Last active
September 3, 2022 21:52
-
-
Save cswl/bfa79358819fdc5d9da79e924af0f143 to your computer and use it in GitHub Desktop.
Patch for AnBox on LXC 3.0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/src/anbox/container/lxc_container.cpp b/src/anbox/container/lxc_container.cpp | |
index 962832b..6c5d3b9 100644 | |
--- a/src/anbox/container/lxc_container.cpp | |
+++ b/src/anbox/container/lxc_container.cpp | |
@@ -65,24 +65,24 @@ void LxcContainer::setup_id_maps() { | |
const auto base_id = unprivileged_user_id; | |
const auto max_id = 65536; | |
- set_config_item("lxc.id_map", | |
+ set_config_item("lxc.idmap", | |
utils::string_format("u 0 %d %d", base_id, creds_.uid() - 1)); | |
- set_config_item("lxc.id_map", | |
+ set_config_item("lxc.idmap", | |
utils::string_format("g 0 %d %d", base_id, creds_.gid() - 1)); | |
// We need to bind the user id for the one running the client side | |
// process as he is the owner of various socket files we bind mount | |
// into the container. | |
- set_config_item("lxc.id_map", | |
+ set_config_item("lxc.idmap", | |
utils::string_format("u %d %d 1", creds_.uid(), creds_.uid())); | |
- set_config_item("lxc.id_map", | |
+ set_config_item("lxc.idmap", | |
utils::string_format("g %d %d 1", creds_.gid(), creds_.gid())); | |
- set_config_item("lxc.id_map", | |
+ set_config_item("lxc.idmap", | |
utils::string_format("u %d %d %d", creds_.uid() + 1, | |
base_id + creds_.uid() + 1, | |
max_id - creds_.uid() - 1)); | |
- set_config_item("lxc.id_map", | |
+ set_config_item("lxc.idmap", | |
utils::string_format("g %d %d %d", creds_.uid() + 1, | |
base_id + creds_.gid() + 1, | |
max_id - creds_.gid() - 1)); | |
@@ -188,42 +188,40 @@ void LxcContainer::start(const Configuration &configuration) { | |
set_config_item("lxc.mount.auto", "proc:mixed sys:mixed cgroup:mixed"); | |
set_config_item("lxc.autodev", "1"); | |
- set_config_item("lxc.pts", "1024"); | |
- set_config_item("lxc.tty", "0"); | |
- set_config_item("lxc.utsname", "anbox"); | |
+ set_config_item("lxc.tty.max", "0"); | |
+ set_config_item("lxc.uts.name", "anbox"); | |
set_config_item("lxc.group.devices.deny", ""); | |
set_config_item("lxc.group.devices.allow", ""); | |
// We can't move bind-mounts, so don't use /dev/lxc/ | |
- set_config_item("lxc.devttydir", ""); | |
+ set_config_item("lxc.tty.dir", ""); | |
set_config_item("lxc.environment", | |
"PATH=/system/bin:/system/sbin:/system/xbin"); | |
- set_config_item("lxc.init_cmd", "/anbox-init.sh"); | |
- set_config_item("lxc.rootfs.backend", "dir"); | |
+ set_config_item("lxc.init.cmd", "/anbox-init.sh"); | |
const auto rootfs_path = SystemConfiguration::instance().rootfs_dir(); | |
DEBUG("Using rootfs path %s", rootfs_path); | |
- set_config_item("lxc.rootfs", rootfs_path); | |
+ set_config_item("lxc.rootfs.path", rootfs_path); | |
- set_config_item("lxc.loglevel", "0"); | |
+ set_config_item("lxc.log.level", "0"); | |
const auto log_path = SystemConfiguration::instance().log_dir(); | |
- set_config_item("lxc.logfile", utils::string_format("%s/container.log", log_path).c_str()); | |
+ set_config_item("lxc.log.file", utils::string_format("%s/container.log", log_path).c_str()); | |
setup_network(); | |
#if 0 | |
// Android uses namespaces as well so we have to allow nested namespaces for LXC | |
// which are otherwise forbidden by AppArmor. | |
- set_config_item("lxc.aa_profile", "lxc-container-default-with-nesting"); | |
+ set_config_item("lxc.apparmor.profile", "lxc-container-default-with-nesting"); | |
#else | |
// FIXME: when using the nested profile we still get various denials from | |
// things Android tries to do but isn't allowed to. We need to look into | |
// those and see how we can switch back to a confined way of running the | |
// container. | |
- set_config_item("lxc.aa_profile", "unconfined"); | |
+ set_config_item("lxc.apparmor.profile", "unconfined"); | |
#endif | |
if (!privileged_) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Maintainer: Iwan Timmer <irtimmer@gmail.com> | |
pkgname=('anbox-git' 'anbox-modules-dkms-git') | |
_pkgname=anbox | |
pkgver=r702.3cf7d60 | |
pkgrel=1 | |
epoch=1 | |
arch=('x86_64') | |
url="http://anbox.io/" | |
license=('GPL3') | |
makedepends=('cmake' 'git' 'glm' 'dbus-cpp' 'lxc' 'sdl2_image' 'protobuf' 'boost' 'properties-cpp' 'gtest') | |
source=("git+https://github.com/anbox/anbox.git" | |
'https://gist.githubusercontent.com/cswl/bfa79358819fdc5d9da79e924af0f143/raw/6d49a856fce2046a42baf094c101ec47b8e8f48c/anbox_lxc3.0.patch' | |
'anbox-container-manager.service' | |
'anbox-session-manager.service' | |
'99-anbox.rules' | |
'anbox.conf' | |
'anbox.desktop' | |
'anbox-bridge.network' | |
'anbox-bridge.netdev') | |
sha256sums=('SKIP' | |
'SKIP' | |
'5be94b63dc30d141f15ca7d1be6e3e81f26ef33f844614975537562f5d08236c' | |
'1f22dbb5a3ca6925bbf62899cd0f0bbaa0b77c879adcdd12ff9d43adfa61b1d8' | |
'210eb93342228168f7bb632c8b93d9bfda6f53f62459a6b74987fa1e17530475' | |
'3e07dc524a827c1651857cce28a06c1565bc5188101c140ed213bbafedc5abff' | |
'7332d09865be553a259a53819cebddd21f661c7a251d78c2f46acd75c66676b6' | |
'44899328725667041e6e84912da81c1d0147b708006eb2c2bb6503f271629ff0' | |
'559190df4d6d595480b30d8b13b862081fc4aac52790e33eb24cf7fbcb8003b8') | |
pkgver() { | |
cd "$srcdir/$_pkgname" | |
( set -o pipefail | |
git describe --long 2>/dev/null | sed 's/\([^-]*-g\)/r\1/;s/-/./g' || | |
printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)" | |
) | |
} | |
prepare() { | |
cd "$srcdir/${_pkgname}" | |
# Patch | |
git apply "$srcdir/anbox_lxc3.0.patch" | |
# Don't build tests | |
truncate -s 0 cmake/FindGMock.cmake | |
truncate -s 0 tests/CMakeLists.txt | |
# Fix loading translators | |
sed -i 's/${CMAKE_INSTALL_PREFIX}\/${ANBOX_TRANSLATOR_INSTALL_DIR}/${ANBOX_TRANSLATOR_INSTALL_DIR}/' CMakeLists.txt | |
# Fix usage of Python 2 | |
sed -i 's:#!.*python$:&2:' scripts/*.py | |
} | |
build() { | |
mkdir -p "$srcdir/${_pkgname}/build" | |
cd "$srcdir/${_pkgname}/build" | |
cmake .. -DCMAKE_INSTALL_LIBDIR=/usr/lib -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Release | |
make | |
} | |
package_anbox-git() { | |
depends=('dbus-cpp' 'lxc' 'sdl2_image' 'protobuf' 'anbox-image') | |
optdepends=('anbox-modules-dkms-git: Required Android kernel modules') | |
pkgdesc="Running Android in a container" | |
cd "$srcdir/${_pkgname}" | |
make -C build DESTDIR="$pkgdir" install | |
install -Dm 644 -t $pkgdir/usr/lib/systemd/system $srcdir/anbox-container-manager.service | |
install -Dm 644 -t $pkgdir/usr/lib/systemd/user $srcdir/anbox-session-manager.service | |
install -Dm 644 $srcdir/anbox-bridge.network $pkgdir/usr/lib/systemd/network/80-anbox-bridge.network | |
install -Dm 644 $srcdir/anbox-bridge.netdev $pkgdir/usr/lib/systemd/network/80-anbox-bridge.netdev | |
install -Dm 644 -t $pkgdir/usr/lib/udev/rules.d $srcdir/99-anbox.rules | |
install -Dm 644 -t $pkgdir/usr/share/applications $srcdir/anbox.desktop | |
install -Dm 644 snap/gui/icon.png $pkgdir/usr/share/pixmaps/anbox.png | |
} | |
package_anbox-modules-dkms-git() { | |
pkgdesc="Required kernel module sources for Android" | |
depends=('dkms') | |
cd "$srcdir/${_pkgname}" | |
modules=(ashmem binder) | |
for mod in "${modules[@]}"; do | |
install -dm 755 $pkgdir/usr/src | |
cp -a kernel/$mod $pkgdir/usr/src/anbox-modules-$mod-$pkgver | |
done; | |
install -Dm 644 -t $pkgdir/usr/lib/modules-load.d $srcdir/anbox.conf | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment