 +6,7 @@ import re
 import logging
 import glob
 import shutil
 import logging
 import glob
 import shutil
+import time
 import platform
 import gbinder
 import tools.config
 import platform
 import gbinder
 import tools.config
@@ -91,6 +92,8 @@ def generate_nodes_lxc_config(args):
 
     # Recursive mount /run to provide necessary host sockets
     make_entry("/run", options="rbind,create=dir 0 0")
 
     # Recursive mount /run to provide necessary host sockets
     make_entry("/run", options="rbind,create=dir 0 0")
+    # And /dev/shm
+    make_entry("/dev/shm", options="rbind,create=dir,optional 0 0")
 
     # Necessary sw_sync node for HWC
     make_entry("/dev/sw_sync")
 
     # Necessary sw_sync node for HWC
     make_entry("/dev/sw_sync")
@@ -127,6 +130,19 @@ def generate_nodes_lxc_config(args):
 
     return nodes
 
 
     return nodes
 
+LXC_APPARMOR_PROFILE = "lxc-waydroid"
+def get_apparmor_status(args):
+    enabled = False
+    if shutil.which("aa-enabled"):
+        enabled = (tools.helpers.run.user(args, ["aa-enabled", "--quiet"], check=False) == 0)
+    if not enabled and shutil.which("systemctl"):
+        enabled = (tools.helpers.run.user(args, ["systemctl", "is-active", "-q", "apparmor"], check=False) == 0)
+    try:
+        with open("/sys/kernel/security/apparmor/profiles", "r") as f:
+            enabled &= (LXC_APPARMOR_PROFILE in f.read())
+    except:
+        enabled = False
+    return enabled
 
 def set_lxc_config(args):
     lxc_path = tools.config.defaults["lxc"] + "/waydroid"
 
 def set_lxc_config(args):
     lxc_path = tools.config.defaults["lxc"] + "/waydroid"
@@ -137,11 +153,11 @@ def set_lxc_config(args):
     seccomp_profile = tools.config.tools_src + "/data/configs/waydroid.seccomp"
 
     config_snippets = [ config_paths + "base" ]
     seccomp_profile = tools.config.tools_src + "/data/configs/waydroid.seccomp"
 
     config_snippets = [ config_paths + "base" ]
-    # lxc v1 is a bit special because some options got renamed later
-    if lxc_ver == 1:
+    # lxc v1 and v2 are bit special because some options got renamed later
+    if lxc_ver <= 2:
         config_snippets.append(config_paths + "1")
     else:
         config_snippets.append(config_paths + "1")
     else:
-        for ver in range(2, 5):
+        for ver in range(3, 5):
             snippet = config_paths + str(ver)
             if lxc_ver >= ver and os.path.exists(snippet):
                 config_snippets.append(snippet)
             snippet = config_paths + str(ver)
             if lxc_ver >= ver and os.path.exists(snippet):
                 config_snippets.append(snippet)
@@ -154,6 +170,9 @@ def set_lxc_config(args):
     tools.helpers.run.user(args, command)
     command = ["cp", "-fpr", seccomp_profile, lxc_path + "/waydroid.seccomp"]
     tools.helpers.run.user(args, command)
     tools.helpers.run.user(args, command)
     command = ["cp", "-fpr", seccomp_profile, lxc_path + "/waydroid.seccomp"]
     tools.helpers.run.user(args, command)
+    if get_apparmor_status(args):
+        command = ["sed", "-i", "-E", "/lxc.aa_profile|lxc.apparmor.profile/ s/unconfined/{}/g".format(LXC_APPARMOR_PROFILE), lxc_path + "/config"]
+        tools.helpers.run.user(args, command)
 
     nodes = generate_nodes_lxc_config(args)
     config_nodes_tmp_path = args.work + "/config_nodes"
 
     nodes = generate_nodes_lxc_config(args)
     config_nodes_tmp_path = args.work + "/config_nodes"
@@ -326,13 +345,27 @@ def setup_host_perms(args):
 def status(args):
     command = ["lxc-info", "-P", tools.config.defaults["lxc"], "-n", "waydroid", "-sH"]
     out = subprocess.run(command, stdout=subprocess.PIPE).stdout.decode('utf-8').strip()
 def status(args):
     command = ["lxc-info", "-P", tools.config.defaults["lxc"], "-n", "waydroid", "-sH"]
     out = subprocess.run(command, stdout=subprocess.PIPE).stdout.decode('utf-8').strip()
-    os.chmod(args.log, 0o666)
     return out
 
     return out
 
+def wait_for_running(args):
+    lxc_status = status(args)
+    timeout = 10
+    while lxc_status != "RUNNING" and timeout > 0:
+        lxc_status = status(args)
+        logging.info(
+            "waiting {} seconds for container to start...".format(timeout))
+        timeout = timeout - 1
+        time.sleep(1)
+    if lxc_status != "RUNNING":
+        raise OSError("container failed to start")
+
 def start(args):
     command = ["lxc-start", "-P", tools.config.defaults["lxc"],
                "-F", "-n", "waydroid", "--", "/init"]
     tools.helpers.run.user(args, command, output="background")
 def start(args):
     command = ["lxc-start", "-P", tools.config.defaults["lxc"],
                "-F", "-n", "waydroid", "--", "/init"]
     tools.helpers.run.user(args, command, output="background")
+    wait_for_running(args)
+    # Workaround lxc-start changing stdout/stderr permissions to 700
+    os.chmod(args.log, 0o666)
 
 def stop(args):
     command = ["lxc-stop", "-P",
 
 def stop(args):
     command = ["lxc-stop", "-P",
@@ -349,21 +382,31 @@ def unfreeze(args):
     tools.helpers.run.user(args, command)
 
 def shell(args):
     tools.helpers.run.user(args, command)
 
 def shell(args):
-    if status(args) != "RUNNING":
-        logging.error("WayDroid container is {}".format(status(args)))
+    state = status(args)
+    if state == "FROZEN":
+        unfreeze(args)
+    elif state != "RUNNING":
+        logging.error("WayDroid container is {}".format(state))
         return
     command = ["lxc-attach", "-P", tools.config.defaults["lxc"],
                "-n", "waydroid", "--"]
     if args.COMMAND:
         return
     command = ["lxc-attach", "-P", tools.config.defaults["lxc"],
                "-n", "waydroid", "--"]
     if args.COMMAND:
-        command.append(args.COMMAND)
+        command.extend(args.COMMAND)
     else:
         command.append("/system/bin/sh")
     subprocess.run(command, env={"PATH": os.environ['PATH'] + ":/system/bin:/vendor/bin"})
     else:
         command.append("/system/bin/sh")
     subprocess.run(command, env={"PATH": os.environ['PATH'] + ":/system/bin:/vendor/bin"})
+    if state == "FROZEN":
+        freeze(args)
 
 def logcat(args):
 
 def logcat(args):
-    if status(args) != "RUNNING":
-        logging.error("WayDroid container is {}".format(status(args)))
+    state = status(args)
+    if state == "FROZEN":
+        unfreeze(args)
+    elif state != "RUNNING":
+        logging.error("WayDroid container is {}".format(state))
         return
     command = ["lxc-attach", "-P", tools.config.defaults["lxc"],
                "-n", "waydroid", "--", "/system/bin/logcat"]
     subprocess.run(command)
         return
     command = ["lxc-attach", "-P", tools.config.defaults["lxc"],
                "-n", "waydroid", "--", "/system/bin/logcat"]
     subprocess.run(command)
+    if state == "FROZEN":
+        freeze(args)
https://github.com/waydroid/waydroid