From 190d8690d3c9d0f1d09a3c1cfe06092f83c619ca Mon Sep 17 00:00:00 2001 From: Simon Fels Date: Tue, 23 May 2017 08:29:41 +0200 Subject: [PATCH 1/3] If launched with debug severity allow our subprocess to write to stdout/stderr --- src/anbox/cmds/launch.cpp | 6 +++++- src/anbox/logger.cpp | 4 ++++ src/anbox/logger.h | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/anbox/cmds/launch.cpp b/src/anbox/cmds/launch.cpp index 69830aa..1d8aa82 100644 --- a/src/anbox/cmds/launch.cpp +++ b/src/anbox/cmds/launch.cpp @@ -130,7 +130,11 @@ anbox::cmds::Launch::Launch() } try { - const auto flags = core::posix::StandardStream::stdout | core::posix::StandardStream::stderr; + auto flags = core::posix::StandardStream::stdout | core::posix::StandardStream::stderr; + // If we have logging enable in debug mode then we allow the child process + // to print to stdout/stderr too. + if (Log().GetSeverity() == Logger::Severity::kDebug) + flags = core::posix::StandardStream::empty; auto child = core::posix::fork([&]() { auto grandchild = core::posix::exec(exe_path, args, env, flags); grandchild.dont_kill_on_cleanup(); diff --git a/src/anbox/logger.cpp b/src/anbox/logger.cpp index f59803d..2e184d8 100644 --- a/src/anbox/logger.cpp +++ b/src/anbox/logger.cpp @@ -64,6 +64,10 @@ struct BoostLogLogger : public anbox::Logger { severity_ = severity; } + Severity GetSeverity() override { + return severity_; + } + void Log(Severity severity, const std::string& message, const boost::optional& loc) override { if (!initialized_) Init(); diff --git a/src/anbox/logger.h b/src/anbox/logger.h index 6e797b6..e9b06e4 100644 --- a/src/anbox/logger.h +++ b/src/anbox/logger.h @@ -51,6 +51,7 @@ class Logger : public DoNotCopyOrMove { bool SetSeverityFromString(const std::string &severity); virtual void SetSeverity(const Severity& severity) = 0; + virtual Severity GetSeverity() = 0; virtual void Log(Severity severity, const std::string& message, const boost::optional& location) = 0; From d03a32b014e488e97214f0bd528d9f8995fafb5f Mon Sep 17 00:00:00 2001 From: Simon Fels Date: Tue, 23 May 2017 08:30:00 +0200 Subject: [PATCH 2/3] Create container data directory on startup if it doesn't exist --- src/anbox/cmds/container_manager.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/anbox/cmds/container_manager.cpp b/src/anbox/cmds/container_manager.cpp index b64f002..a71f07b 100644 --- a/src/anbox/cmds/container_manager.cpp +++ b/src/anbox/cmds/container_manager.cpp @@ -79,6 +79,9 @@ anbox::cmds::ContainerManager::ContainerManager() if (!data_path_.empty()) SystemConfiguration::instance().set_data_path(data_path_); + if (!fs::exists(data_path_)) + fs::create_directories(data_path_); + if (!setup_mounts()) return EXIT_FAILURE; From c08b795494ff545e1406866a05566ab9c84a4379 Mon Sep 17 00:00:00 2001 From: Simon Fels Date: Tue, 23 May 2017 08:31:54 +0200 Subject: [PATCH 3/3] Assign current owner to the IP configuration dir If we don't assign the unprivileged user as owner the container will fail to start as the Android services wont be able to write anything into the created directory hierarchy. --- src/anbox/container/lxc_container.cpp | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/src/anbox/container/lxc_container.cpp b/src/anbox/container/lxc_container.cpp index ee388a9..485a6c2 100644 --- a/src/anbox/container/lxc_container.cpp +++ b/src/anbox/container/lxc_container.cpp @@ -36,6 +36,7 @@ namespace fs = boost::filesystem; namespace { +constexpr unsigned int unprivileged_user_id{100000}; constexpr const char *default_container_ip_address{"192.168.250.2"}; constexpr const std::uint32_t default_container_ip_prefix_length{24}; constexpr const char *default_host_ip_address{"192.168.250.1"}; @@ -58,8 +59,7 @@ LxcContainer::~LxcContainer() { } void LxcContainer::setup_id_maps() { - // FIXME make these id sets configurable - const auto base_id = 100000; + const auto base_id = unprivileged_user_id; const auto max_id = 65536; set_config_item("lxc.id_map", @@ -112,10 +112,22 @@ void LxcContainer::setup_network() { common::BinaryWriter writer(buffer.begin(), buffer.end()); const auto size = ip_conf.write(writer); - const auto ip_conf_dir = SystemConfiguration::instance().data_dir() / "data" / "misc" / "ethernet"; - if (!fs::exists(ip_conf_dir)) + const auto data_ethernet_path = fs::path("data") / "misc" / "ethernet"; + const auto ip_conf_dir = SystemConfiguration::instance().data_dir() / data_ethernet_path; + if (!fs::exists(ip_conf_dir)) { fs::create_directories(ip_conf_dir); + // We have to walk through the created directory hierachy now and + // ensure the permissions are set correctly. Otherwise the Android + // system will fail to boot as it isn't allowed to write anything + // into these directories. + for (auto iter = data_ethernet_path.begin(); iter != data_ethernet_path.end(); iter++) { + const auto path = SystemConfiguration::instance().data_dir() / *iter; + if (::chown(path.c_str(), unprivileged_user_id, unprivileged_user_id) < 0) + WARNING("Failed to set owner for path '%s'", path); + } + } + const auto ip_conf_path = ip_conf_dir / "ipconfig.txt"; if (fs::exists(ip_conf_path)) fs::remove(ip_conf_path);