Split config files into snippets isolating new LXC features by version.
Move `seccomp.allow_nesting` to version 4 or higher.
NOTE: this currently assumes that new LXC versions will keep compatibility
with old config options. The only exception to this was LXC 1.x -> 2.x
-# Waydroid LXC Config
-
-lxc.rootfs.path = /var/lib/waydroid/rootfs
-lxc.arch = LXCARCH
-lxc.autodev = 0
-# lxc.autodev.tmpfs.size = 25000000
-lxc.aa_profile = unconfined
-lxc.seccomp = /var/lib/waydroid/lxc/waydroid/waydroid.seccomp
-
-lxc.cap.keep = audit_control sys_nice wake_alarm setpcap setgid setuid sys_ptrace sys_admin wake_alarm block_suspend sys_time net_admin net_raw net_bind_service kill dac_override dac_read_search fsetid mknod syslog chown sys_resource fowner sys_module ipc_lock sys_chroot
-lxc.mount.auto = cgroup:ro sys:ro proc
+lxc.aa_profile = unconfined
+lxc.seccomp = /var/lib/waydroid/lxc/waydroid/waydroid.seccomp
lxc.network.type = veth
lxc.network.flags = up
lxc.network.type = veth
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:f9:d3:03
lxc.network.mtu = 1500
lxc.network.hwaddr = 00:16:3e:f9:d3:03
lxc.network.mtu = 1500
-lxc.console.path = none
-lxc.pty.max = 10
-
-lxc.include = /var/lib/waydroid/lxc/waydroid/config_nodes
-
-lxc.hook.post-stop = /dev/null
-# Waydroid LXC Config
-
-lxc.rootfs.path = /var/lib/waydroid/rootfs
-lxc.arch = LXCARCH
-lxc.autodev = 0
-# lxc.autodev.tmpfs.size = 25000000
lxc.apparmor.profile = unconfined
lxc.seccomp.profile = /var/lib/waydroid/lxc/waydroid/waydroid.seccomp
lxc.apparmor.profile = unconfined
lxc.seccomp.profile = /var/lib/waydroid/lxc/waydroid/waydroid.seccomp
-lxc.seccomp.allow_nesting = 1
-lxc.cap.keep = audit_control sys_nice wake_alarm setpcap setgid setuid sys_ptrace sys_admin wake_alarm block_suspend sys_time net_admin net_raw net_bind_service kill dac_override dac_read_search fsetid mknod syslog chown sys_resource fowner sys_module ipc_lock sys_chroot
lxc.no_new_privs = 1
lxc.init.cmd = /init
lxc.no_new_privs = 1
lxc.init.cmd = /init
-lxc.mount.auto = cgroup:ro sys:ro proc
-
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.link = waydroid0
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.link = waydroid0
lxc.net.0.hwaddr = 00:16:3e:f9:d3:03
lxc.net.0.mtu = 1500
lxc.net.0.hwaddr = 00:16:3e:f9:d3:03
lxc.net.0.mtu = 1500
-lxc.console.path = none
-lxc.pty.max = 10
-
-lxc.include = /var/lib/waydroid/lxc/waydroid/config_nodes
-
-lxc.hook.post-stop = /dev/null
--- /dev/null
+lxc.seccomp.allow_nesting = 1
+
--- /dev/null
+# Waydroid LXC Config
+
+lxc.rootfs.path = /var/lib/waydroid/rootfs
+lxc.arch = LXCARCH
+lxc.autodev = 0
+# lxc.autodev.tmpfs.size = 25000000
+
+lxc.cap.keep = audit_control sys_nice wake_alarm setpcap setgid setuid sys_ptrace sys_admin wake_alarm block_suspend sys_time net_admin net_raw net_bind_service kill dac_override dac_read_search fsetid mknod syslog chown sys_resource fowner sys_module ipc_lock sys_chroot
+
+lxc.mount.auto = cgroup:ro sys:ro proc
+
+lxc.console.path = none
+lxc.pty.max = 10
+
+lxc.include = /var/lib/waydroid/lxc/waydroid/config_nodes
+
+lxc.hook.post-stop = /dev/null
+
def set_lxc_config(args):
lxc_path = tools.config.defaults["lxc"] + "/waydroid"
def set_lxc_config(args):
lxc_path = tools.config.defaults["lxc"] + "/waydroid"
- config_file = "config_2"
lxc_ver = get_lxc_version(args)
if lxc_ver == 0:
raise OSError("LXC is not installed")
lxc_ver = get_lxc_version(args)
if lxc_ver == 0:
raise OSError("LXC is not installed")
- elif lxc_ver <= 2:
- config_file = "config_1"
- config_path = tools.config.tools_src + "/data/configs/" + config_file
+ config_paths = tools.config.tools_src + "/data/configs/config_"
seccomp_profile = tools.config.tools_src + "/data/configs/waydroid.seccomp"
seccomp_profile = tools.config.tools_src + "/data/configs/waydroid.seccomp"
+ config_snippets = [ config_paths + "base" ]
+ # lxc v1 is a bit special because some options got renamed later
+ if lxc_ver == 1:
+ config_snippets.append(config_paths + "1")
+ else:
+ for ver in range(2, 5):
+ snippet = config_paths + str(ver)
+ if lxc_ver >= ver and os.path.exists(snippet):
+ config_snippets.append(snippet)
+
command = ["mkdir", "-p", lxc_path]
tools.helpers.run.user(args, command)
command = ["mkdir", "-p", lxc_path]
tools.helpers.run.user(args, command)
- command = ["cp", "-fpr", config_path, lxc_path + "/config"]
+ command = ["sh", "-c", "cat {} > \"{}\"".format(' '.join('"{0}"'.format(w) for w in config_snippets), lxc_path + "/config")]
tools.helpers.run.user(args, command)
command = ["sed", "-i", "s/LXCARCH/{}/".format(platform.machine()), lxc_path + "/config"]
tools.helpers.run.user(args, command)
tools.helpers.run.user(args, command)
command = ["sed", "-i", "s/LXCARCH/{}/".format(platform.machine()), lxc_path + "/config"]
tools.helpers.run.user(args, command)
projects / waydroid.git / commitdiff