a8704556da
If we run the management process with the AppArmor profile loaded from snap-confine various ashmem/binder operations are failing with permission denied errors. To workaround this until this problem is fixed we simply unload the AppArmor profile and continue to execute completely without any profile loaded.
32 lines
1 KiB
Bash
Executable file
32 lines
1 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
# We need to put the rootfs somewhere where we can modify some
|
|
# parts of the content on first boot (namely file permissions).
|
|
# Other than that nothing should ever modify the content of the
|
|
# rootfs.
|
|
|
|
ROOTFS_PATH=$SNAP_COMMON/var/lib/anbox/rootfs
|
|
ROOTFS_VERSION=1
|
|
|
|
if [ ! -e $ROOTFS_PATH ] || [ "$ROOTFS_VERSION" != "$(cat $ROOTFS_PATH/.version)" ] ; then
|
|
rm -rf $ROOTFS_PATH
|
|
echo "Copying rootfs into $ROOTFS_PATH .."
|
|
mkdir -p $ROOTFS_PATH
|
|
tar xf $SNAP/android-rootfs.tar -C $ROOTFS_PATH/ --strip-components=1
|
|
chown -R root:root $ROOTFS_PATH
|
|
echo $ROOTFS_VERSION > $ROOTFS_PATH/.version
|
|
fi
|
|
|
|
# Load binder and ashmem kernel drivers. This will just horrible break
|
|
# if kernel versions are changing ...
|
|
insmod $SNAP/binder_linux.ko || true
|
|
chmod 666 /dev/binder
|
|
insmod $SNAP/ashmem_linux.ko || true
|
|
chmod 666 /dev/ashmem
|
|
|
|
# Make sure our setup path for the container rootfs
|
|
# is present as lxc is statically configured for
|
|
# this path.
|
|
mkdir -p $SNAP_COMMON/lxc
|
|
|
|
exec $SNAP/usr/sbin/aa-exec -p unconfined -- $SNAP/bin/anbox-wrapper.sh container-manager
|