1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
#!/bin/bash
set -x
# We need to put the rootfs somewhere where we can modify some
# parts of the content on first boot (namely file permissions).
# Other than that nothing should ever modify the content of the
# rootfs.
DATA_PATH=$SNAP_COMMON/
ANDROID_IMG=$SNAP/android.img
if [ "$(id -u)" != 0 ]; then
echo "ERROR: You need to run the container manager as root"
exit 1
fi
if [ ! -e "$ANDROID_IMG" ]; then
echo "ERROR: android image does not exist"
exit 1
fi
if [ "$SNAP_ARCH" = "amd64" ]; then
ARCH="x86_64-linux-gnu"
elif [ "$SNAP_ARCH" = "armhf" ]; then
ARCH="arm-linux-gnueabihf"
else
ARCH="$SNAP_ARCH-linux-gnu"
fi
# Re-exec outside of apparmor confinement
if [ -d /sys/kernel/security/apparmor ] && [ "$(cat /proc/self/attr/current)" != "unconfined" ]; then
exec /usr/bin/aa-exec -p unconfined -- "$0" "$@"
fi
start() {
# Make sure our setup path for the container rootfs
# is present as lxc is statically configured for
# this path.
mkdir -p "$SNAP_COMMON/lxc"
# We start the bridge here as long as a oneshot service unit is not
# possible. See snapcraft.yaml for further details.
"$SNAP"/bin/anbox-bridge.sh start
# Ensure FUSE support for user namespaces is enabled
echo Y | tee /sys/module/fuse/parameters/userns_mounts || echo "WARNING: kernel doesn't support fuse in user namespaces"
# liblxc.so.1 is in $SNAP/lib
export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$SNAP/liblxc"
# For unknown reason we got bug reports that the container manager failed to start
# because it cannot find libboost_log.so.1.58.0 To mitigate this we're adding the
# lib directory as explicit search target here.
export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$SNAP/usr/lib/$ARCH"
enable_debug="$(snapctl get debug.enable)"
if [ "$enable_debug" = true ]; then
export ANBOX_LOG_LEVEL=debug
export LD_DEBUG=libs
fi
EXTRA_ARGS=
enable_rootfs_overlay="$(snapctl get rootfs-overlay.enable)"
if [ "$enable_rootfs_overlay" = true ]; then
EXTRA_ARGS="$EXTRA_ARGS --use-rootfs-overlay"
fi
enable_privileged_container="$(snapctl get container.privileged)"
if [ "$enable_privileged_container" = true ]; then
EXTRA_ARGS="$EXTRA_ARGS --privileged"
fi
container_network_address=$(snapctl get container.network.address)
if [ -n "$container_network_address" ]; then
EXTRA_ARGS="$EXTRA_ARGS --container-network-address=$container_network_address"
fi
container_network_gateway=$(snapctl get container.network.gateway)
if [ -n "$container_network_gateway" ]; then
EXTRA_ARGS="$EXTRA_ARGS --container-network-gateway=$container_network_gateway"
fi
container_network_dns=$(snapctl get container.network.dns)
if [ -n "$container_network_dns" ]; then
EXTRA_ARGS="$EXTRA_ARGS --container-network-dns-servers=$container_network_dns"
fi
# Load all relevant kernel modules
modprobe binder_linux
modprobe ashmem_linux
# Ensure we have binderfs mounted when our kernel supports it
if cat /proc/filesystems | grep -q binder ; then
mkdir -p "$SNAP_COMMON"/binderfs
# Remove old mounts so that we start fresh without any devices allocated
if cat /proc/mounts | grep -q "binder $SNAP_COMMON/binderfs" ; then
umount "$SNAP_COMMON"/binderfs
fi
mount -t binder none "$SNAP_COMMON"/binderfs
fi
exec "$SNAP"/bin/anbox-wrapper.sh container-manager \
--data-path="$DATA_PATH" \
--android-image="$ANDROID_IMG" \
--daemon \
$EXTRA_ARGS
}
stop() {
"$SNAP"/bin/anbox-bridge.sh stop
}
case "$1" in
start)
start
;;
stop)
stop
;;
*)
echo "ERROR: Unknown command '$1'"
exit 1
;;
esac
|
