Merge pull request #14 from morphis/network-connectivity

Network connectivity

android/anboxd.rc

 service anboxd /system/bin/anboxd
     class core
-
-# We will ever only have a single network interface we need to care
-# about so we can add static setup for this one here.
-service anbox-network /system/bin/dhcptool eth0
-    class main
-    oneshot

scripts/container-manager.sh

@@ -21,41 +21,59 @@ if [ ! -e $SYSTEM_IMG ]; then
 	exit 1
 fi
 
-# Extract ramdisk content instead of trying to bind mount the
-# cpio image file to allow modifications.
-rm -Rf $RAMDISK_PATH
-mkdir -p $RAMDISK_PATH
-cd $RAMDISK_PATH
-cat $INITRD | gzip -d | cpio -i
-
-# FIXME those things should be fixed in the build process
-chmod +x $RAMDISK_PATH/anbox-init.sh
-
-# Setup the read-only rootfs
-mkdir -p $ROOTFS_PATH
-mount -o bind,ro $RAMDISK_PATH $ROOTFS_PATH
-mount -o loop,ro $SYSTEM_IMG $ROOTFS_PATH/system
-
-# but certain top-level directories need to be in a writable space
-for dir in cache data; do
-	mkdir -p $DATA_PATH/android-$dir
-	mount -o bind $DATA_PATH/android-$dir $ROOTFS_PATH/$dir
-done
-
-# Make sure our setup path for the container rootfs
-# is present as lxc is statically configured for
-# this path.
-mkdir -p $SNAP_COMMON/lxc
-
-# We start the bridge here as long as a oneshot service unit is not
-# possible. See snapcraft.yaml for further details.
-$SNAP/bin/anbox-bridge.sh start
-
-$SNAP/usr/sbin/aa-exec -p unconfined -- $SNAP/bin/anbox-wrapper.sh container-manager
-pid=$!
-waitpid $pid
-
-$SNAP/bin/anbox-bridge.sh stop
-
-umount $ROOTFS_PATH/system
-umount $ROOTFS_PATH/data
+start() {
+	# Extract ramdisk content instead of trying to bind mount the
+	# cpio image file to allow modifications.
+	rm -Rf $RAMDISK_PATH
+	mkdir -p $RAMDISK_PATH
+	cd $RAMDISK_PATH
+	cat $INITRD | gzip -d | cpio -i
+
+	# FIXME those things should be fixed in the build process
+	chmod +x $RAMDISK_PATH/anbox-init.sh
+
+	# Setup the read-only rootfs
+	mkdir -p $ROOTFS_PATH
+	mount -o bind,ro $RAMDISK_PATH $ROOTFS_PATH
+	mount -o loop,ro $SYSTEM_IMG $ROOTFS_PATH/system
+
+	# but certain top-level directories need to be in a writable space
+	for dir in cache data; do
+		mkdir -p $DATA_PATH/android-$dir
+		mount -o bind $DATA_PATH/android-$dir $ROOTFS_PATH/$dir
+	done
+
+	# Make sure our setup path for the container rootfs
+	# is present as lxc is statically configured for
+	# this path.
+	mkdir -p $SNAP_COMMON/lxc
+
+	# We start the bridge here as long as a oneshot service unit is not
+	# possible. See snapcraft.yaml for further details.
+	$SNAP/bin/anbox-bridge.sh start
+
+	exec $SNAP/usr/sbin/aa-exec -p unconfined -- $SNAP/bin/anbox-wrapper.sh container-manager
+}
+
+stop() {
+	for dir in cache data; do
+		umount $ROOTFS_PATH/$dir
+	done
+	umount $ROOTFS_PATH/system
+	umount $ROOTFS_PATH
+
+	$SNAP/bin/anbox-bridge.sh stop
+}
+
+case "$1" in
+	start)
+		start
+		;;
+	stop)
+		stop
+		;;
+	*)
+		echo "ERROR: Unknown command '$1'"
+		exit 1
+		;;
+esac

snapcraft.yaml

@@ -12,7 +12,8 @@ apps:
   anbox:
     command: bin/anbox-wrapper.sh
   container-manager:
-    command: bin/container-manager.sh
+    command: bin/container-manager.sh start
+    stop-command: bin/container-manager.sh stop
     daemon: simple
 # FIXME: a oneshot unit with start/stop commands needs also RemainAfterExit=yes
 # but this isn't supported by snapd yet. See LP #1647169 for details.

src/anbox/bridge/android_api_stub.cpp

@@ -121,8 +121,6 @@ void AndroidApiStub::remove_task(const std::int32_t &id) {
 
   auto c = std::make_shared<Request<protobuf::rpc::Void>>();
 
-  DEBUG("");
-
   protobuf::bridge::RemoveTask message;
   message.set_id(id);
 

src/anbox/container/lxc_container.cpp

@@ -80,10 +80,6 @@ void LxcContainer::start(const Configuration &configuration) {
     if (container_->is_running(container_)) container_->stop(container_);
   }
 
-  // We drop all not needed capabilities
-  set_config_item("lxc.cap.drop",
-                  "mac_admin mac_override sys_time sys_module sys_rawio");
-
   // We can mount proc/sys as rw here as we will run the container unprivileged
   // in the end
   set_config_item("lxc.mount.auto", "proc:mixed sys:mixed cgroup:mixed");