Add support to mount rootfs image via squashfuse

f6e421a0 · Simon Fels · aecf88fb · f6e421a0
隐藏空白更改
内联并排

Showing with 56 addition and 18 deletion

src/anbox/cmds/container_manager.cpp src/anbox/cmds/container_manager.cpp +56 -18

未找到文件。
--- a/src/anbox/cmds/container_manager.cpp
+++ b/src/anbox/cmds/container_manager.cpp
@@ -23,6 +23,7 @@
 #include "anbox/config.h"

 #include "core/posix/signal.h"
+#include "core/posix/exec.h"

 #include <sys/mount.h>
 #include <linux/loop.h>
@@ -121,29 +122,66 @@ bool anbox::cmds::ContainerManager::setup_mounts() {
  if (!fs::exists(android_rootfs_dir))
    fs::create_directory(android_rootfs_dir);

-  std::shared_ptr<common::LoopDevice> loop_device;
+  // We prefer using the kernel for mounting the squashfs image but
+  // for some cases (unprivileged containers) where no loop support
+  // is available we do the mount instead via squashfuse which will
+  // work entirely in userspace.
+  if (fs::exists("/dev/loop-control")) {
+    std::shared_ptr<common::LoopDevice> loop_device;

-  try {
-    loop_device = common::LoopDeviceAllocator::new_device();
-  } catch (const std::exception& e) {
-    ERROR("Could not create loopback device: %s", e.what());
-    return false;
-  } catch (...) {
-    ERROR("Could not create loopback device");
-    return false;
-  }
+    try {
+      loop_device = common::LoopDeviceAllocator::new_device();
+    } catch (const std::exception& e) {
+      ERROR("Could not create loopback device: %s", e.what());
+      return false;
+    } catch (...) {
+      ERROR("Could not create loopback device");
+      return false;
+    }

-  if (!loop_device->attach_file(android_img_path)) {
-    ERROR("Failed to attach Android rootfs image to loopback device");
-    return false;
-  }
+    if (!loop_device->attach_file(android_img_path)) {
+      ERROR("Failed to attach Android rootfs image to loopback device");
+      return false;
+    }

-  auto m = common::MountEntry::create(loop_device, android_rootfs_dir, "squashfs", MS_MGC_VAL | MS_RDONLY | MS_PRIVATE);
-  if (!m) {
-    ERROR("Failed to mount Android rootfs");
+    auto m = common::MountEntry::create(loop_device, android_rootfs_dir, "squashfs", MS_MGC_VAL | MS_RDONLY | MS_PRIVATE);
+    if (!m) {
+      ERROR("Failed to mount Android rootfs");
+      return false;
+    }
+    mounts_.push_back(m);
+  } else if (fs::exists("/dev/fuse") && !utils::find_program_on_path("squashfuse").empty()) {
+    std::vector<std::string> args = {
+      "-t", "fuse.squashfuse",
+      // Allow other users than root to access the rootfs
+      "-o", "allow_other",
+      android_img_path.string(),
+      android_rootfs_dir,
+    };
+
+    // Easiest is here to go with the standard mount program as that
+    // will handle everything for us which is relevant to get the
+    // squashfs via squashfuse properly mount without having to
+    // reimplement all the details. Once the mount call comes back
+    // without an error we can expect the image to be mounted.
+    auto child = core::posix::exec("/bin/mount", args, {}, core::posix::StandardStream::empty, []() {});
+    const auto result = child.wait_for(core::posix::wait::Flags::untraced);
+    if (result.status != core::posix::wait::Result::Status::exited ||
+        result.detail.if_exited.status != core::posix::exit::Status::success) {
+      ERROR("Failed to mount squashfs Android image");
+      return false;
+    }
+
+    auto m = common::MountEntry::create(android_rootfs_dir);
+    if (!m) {
+      ERROR("Failed to create mount entry for Android rootfs");
+      return false;
+    }
+    mounts_.push_back(m);
+  } else {
+    ERROR("No loop device or FUSE support found. Can't setup Android rootfs!");
    return false;
  }
-  mounts_.push_back(m);

  for (const auto &dir_name : std::vector<std::string>{"cache", "data"}) {
    auto target_dir_path = fs::path(android_rootfs_dir) / dir_name;