Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
anbox
提交
3d05266c
A
anbox
项目概览
openeuler
/
anbox
通知
24
Star
1
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
A
anbox
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
3d05266c
编写于
7月 13, 2018
作者:
S
Shengjing Zhu
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
lxc: encode device permission into configuration
Closes: #804 Signed-off-by:
N
Shengjing Zhu
<
i@zhsj.me
>
上级
04469cd3
变更
7
隐藏空白更改
内联
并排
Showing
7 changed file
with
30 addition
and
23 deletion
+30
-23
src/anbox/cmds/session_manager.cpp
src/anbox/cmds/session_manager.cpp
+3
-3
src/anbox/container/configuration.h
src/anbox/container/configuration.h
+4
-2
src/anbox/container/lxc_container.cpp
src/anbox/container/lxc_container.cpp
+10
-10
src/anbox/container/lxc_container.h
src/anbox/container/lxc_container.h
+1
-1
src/anbox/container/management_api_skeleton.cpp
src/anbox/container/management_api_skeleton.cpp
+1
-1
src/anbox/container/management_api_stub.cpp
src/anbox/container/management_api_stub.cpp
+6
-5
src/anbox/protobuf/anbox_container.proto
src/anbox/protobuf/anbox_container.proto
+5
-1
未找到文件。
src/anbox/cmds/session_manager.cpp
浏览文件 @
3d05266c
...
...
@@ -249,9 +249,9 @@ anbox::cmds::SessionManager::SessionManager()
};
container_configuration
.
devices
=
{
{
"/dev/binder"
},
{
"/dev/ashmem"
},
{
"/dev/fuse"
},
{
"/dev/binder"
,
{
0666
}
},
{
"/dev/ashmem"
,
{
0666
}
},
{
"/dev/fuse"
,
{
0666
}
},
};
dispatcher
->
dispatch
([
&
]()
{
...
...
src/anbox/container/configuration.h
浏览文件 @
3d05266c
...
...
@@ -20,13 +20,15 @@
#include <string>
#include <unordered_map>
#include <vector>
namespace
anbox
{
namespace
container
{
struct
DeviceSpecification
{
uint32_t
permission
;
};
struct
Configuration
{
std
::
unordered_map
<
std
::
string
,
std
::
string
>
bind_mounts
;
std
::
vector
<
std
::
string
>
devices
;
std
::
unordered_map
<
std
::
string
,
DeviceSpecification
>
devices
;
};
}
// namespace container
}
// namespace anbox
...
...
src/anbox/container/lxc_container.cpp
浏览文件 @
3d05266c
...
...
@@ -166,7 +166,7 @@ void LxcContainer::setup_network() {
}
}
void
LxcContainer
::
add_device
(
const
std
::
string
&
device
)
{
void
LxcContainer
::
add_device
(
const
std
::
string
&
device
,
const
DeviceSpecification
&
spec
)
{
struct
stat
st
;
int
r
=
stat
(
device
.
c_str
(),
&
st
);
if
(
r
<
0
)
{
...
...
@@ -176,7 +176,7 @@ void LxcContainer::add_device(const std::string& device) {
const
auto
major
=
device_major
(
st
.
st_rdev
);
const
auto
minor
=
device_minor
(
st
.
st_rdev
);
const
auto
mode
=
st
.
st_mode
;
const
auto
mode
=
((
st
.
st_mode
>>
9
)
<<
9
)
|
(
spec
.
permission
&
~
(
1
<<
9
))
;
const
auto
new_device_name
=
fs
::
basename
(
device
);
const
auto
devices_path
=
fs
::
path
(
SystemConfiguration
::
instance
().
container_devices_dir
());
const
auto
new_device_path
=
(
devices_path
/
new_device_name
).
string
();
...
...
@@ -318,13 +318,13 @@ void LxcContainer::start(const Configuration &configuration) {
auto
devices
=
configuration
.
devices
;
// Additional devices we need in our container
devices
.
push_back
(
"/dev/console"
);
devices
.
push_back
(
"/dev/full"
);
devices
.
push_back
(
"/dev/null"
);
devices
.
push_back
(
"/dev/random"
);
devices
.
push_back
(
"/dev/tty"
);
devices
.
push_back
(
"/dev/urandom"
);
devices
.
push_back
(
"/dev/zero"
);
devices
.
insert
({
"/dev/console"
,
{
0600
}}
);
devices
.
insert
({
"/dev/full"
,
{
0666
}}
);
devices
.
insert
({
"/dev/null"
,
{
0666
}}
);
devices
.
insert
({
"/dev/random"
,
{
0666
}}
);
devices
.
insert
({
"/dev/tty"
,
{
0666
}}
);
devices
.
insert
({
"/dev/urandom"
,
{
0666
}}
);
devices
.
insert
({
"/dev/zero"
,
{
0666
}}
);
// Remove all left over devices from last time first before
// creating any new ones
...
...
@@ -333,7 +333,7 @@ void LxcContainer::start(const Configuration &configuration) {
fs
::
create_directories
(
devices_dir
);
for
(
const
auto
&
device
:
devices
)
add_device
(
device
);
add_device
(
device
.
first
,
device
.
second
);
if
(
!
container_
->
save_config
(
container_
,
nullptr
))
throw
std
::
runtime_error
(
"Failed to save container configuration"
);
...
...
src/anbox/container/lxc_container.h
浏览文件 @
3d05266c
...
...
@@ -40,7 +40,7 @@ class LxcContainer : public Container {
void
set_config_item
(
const
std
::
string
&
key
,
const
std
::
string
&
value
);
void
setup_id_map
();
void
setup_network
();
void
add_device
(
const
std
::
string
&
device
);
void
add_device
(
const
std
::
string
&
device
,
const
DeviceSpecification
&
spec
);
State
state_
;
lxc_container
*
container_
;
...
...
src/anbox/container/management_api_skeleton.cpp
浏览文件 @
3d05266c
...
...
@@ -55,7 +55,7 @@ void ManagementApiSkeleton::start_container(
for
(
int
n
=
0
;
n
<
configuration
.
devices_size
();
n
++
)
{
const
auto
device
=
configuration
.
devices
(
n
);
container_configuration
.
devices
.
push_back
(
device
);
container_configuration
.
devices
.
insert
({
device
.
path
(),
{
device
.
permission
()}}
);
}
try
{
...
...
src/anbox/container/management_api_stub.cpp
浏览文件 @
3d05266c
...
...
@@ -45,13 +45,14 @@ void ManagementApiStub::start_container(const Configuration &configuration) {
bind_mount_message
->
set_target
(
item
.
second
);
}
message
.
set_allocated_configuration
(
message_configuration
);
for
(
const
auto
&
device
:
configuration
.
devices
)
{
auto
d
=
message_configuration
->
add_devices
();
*
d
=
device
;
for
(
const
auto
&
item
:
configuration
.
devices
)
{
auto
device_message
=
message_configuration
->
add_devices
();
device_message
->
set_path
(
item
.
first
);
device_message
->
set_permission
(
item
.
second
.
permission
);
}
message
.
set_allocated_configuration
(
message_configuration
);
{
std
::
lock_guard
<
decltype
(
mutex_
)
>
lock
(
mutex_
);
c
->
wh
.
expect_result
();
...
...
src/anbox/protobuf/anbox_container.proto
浏览文件 @
3d05266c
...
...
@@ -7,8 +7,12 @@ message Configuration {
required
string
source
=
1
;
required
string
target
=
2
;
}
message
Devices
{
required
string
path
=
1
;
required
uint32
permission
=
2
;
}
repeated
BindMount
bind_mounts
=
1
;
repeated
string
devices
=
2
;
repeated
Devices
devices
=
2
;
}
message
StartContainer
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录