Re: [libvirt] [sandbox v2 05/11] Copy all needed init programs and all its deps to config subdir

[Daniel P. Berrange]

On Mon, Jun 29, 2015 at 06:44:13PM +0200, Cédric Bosdonnat wrote:
> In order to be able to mount a custom host-image as / we need to be able
> to access libvirt-sandbox-init-common and all its needed dependencies.
> In the container case we also need to copy libvirt-sandbox-init-lxc.
> 
> They are now copied into SANDBOXCONFIGDIR /.libs. Hard linking is not
> possible since we may be working on separate partitions, and symlinks
> wouldn't help to work with apparmor. Copying makes apparmor happy and
> solves our problem.
> ---
>  configure.ac   |   7 +
>  .../libvirt-sandbox-builder-container.c|  15 +-
>  libvirt-sandbox/libvirt-sandbox-builder.c  | 159 
> -
>  libvirt-sandbox/libvirt-sandbox-builder.h  |   2 +
>  libvirt-sandbox/libvirt-sandbox-init-lxc.c |   8 +-
>  libvirt-sandbox/libvirt-sandbox-init-qemu.c|   9 +-
>  6 files changed, 196 insertions(+), 4 deletions(-)
> 

> diff --git a/libvirt-sandbox/libvirt-sandbox-init-lxc.c 
> b/libvirt-sandbox/libvirt-sandbox-init-lxc.c
> index 798af37..e2fe7f0 100644
> --- a/libvirt-sandbox/libvirt-sandbox-init-lxc.c
> +++ b/libvirt-sandbox/libvirt-sandbox-init-lxc.c
> @@ -77,10 +77,16 @@ main(int argc, char **argv)
>  args[narg++] = "1000";
>  }
>  
> -args[narg++] = LIBEXECDIR "/libvirt-sandbox-init-common";
> +args[narg++] = SANDBOXCONFIGDIR "/.libs/libvirt-sandbox-init-common";
>  if (debug)
>  args[narg++] = "-d";
>  
> +if (setenv("LD_LIBRARY_PATH", SANDBOXCONFIGDIR "/.libs", 1) != 0) {
> +fprintf(stderr, "libvirt-sandbox-init-lxc: %s: cannot set 
> LD_LIBRARY_PATH: %s\n",
> +__func__, strerror(errno));
> +exit(EXIT_FAILURE);
> +}
> +
>  if (debug)
>  fprintf(stderr, "Running interactive\n");
>  execv(args[0], (char**)args);
> diff --git a/libvirt-sandbox/libvirt-sandbox-init-qemu.c 
> b/libvirt-sandbox/libvirt-sandbox-init-qemu.c
> index 44305fd..62e8e40 100644
> --- a/libvirt-sandbox/libvirt-sandbox-init-qemu.c
> +++ b/libvirt-sandbox/libvirt-sandbox-init-qemu.c
> @@ -338,10 +338,17 @@ main(int argc ATTR_UNUSED, char **argv ATTR_UNUSED)
>  args[narg++] = "1000";
>  }
>  
> -args[narg++] = LIBEXECDIR "/libvirt-sandbox-init-common";
> +args[narg++] = SANDBOXCONFIGDIR "/.libs/libvirt-sandbox-init-common";
>  if (debug)
>  args[narg++] = "-d";
>  
> +if (setenv("LD_LIBRARY_PATH", SANDBOXCONFIGDIR "/.libs", 1) < 0) {
> +fprintf(stderr, "libvirt-sandbox-init-qemu: %s: cannot set 
> LD_LIBRARY_PATH: %s\n",
> +__func__, strerror(errno));
> +exit_poweroff();
> +}
> +
> +
>  if (debug)
>  fprintf(stderr, "libvirt-sandbox-init-qemu: Running common init 
> %s\n", args[0]);
>  execv(args[0], (char**)args);

We need to unsetenv() in init-common to clear the LD_LIBRARY_PATH setting
to prevent it being used by the user application too

Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [sandbox v2 05/11] Copy all needed init programs and all its deps to config subdir

[Cédric Bosdonnat]

In order to be able to mount a custom host-image as / we need to be able
to access libvirt-sandbox-init-common and all its needed dependencies.
In the container case we also need to copy libvirt-sandbox-init-lxc.

They are now copied into SANDBOXCONFIGDIR /.libs. Hard linking is not
possible since we may be working on separate partitions, and symlinks
wouldn't help to work with apparmor. Copying makes apparmor happy and
solves our problem.
---
 configure.ac   |   7 +
 .../libvirt-sandbox-builder-container.c|  15 +-
 libvirt-sandbox/libvirt-sandbox-builder.c  | 159 -
 libvirt-sandbox/libvirt-sandbox-builder.h  |   2 +
 libvirt-sandbox/libvirt-sandbox-init-lxc.c |   8 +-
 libvirt-sandbox/libvirt-sandbox-init-qemu.c|   9 +-
 6 files changed, 196 insertions(+), 4 deletions(-)

diff --git a/configure.ac b/configure.ac
index 99d22d7..608f56b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -109,6 +109,13 @@ LIBVIRT_SANDBOX_SELINUX
 
 LIBVIRT_SANDBOX_STATIC_LIBC
 
+dnl search for LDD path
+AC_PATH_PROG([LDD_PATH], [ldd])
+if test -z "$LDD_PATH"; then
+AC_MSG_ERROR([Failed to find ldd.])
+fi
+AC_DEFINE_UNQUOTED([LDD_PATH], "$LDD_PATH", [path to ldd binary])
+
 GOBJECT_INTROSPECTION_CHECK([$GOBJECT_INTROSPECTION_REQUIRED])
 
 dnl Should be in m4/virt-gettext.m4 but intltoolize is too
diff --git a/libvirt-sandbox/libvirt-sandbox-builder-container.c 
b/libvirt-sandbox/libvirt-sandbox-builder-container.c
index c23b82b..d226d35 100644
--- a/libvirt-sandbox/libvirt-sandbox-builder-container.c
+++ b/libvirt-sandbox/libvirt-sandbox-builder-container.c
@@ -184,7 +184,7 @@ static gboolean 
gvir_sandbox_builder_container_construct_os(GVirSandboxBuilder *
 gvir_config_domain_os_set_arch(os,
gvir_sandbox_config_get_arch(config));
 gvir_config_domain_os_set_init(os,
-   LIBEXECDIR "/libvirt-sandbox-init-lxc");
+   SANDBOXCONFIGDIR 
"/.libs/libvirt-sandbox-init-lxc");
 gvir_config_domain_os_set_cmdline(os, cmdline);
 gvir_config_domain_set_os(domain, os);
 
@@ -444,6 +444,18 @@ static const gchar 
*gvir_sandbox_builder_container_get_disk_prefix(GVirSandboxBu
 return "sd";
 }
 
+
+static GList 
*gvir_sandbox_builder_container_get_files_to_copy(GVirSandboxBuilder *builder,
+   
GVirSandboxConfig *config G_GNUC_UNUSED)
+{
+GList * tocopy = 
GVIR_SANDBOX_BUILDER_CLASS(gvir_sandbox_builder_container_parent_class)->
+ get_files_to_copy(builder, config);
+gchar *file = g_strdup_printf("%s/libvirt-sandbox-init-lxc", LIBEXECDIR);
+
+return g_list_append(tocopy, file);
+}
+
+
 static void 
gvir_sandbox_builder_container_class_init(GVirSandboxBuilderContainerClass 
*klass)
 {
 GObjectClass *object_class = G_OBJECT_CLASS(klass);
@@ -458,6 +470,7 @@ static void 
gvir_sandbox_builder_container_class_init(GVirSandboxBuilderContaine
 builder_class->construct_features = 
gvir_sandbox_builder_container_construct_features;
 builder_class->construct_devices = 
gvir_sandbox_builder_container_construct_devices;
 builder_class->get_disk_prefix = 
gvir_sandbox_builder_container_get_disk_prefix;
+builder_class->get_files_to_copy = 
gvir_sandbox_builder_container_get_files_to_copy;
 
 g_type_class_add_private(klass, 
sizeof(GVirSandboxBuilderContainerPrivate));
 }
diff --git a/libvirt-sandbox/libvirt-sandbox-builder.c 
b/libvirt-sandbox/libvirt-sandbox-builder.c
index aa932db..2726868 100644
--- a/libvirt-sandbox/libvirt-sandbox-builder.c
+++ b/libvirt-sandbox/libvirt-sandbox-builder.c
@@ -107,6 +107,8 @@ static gboolean 
gvir_sandbox_builder_clean_post_stop_default(GVirSandboxBuilder
  GVirSandboxConfig 
*config,
  const gchar 
*statedir,
  GError **error);
+static GList *gvir_sandbox_builder_get_files_to_copy(GVirSandboxBuilder 
*builder,
+ GVirSandboxConfig 
*config);
 
 static void gvir_sandbox_builder_get_property(GObject *object,
   guint prop_id,
@@ -176,6 +178,7 @@ static void 
gvir_sandbox_builder_class_init(GVirSandboxBuilderClass *klass)
 klass->construct_security = gvir_sandbox_builder_construct_security;
 klass->clean_post_start = gvir_sandbox_builder_clean_post_start_default;
 klass->clean_post_stop = gvir_sandbox_builder_clean_post_stop_default;
+klass->get_files_to_copy = gvir_sandbox_builder_get_files_to_copy;
 
 g_object_class_install_property(object_class,
 PROP_CONNECTION,
@@ -247,6 +250,108 @@ GVirConnection 
*gvir_sandbox_builder_get_connection(GVirSandboxBuilder *builder)