Merge branch 'master' into make-lxc3-optional

CMakeLists.txt

@@ -68,6 +68,7 @@ pkg_check_modules(SDL2_IMAGE SDL2_image REQUIRED)
 pkg_check_modules(DBUS dbus-1 REQUIRED)
 pkg_check_modules(LXC lxc REQUIRED)
 pkg_check_modules(PROPERTIES_CPP properties-cpp REQUIRED)
+pkg_check_modules(LIBSYSTEMD libsystemd REQUIRED)
 
 message(STATUS "LXC version: ${LXC_VERSION}")
 if (${LXC_VERSION} VERSION_LESS 3.0)
@@ -75,18 +76,16 @@ if (${LXC_VERSION} VERSION_LESS 3.0)
   message(STATUS "Building with LXC 2.x compatibility support")
 endif()
 
-option(ANBOX_ENABLE_WAYLAND "Enable wayland support" ON)
-if (ANBOX_ENABLE_WAYLAND)
+option(ENABLE_WAYLAND "Enable wayland support" ON)
+if (ENABLE_WAYLAND)
   set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWAYLAND_SUPPORT")
 endif()
 
-pkg_check_modules(LIBSYSTEMD libsystemd REQUIRED)
-# FIXME mir support is currently broken due to mir's API
-# being broken with recent landings in Ubuntu 16.04
-# pkg_check_modules(MIRCLIENT mirclient)
-# if (MIRCLIENT_FOUND)
-#   set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DMIR_SUPPORT")
-# endif()
+option(ENABLE_MIR "Enable mir support" OFF)
+if (ENABLE_MIR)
+  pkg_check_modules(MIRCLIENT mirclient REQUIRED)
+  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DMIR_SUPPORT")
+endif()
 
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DMESA_EGL_NO_X11_HEADERS")
 
@@ -148,7 +147,7 @@ configure_file("${CMAKE_CURRENT_SOURCE_DIR}/cmake_uninstall.cmake.in"
 add_custom_target(uninstall "${CMAKE_COMMAND}"
                   -P "${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake")
 
-option(TOUCH_INPUT "Enable touch input support" OFF)
-if (TOUCH_INPUT)
+option(ENABLE_TOUCH_INPUT "Enable touch input support" OFF)
+if (ENABLE_TOUCH_INPUT)
   set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DENABLE_TOUCH_INPUT")
 endif()

scripts/container-manager.sh

@@ -70,6 +70,21 @@ start() {
 		EXTRA_ARGS="$EXTRA_ARGS --privileged"
 	fi
 
+	container_network_address=$(snapctl get container.network.address)
+	if [ -n "$container_network_address" ]; then
+		EXTRA_ARGS="$EXTRA_ARGS --container-network-address=$container_network_address"
+	fi
+
+	container_network_gateway=$(snapctl get container.network.gateway)
+	if [ -n "$container_network_gateway" ]; then
+		EXTRA_ARGS="$EXTRA_ARGS --container-network-gateway=$container_network_gateway"
+	fi
+
+	container_network_dns=$(snapctl get container.network.dns)
+	if [ -n "$container_network_dns" ]; then
+		EXTRA_ARGS="$EXTRA_ARGS --container-network-dns-servers=$container_network_dns"
+	fi
+
 	exec "$SNAP"/bin/anbox-wrapper.sh container-manager \
 		--data-path="$DATA_PATH" \
 		--android-image="$ANDROID_IMG" \

src/anbox/cmds/check_features.cpp

@@ -27,9 +27,15 @@ std::vector<std::string> cpu_whitelist = {
   // when started with `-cpu qemu64,+ssse3,+sse4.1,+sse4.2,+x2apic`
   "QEMU",
 
-  // Intel Core i7 M620 does not support AVX which causes cpu_features to not
-  // detect SSE and friends correctly
+  // The following CPUs do not support AVX and without it cpu_features can't detect
+  // if SSE & friends are supported. See https://github.com/google/cpu_features/issues/4
+
+  // Intel Core i7 M620
   "M 620",
+  // Intel Core i5 M460
+  "M 460",
+  // Intel Celeron N2840
+  "N2840",
 };
 } // namespace
 

src/anbox/cmds/container_manager.cpp

@@ -55,6 +55,15 @@ anbox::cmds::ContainerManager::ContainerManager()
   flag(cli::make_flag(cli::Name{"use-rootfs-overlay"},
                       cli::Description{"Use an overlay for the Android rootfs"},
                       enable_rootfs_overlay_));
+  flag(cli::make_flag(cli::Name{"container-network-address"},
+                      cli::Description{"Assign the specified network address to the Android container"},
+                      container_network_address_));
+  flag(cli::make_flag(cli::Name{"container-network-gateway"},
+                      cli::Description{"Assign the specified network gateway to the Android container"},
+                      container_network_gateway_));
+  flag(cli::make_flag(cli::Name{"container-network-dns-servers"},
+                      cli::Description{"Assign the specified DNS servers to the Android container"},
+                      container_network_dns_servers_));
 
   action([&](const cli::Command::Context&) {
     try {
@@ -93,6 +102,12 @@ anbox::cmds::ContainerManager::ContainerManager()
       container::Service::Configuration config;
       config.privileged = privileged_;
       config.rootfs_overlay = enable_rootfs_overlay_;
+      config.container_network_address = container_network_address_;
+      config.container_network_gateway = container_network_gateway_;
+
+      if (container_network_dns_servers_.length() > 0)
+        config.container_network_dns_servers = utils::string_split(container_network_dns_servers_, ',');
+
       auto service = container::Service::create(rt, config);
 
       rt->start();

src/anbox/cmds/container_manager.h

@@ -45,6 +45,9 @@ class ContainerManager : public cli::CommandWithFlagsAndAction {
   bool privileged_ = false;
   bool daemon_ = false;
   bool enable_rootfs_overlay_ = false;
+  std::string container_network_address_;
+  std::string container_network_gateway_;
+  std::string container_network_dns_servers_;
 };
 }  // namespace cmds
 }  // namespace anbox

src/anbox/container/lxc_container.cpp

@@ -88,11 +88,19 @@ constexpr int device_minor(__dev_t dev) {
 
 namespace anbox {
 namespace container {
-LxcContainer::LxcContainer(bool privileged, bool rootfs_overlay, const network::Credentials &creds)
+LxcContainer::LxcContainer(bool privileged,
+                           bool rootfs_overlay,
+                           const std::string& container_network_address,
+                           const std::string &container_network_gateway,
+                           const std::vector<std::string> &container_network_dns_servers,
+                           const network::Credentials &creds)
     : state_(State::inactive),
       container_(nullptr),
       privileged_(privileged),
       rootfs_overlay_(rootfs_overlay),
+      container_network_address_(container_network_address),
+      container_network_gateway_(container_network_gateway),
+      container_network_dns_servers_(container_network_dns_servers),
       creds_(creds) {
   utils::ensure_paths({
       SystemConfiguration::instance().container_config_dir(),
@@ -145,9 +153,22 @@ void LxcContainer::setup_network() {
   android::IpConfigBuilder ip_conf;
   ip_conf.set_version(android::IpConfigBuilder::Version::Version2);
   ip_conf.set_assignment(android::IpConfigBuilder::Assignment::Static);
-  ip_conf.set_link_address(default_container_ip_address, default_container_ip_prefix_length);
+
+  std::string address = default_container_ip_address;
+  if (!container_network_address_.empty())
+    address = container_network_address_;
+  ip_conf.set_link_address(address, default_container_ip_prefix_length);
+
+  std::string gateway = default_host_ip_address;
+  if (!container_network_gateway_.empty())
+    gateway = container_network_gateway_;
   ip_conf.set_gateway(default_host_ip_address);
-  ip_conf.set_dns_servers({default_dns_server});
+
+  if (container_network_dns_servers_.size() > 0)
+    ip_conf.set_dns_servers(container_network_dns_servers_);
+  else
+    ip_conf.set_dns_servers({default_dns_server});
+
   ip_conf.set_id(0);
 
   std::vector<std::uint8_t> buffer(512);

src/anbox/container/lxc_container.h

@@ -22,6 +22,7 @@
 #include "anbox/network/credentials.h"
 
 #include <string>
+#include <vector>
 
 #include <lxc/lxccontainer.h>
 
@@ -29,7 +30,12 @@ namespace anbox {
 namespace container {
 class LxcContainer : public Container {
  public:
-  LxcContainer(bool privileged, bool rootfs_overlay, const network::Credentials &creds);
+  LxcContainer(bool privileged,
+               bool rootfs_overlay,
+               const std::string &container_network_address,
+               const std::string &container_network_gateway,
+               const std::vector<std::string> &container_network_dns_servers,
+               const network::Credentials &creds);
   ~LxcContainer();
 
   void start(const Configuration &configuration) override;
@@ -46,6 +52,9 @@ class LxcContainer : public Container {
   lxc_container *container_;
   bool privileged_;
   bool rootfs_overlay_;
+  std::string container_network_address_;
+  std::string container_network_gateway_;
+  std::vector<std::string> container_network_dns_servers_;
   network::Credentials creds_;
 };
 }  // namespace container

src/anbox/container/service.cpp

@@ -86,7 +86,12 @@ void Service::new_client(std::shared_ptr<boost::asio::local::stream_protocol::so
   auto pending_calls = std::make_shared<rpc::PendingCallCache>();
   auto rpc_channel = std::make_shared<rpc::Channel>(pending_calls, messenger);
   auto server = std::make_shared<container::ManagementApiSkeleton>(
-      pending_calls, std::make_shared<LxcContainer>(config_.privileged, config_.rootfs_overlay, messenger->creds()));
+      pending_calls, std::make_shared<LxcContainer>(config_.privileged,
+                                                    config_.rootfs_overlay,
+                                                    config_.container_network_address,
+                                                    config_.container_network_gateway,
+                                                    config_.container_network_dns_servers,
+                                                    messenger->creds()));
   auto processor = std::make_shared<container::ManagementApiMessageProcessor>(
       messenger, pending_calls, server);
 

src/anbox/container/service.h

@@ -33,6 +33,9 @@ class Service : public std::enable_shared_from_this<Service> {
   struct Configuration {
     bool privileged = false;
     bool rootfs_overlay = true;
+    std::string container_network_address;
+    std::string container_network_gateway;
+    std::vector<std::string> container_network_dns_servers;
   };
 
   static std::shared_ptr<Service> create(const std::shared_ptr<Runtime> &rt,