diff --git a/src/anbox/cmds/container_manager.cpp b/src/anbox/cmds/container_manager.cpp index b64f002..a71f07b 100644 --- a/src/anbox/cmds/container_manager.cpp +++ b/src/anbox/cmds/container_manager.cpp @@ -79,6 +79,9 @@ anbox::cmds::ContainerManager::ContainerManager() if (!data_path_.empty()) SystemConfiguration::instance().set_data_path(data_path_); + if (!fs::exists(data_path_)) + fs::create_directories(data_path_); + if (!setup_mounts()) return EXIT_FAILURE; diff --git a/src/anbox/cmds/launch.cpp b/src/anbox/cmds/launch.cpp index 69830aa..1d8aa82 100644 --- a/src/anbox/cmds/launch.cpp +++ b/src/anbox/cmds/launch.cpp @@ -130,7 +130,11 @@ anbox::cmds::Launch::Launch() } try { - const auto flags = core::posix::StandardStream::stdout | core::posix::StandardStream::stderr; + auto flags = core::posix::StandardStream::stdout | core::posix::StandardStream::stderr; + // If we have logging enable in debug mode then we allow the child process + // to print to stdout/stderr too. + if (Log().GetSeverity() == Logger::Severity::kDebug) + flags = core::posix::StandardStream::empty; auto child = core::posix::fork([&]() { auto grandchild = core::posix::exec(exe_path, args, env, flags); grandchild.dont_kill_on_cleanup(); diff --git a/src/anbox/container/lxc_container.cpp b/src/anbox/container/lxc_container.cpp index ee388a9..485a6c2 100644 --- a/src/anbox/container/lxc_container.cpp +++ b/src/anbox/container/lxc_container.cpp @@ -36,6 +36,7 @@ namespace fs = boost::filesystem; namespace { +constexpr unsigned int unprivileged_user_id{100000}; constexpr const char *default_container_ip_address{"192.168.250.2"}; constexpr const std::uint32_t default_container_ip_prefix_length{24}; constexpr const char *default_host_ip_address{"192.168.250.1"}; @@ -58,8 +59,7 @@ LxcContainer::~LxcContainer() { } void LxcContainer::setup_id_maps() { - // FIXME make these id sets configurable - const auto base_id = 100000; + const auto base_id = unprivileged_user_id; const auto max_id = 65536; set_config_item("lxc.id_map", @@ -112,10 +112,22 @@ void LxcContainer::setup_network() { common::BinaryWriter writer(buffer.begin(), buffer.end()); const auto size = ip_conf.write(writer); - const auto ip_conf_dir = SystemConfiguration::instance().data_dir() / "data" / "misc" / "ethernet"; - if (!fs::exists(ip_conf_dir)) + const auto data_ethernet_path = fs::path("data") / "misc" / "ethernet"; + const auto ip_conf_dir = SystemConfiguration::instance().data_dir() / data_ethernet_path; + if (!fs::exists(ip_conf_dir)) { fs::create_directories(ip_conf_dir); + // We have to walk through the created directory hierachy now and + // ensure the permissions are set correctly. Otherwise the Android + // system will fail to boot as it isn't allowed to write anything + // into these directories. + for (auto iter = data_ethernet_path.begin(); iter != data_ethernet_path.end(); iter++) { + const auto path = SystemConfiguration::instance().data_dir() / *iter; + if (::chown(path.c_str(), unprivileged_user_id, unprivileged_user_id) < 0) + WARNING("Failed to set owner for path '%s'", path); + } + } + const auto ip_conf_path = ip_conf_dir / "ipconfig.txt"; if (fs::exists(ip_conf_path)) fs::remove(ip_conf_path); diff --git a/src/anbox/logger.cpp b/src/anbox/logger.cpp index f59803d..2e184d8 100644 --- a/src/anbox/logger.cpp +++ b/src/anbox/logger.cpp @@ -64,6 +64,10 @@ struct BoostLogLogger : public anbox::Logger { severity_ = severity; } + Severity GetSeverity() override { + return severity_; + } + void Log(Severity severity, const std::string& message, const boost::optional& loc) override { if (!initialized_) Init(); diff --git a/src/anbox/logger.h b/src/anbox/logger.h index 6e797b6..e9b06e4 100644 --- a/src/anbox/logger.h +++ b/src/anbox/logger.h @@ -51,6 +51,7 @@ class Logger : public DoNotCopyOrMove { bool SetSeverityFromString(const std::string &severity); virtual void SetSeverity(const Severity& severity) = 0; + virtual Severity GetSeverity() = 0; virtual void Log(Severity severity, const std::string& message, const boost::optional& location) = 0;