On Thu, Jun 25, 2015 at 06:49:41PM +0200, Cédric Bosdonnat wrote:
> In order to be able to mount a custom host-image as / we need to be able
> to access libvirt-sandbox-init-common and all its needed dependencies.
>
> They are now copied into SANDBOXCONFIGDIR /.libs. Hard linking is not
> possible since we may be working on separate partitions, and symlinks
> wouldn't help to work with apparmor. Copying makes apparmor happy and
> solves our problem.
> ---
> configure.ac | 7 ++
> libvirt-sandbox/libvirt-sandbox-builder-machine.c | 114 ++++++++++++++++++++++
> libvirt-sandbox/libvirt-sandbox-init-qemu.c | 5 +-
> 3 files changed, 124 insertions(+), 2 deletions(-)
Don't we need to change the container builder too ? It will need to
be able to run the init-common binary from the real host root FS
too IIUC
> +static gboolean gvir_sandbox_builder_machine_copy_init(const gchar *statedir,
> + GError **error)
> +{
> + gchar *libsdir;
> + const gchar *initPath = LIBEXECDIR "/libvirt-sandbox-init-common";
> + gchar *out = NULL;
> + gchar *line, *tmp;
> + const gchar *argv[] = {LDD_PATH, initPath, NULL};
> + gboolean result = FALSE;
> +
> + libsdir = g_build_filename(statedir, "config", ".libs", NULL);
> +
> + g_mkdir_with_parents(libsdir, 0755);
> +
> + if (!gvir_sandbox_builder_machine_copy_lib(initPath, libsdir, error))
> + goto cleanup;
> +
> + /* Get all the dependencies to be hard linked */
> + if (!g_spawn_sync(NULL, (gchar **)argv, NULL, 0,
> + NULL, NULL, &out, NULL, NULL, error))
> + goto cleanup;
> +
> + /* Loop over the output lines to get the path to the libraries to hard link */
> + line = out;
> + while ((tmp = strchr(line, '\n'))) {
> + gchar *start, *end;
> + *tmp = '\0';
> +
> + /* Search the line for the library path */
> + start = strstr(line, " => ");
> + end = strstr(line, " (");
> +
> + if (start && end) {
> + start = start + 4;
> + *end = '\0';
> +
> + if (!gvir_sandbox_builder_machine_copy_lib(start, libsdir, error))
> + goto cleanup;
> + }
> +
> + line = tmp + 1;
> + }
> + result = TRUE;
> +
> + cleanup:
> + g_free(libsdir);
> + g_free(out);
> +
> + return result;
> +}
>
> static gboolean gvir_sandbox_builder_machine_construct_domain(GVirSandboxBuilder *builder,
> GVirSandboxConfig *config,
> @@ -370,6 +445,9 @@ static gboolean gvir_sandbox_builder_machine_construct_domain(GVirSandboxBuilder
> error))
> return FALSE;
>
> + if (!gvir_sandbox_builder_machine_copy_init(statedir, error))
> + return FALSE;
> +
> if (!GVIR_SANDBOX_BUILDER_CLASS(gvir_sandbox_builder_machine_parent_class)->
> construct_domain(builder, config, statedir, domain, error))
> return FALSE;
> @@ -712,12 +790,48 @@ static gboolean gvir_sandbox_builder_machine_clean_post_stop(GVirSandboxBuilder
> GError **error)
> {
> gchar *mntfile = g_strdup_printf("%s/config/mounts.cfg", statedir);
> + gchar *libsdir = g_build_filename(statedir, "config", ".libs", NULL);
> + GFile *libsFile = g_file_new_for_path(libsdir);
> + GFileEnumerator *enumerator = NULL;
> + GFileInfo *info = NULL;
> + GFile *child = NULL;
> gboolean ret = TRUE;
>
> if (unlink(mntfile) < 0 &&
> errno != ENOENT)
> ret = FALSE;
> + if (!(enumerator = g_file_enumerate_children(libsFile, "*", G_FILE_QUERY_INFO_NONE,
> + NULL, error)) &&
> + (*error)->code != G_IO_ERROR_NOT_FOUND) {
> + ret = FALSE;
> + goto cleanup;
> + }
> +
> + while ((info = g_file_enumerator_next_file(enumerator, NULL, error))) {
> + child = g_file_enumerator_get_child(enumerator, info);
> + if (!g_file_delete(child, NULL, error))
> + ret = FALSE;
> + g_object_unref(child);
> + child = NULL;
> + g_object_unref(info);
> + info = NULL;
> + }
>
> + if (!g_file_enumerator_close(enumerator, NULL, error))
> + ret = FALSE;
> +
> + if (!g_file_delete(libsFile, NULL, error) &&
> + (*error)->code != G_IO_ERROR_NOT_FOUND)
> + ret = FALSE;
> +
> + cleanup:
> + if (child)
> + g_object_unref(child);
> + if (info)
> + g_object_unref(info);
> + g_object_unref(enumerator);
> + g_object_unref(libsFile);
> + g_free(libsdir);
> g_free(mntfile);
> return ret;
> }
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list