Merge pull request #14 from morphis/network-connectivity

Network connectivity

Merge pull request #14 from morphis/network-connectivity
Network connectivity
357b1a58 · Simon Fels · GitHub · dd458efb · cbb4beaa · 357b1a58
5 changed file
--- a/android/anboxd.rc
+++ b/android/anboxd.rc
 service anboxd /system/bin/anboxd
    class core
-# We will ever only have a single network interface we need to care
-# about so we can add static setup for this one here.
-service anbox-network /system/bin/dhcptool eth0
-    class main
-    oneshot
--- a/scripts/container-manager.sh
+++ b/scripts/container-manager.sh
@@ -21,41 +21,59 @@ if [ ! -e $SYSTEM_IMG ]; then
 	exit 1
 fi
-# Extract ramdisk content instead of trying to bind mount the
+start() {
-# cpio image file to allow modifications.
+	# Extract ramdisk content instead of trying to bind mount the
-rm -Rf $RAMDISK_PATH
+	# cpio image file to allow modifications.
-mkdir -p $RAMDISK_PATH
+	rm -Rf $RAMDISK_PATH
-cd $RAMDISK_PATH
+	mkdir -p $RAMDISK_PATH
-cat $INITRD | gzip -d | cpio -i
+	cd $RAMDISK_PATH
+	cat $INITRD | gzip -d | cpio -i
-# FIXME those things should be fixed in the build process
-chmod +x $RAMDISK_PATH/anbox-init.sh
+	# FIXME those things should be fixed in the build process
+	chmod +x $RAMDISK_PATH/anbox-init.sh
-# Setup the read-only rootfs
-mkdir -p $ROOTFS_PATH
+	# Setup the read-only rootfs
-mount -o bind,ro $RAMDISK_PATH $ROOTFS_PATH
+	mkdir -p $ROOTFS_PATH
-mount -o loop,ro $SYSTEM_IMG $ROOTFS_PATH/system
+	mount -o bind,ro $RAMDISK_PATH $ROOTFS_PATH
+	mount -o loop,ro $SYSTEM_IMG $ROOTFS_PATH/system
-# but certain top-level directories need to be in a writable space
-for dir in cache data; do
+	# but certain top-level directories need to be in a writable space
-	mkdir -p $DATA_PATH/android-$dir
+	for dir in cache data; do
-	mount -o bind $DATA_PATH/android-$dir $ROOTFS_PATH/$dir
+		mkdir -p $DATA_PATH/android-$dir
-done
+		mount -o bind $DATA_PATH/android-$dir $ROOTFS_PATH/$dir
+	done
-# Make sure our setup path for the container rootfs
-# is present as lxc is statically configured for
+	# Make sure our setup path for the container rootfs
-# this path.
+	# is present as lxc is statically configured for
-mkdir -p $SNAP_COMMON/lxc
+	# this path.
+	mkdir -p $SNAP_COMMON/lxc
-# We start the bridge here as long as a oneshot service unit is not
-# possible. See snapcraft.yaml for further details.
+	# We start the bridge here as long as a oneshot service unit is not
-$SNAP/bin/anbox-bridge.sh start
+	# possible. See snapcraft.yaml for further details.
+	$SNAP/bin/anbox-bridge.sh start
-$SNAP/usr/sbin/aa-exec -p unconfined -- $SNAP/bin/anbox-wrapper.sh container-manager
-pid=$!
+	exec $SNAP/usr/sbin/aa-exec -p unconfined -- $SNAP/bin/anbox-wrapper.sh container-manager
-waitpid $pid
+}
-$SNAP/bin/anbox-bridge.sh stop
+stop() {
+	for dir in cache data; do
-umount $ROOTFS_PATH/system
+		umount $ROOTFS_PATH/$dir
-umount $ROOTFS_PATH/data
+	done
+	umount $ROOTFS_PATH/system
+	umount $ROOTFS_PATH
+	$SNAP/bin/anbox-bridge.sh stop
+}
+case "$1" in
+	start)
+		start
+		;;
+	stop)
+		stop
+		;;
+	*)
+		echo "ERROR: Unknown command '$1'"
+		exit 1
+		;;
+esac
--- a/snapcraft.yaml
+++ b/snapcraft.yaml
@@ -12,7 +12,8 @@ apps:
  anbox:
    command: bin/anbox-wrapper.sh
  container-manager:
-    command: bin/container-manager.sh
+    command: bin/container-manager.sh start
+    stop-command: bin/container-manager.sh stop
    daemon: simple
 # FIXME: a oneshot unit with start/stop commands needs also RemainAfterExit=yes
 # but this isn't supported by snapd yet. See LP #1647169 for details.

--- a/src/anbox/bridge/android_api_stub.cpp
+++ b/src/anbox/bridge/android_api_stub.cpp
@@ -121,8 +121,6 @@ void AndroidApiStub::remove_task(const std::int32_t &id) {
  auto c = std::make_shared<Request<protobuf::rpc::Void>>();
-  DEBUG("");
  protobuf::bridge::RemoveTask message;
  message.set_id(id);

--- a/src/anbox/container/lxc_container.cpp
+++ b/src/anbox/container/lxc_container.cpp
@@ -80,10 +80,6 @@ void LxcContainer::start(const Configuration &configuration) {
    if (container_->is_running(container_)) container_->stop(container_);
  }
-  // We drop all not needed capabilities
-  set_config_item("lxc.cap.drop",
-                  "mac_admin mac_override sys_time sys_module sys_rawio");
  // We can mount proc/sys as rw here as we will run the container unprivileged
  // in the end
  set_config_item("lxc.mount.auto", "proc:mixed sys:mixed cgroup:mixed");