fix: KVM flag (#504)

* fix: Close file descriptors

Dockerfile

@@ -29,7 +29,7 @@ RUN apt-get update && apt-get -y upgrade \
         iptables \
         iproute2 \
         dnsmasq \
-        fakeroot \        
+        fakeroot \
         net-tools \
         qemu-utils \
         ca-certificates \

readme.md

@@ -169,8 +169,6 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti
     ```yaml
     environment:
       DHCP: "Y"
-    devices:
-      - /dev/vhost-net
     device_cgroup_rules:
       - 'c *:* rwm'
     ```

src/cpu.sh

@@ -7,10 +7,11 @@ set -Eeuo pipefail
 : ${CPU_MODEL:='host'}
 : ${CPU_FEATURES:='+ssse3,+sse4.1,+sse4.2'}
 
-KVM_ERR=""
-KVM_OPTS=""
+[ "$ARCH" != "amd64" ] && KVM="N"
 
-if [[ "$ARCH" == "amd64" && "$KVM" != [Nn]* ]]; then
+if [[ "$KVM" != [Nn]* ]]; then
+
+  KVM_ERR=""
 
   if [ -e /dev/kvm ] && sh -c 'echo -n > /dev/kvm' &> /dev/null; then
     if ! grep -q -e vmx -e svm /proc/cpuinfo; then
@@ -21,25 +22,35 @@ if [[ "$ARCH" == "amd64" && "$KVM" != [Nn]* ]]; then
   fi
 
   if [ -n "$KVM_ERR" ]; then
+    KVM="N"
     error "KVM acceleration not detected $KVM_ERR, this will cause a major loss of performance."
-    error "See the FAQ on how to enable it, or skip this error by setting KVM=N (not recommended)."
+    error "See the FAQ on how to enable it, or continue without KVM by setting KVM=N (not recommended)."
     [[ "$DEBUG" != [Yy1]* ]] && exit 88
-    [[ "$CPU_MODEL" == "host"* ]] && CPU_MODEL="max,$CPU_FEATURES"
-  else
-    KVM_OPTS=",accel=kvm -enable-kvm"
   fi
 
-  if [ -n "$KVM_OPTS" ]; then
-    if ! grep -qE '^flags.* (sse4_2)' /proc/cpuinfo; then
-      error "Your host CPU does not have the SSE4.2 instruction set that Virtual DSM requires to boot."
-      error "Disable KVM by setting KVM=N to emulate a compatible CPU, at the cost of performance."
-      [[ "$DEBUG" != [Yy1]* ]] && exit 89
-    fi
+fi
+
+if [[ "$KVM" != [Nn]* ]]; then
+
+  KVM_OPTS=",accel=kvm -enable-kvm"
+
+  if ! grep -qE '^flags.* (sse4_2)' /proc/cpuinfo; then
+    error "Your host CPU does not have the SSE4.2 instruction set that Virtual DSM requires to boot."
+    error "Disable KVM by setting KVM=N to emulate a compatible CPU, at the cost of performance."
+    [[ "$DEBUG" != [Yy1]* ]] && exit 89
   fi
 
 else
 
-  [[ "$CPU_MODEL" == "host"* ]] && CPU_MODEL="max,$CPU_FEATURES"
+  KVM_OPTS=""
+
+  if [[ "$CPU_MODEL" == "host"* ]]; then
+    if [[ "$ARCH" == "amd64" ]]; then
+      CPU_MODEL="max,$CPU_FEATURES"
+    else
+      CPU_MODEL="qemu64,$CPU_FEATURES"
+    fi
+  fi
 
 fi
 

src/disk.sh

@@ -123,10 +123,6 @@ createDisk() {
           error "$FAIL" && exit 77
         fi
         { chattr +C "$DISK_FILE"; } || :
-        FA=$(lsattr "$DISK_FILE")
-        if [[ "$FA" != *"C"* ]]; then
-          error "Failed to disable COW for $DISK_DESC image $DISK_FILE on ${FS^^} filesystem (returned $FA)"
-        fi
       fi
 
       if [[ "$ALLOCATE" == [Nn]* ]]; then
@@ -159,17 +155,16 @@ createDisk() {
         rm -f "$DISK_FILE"
         error "$FAIL" && exit 70
       fi
-
-      if isCow "$FS"; then
-        FA=$(lsattr "$DISK_FILE")
-        if [[ "$FA" != *"C"* ]]; then
-          error "Failed to disable COW for $DISK_DESC image $DISK_FILE on ${FS^^} filesystem (returned $FA)"
-        fi
-      fi
-
       ;;
   esac
 
+  if isCow "$FS"; then
+    FA=$(lsattr "$DISK_FILE")
+    if [[ "$FA" != *"C"* ]]; then
+      error "Failed to disable COW for $DISK_DESC image $DISK_FILE on ${FS^^} filesystem (returned $FA)"
+    fi
+  fi
+
   return 0
 }
 
@@ -328,7 +323,7 @@ checkFS () {
     if [ -f "$DISK_FILE" ]; then
       FA=$(lsattr "$DISK_FILE")
       if [[ "$FA" != *"C"* ]]; then
-        info "Warning: COW (copy on write) is not disabled for the $DISK_DESC image file $DISK_FILE, this is recommended on ${FS^^} filesystems!"
+        info "Warning: COW (copy on write) is not disabled for $DISK_DESC image file $DISK_FILE, this is recommended on ${FS^^} filesystems!"
       fi
     fi
   fi

src/gpu.sh

@@ -8,16 +8,17 @@ fi
 [ ! -d /dev/dri ] && mkdir -m 755 /dev/dri
 
 if [ ! -c /dev/dri/card0 ]; then
-  mknod /dev/dri/card0 c 226 0
+  if mknod /dev/dri/card0 c 226 0; then
+    chmod 666 /dev/dri/card0
+  fi
 fi
 
 if [ ! -c /dev/dri/renderD128 ]; then
-  mknod /dev/dri/renderD128 c 226 128
+  if mknod /dev/dri/renderD128 c 226 128; then
+    chmod 666 /dev/dri/renderD128
+  fi
 fi
 
-chmod 666 /dev/dri/card0
-chmod 666 /dev/dri/renderD128
-
 addPackage "xserver-xorg-video-intel" "Intel GPU drivers"
 addPackage "qemu-system-modules-opengl" "OpenGL module"
 

src/install.sh

@@ -205,12 +205,7 @@ else
 
 fi
 
-HDA="$TMP/hda1"
-IDB="$TMP/indexdb"
-PKG="$TMP/packages"
-HDP="$TMP/synohdpack_img"
-
-[ ! -f "$HDA.tgz" ] && error "The PAT file contains no OS image." && exit 64
+info "Install: Preparing system partition..."
 
 BOOT=$(find "$TMP" -name "*.bin.zip")
 [ ! -f "$BOOT" ] && error "The PAT file contains no boot image." && exit 67
@@ -271,15 +266,18 @@ PART="$TMP/partition.fdisk"
 
 sfdisk -q "$SYSTEM" < "$PART"
 
-info "Install: Extracting system partition..."
-
-LABEL="1.44.1-42218"
-OFFSET="1048576" # 2048 * 512
-NUMBLOCKS="622560" # (4980480 * 512) / 4096
-
 MOUNT="$TMP/system"
 rm -rf "$MOUNT" && mkdir -p "$MOUNT"
 
+info "Install: Extracting system partition..."
+
+HDA="$TMP/hda1"
+IDB="$TMP/indexdb"
+PKG="$TMP/packages"
+HDP="$TMP/synohdpack_img"
+
+[ ! -f "$HDA.tgz" ] && error "The PAT file contains no OS image." && exit 64
+
 mv "$HDA.tgz" "$HDA.txz"
 
 if [[ "$ROOT" != [Nn]* ]]; then
@@ -299,6 +297,10 @@ if [ -f "$IDB.txz" ]; then
   tar xpfJ "$IDB.txz" --absolute-names -C "$INDEX_DB"
 fi
 
+LABEL="1.44.1-42218"
+OFFSET="1048576" # 2048 * 512
+NUMBLOCKS="622560" # (4980480 * 512) / 4096
+
 if [[ "$ROOT" != [Nn]* ]]; then
 
   info "Install: Installing system partition..."

src/network.sh

@@ -15,6 +15,8 @@ set -Eeuo pipefail
 : ${DNSMASQ:='/usr/sbin/dnsmasq'}
 : ${DNSMASQ_CONF_DIR:='/etc/dnsmasq.d'}
 
+ADD_ERR="Please add the following setting to your container:"
+
 # ######################################
 #  Functions
 # ######################################
@@ -27,7 +29,7 @@ configureDHCP() {
 
   if (( rc != 0 )); then
     error "Cannot create macvtap interface. Please make sure the network type is 'macvlan' and not 'ipvlan',"
-    error "and that the NET_ADMIN capability has been added to the container config: --cap-add NET_ADMIN" && exit 16
+    error "and that the NET_ADMIN capability has been added to the container: --cap-add NET_ADMIN" && exit 16
   fi
 
   while ! ip link set "$VM_NET_TAP" up; do
@@ -53,15 +55,13 @@ configureDHCP() {
   { exec 30>>"$TAP_PATH"; rc=$?; } 2>/dev/null || :
 
   if (( rc != 0 )); then
-    error "Cannot create TAP interface ($rc). Please add the following docker settings to your "
-    error "container: --device-cgroup-rule='c $MAJOR:* rwm' --device=/dev/vhost-net" && exit 21
+    error "Cannot create TAP interface ($rc). $ADD_ERR --device-cgroup-rule='c *:* rwm'" && exit 21
   fi
 
   { exec 40>>/dev/vhost-net; rc=$?; } 2>/dev/null || :
 
   if (( rc != 0 )); then
-    error "VHOST can not be found ($rc). Please add the following "
-    error "docker setting to your container: --device=/dev/vhost-net" && exit 22
+    error "VHOST can not be found ($rc). $ADD_ERR --device=/dev/vhost-net" && exit 22
   fi
 
   NET_OPTS="-netdev tap,id=hostnet0,vhost=on,vhostfd=40,fd=30"
@@ -100,8 +100,7 @@ configureNAT () {
   { ip link add dev dockerbridge type bridge ; rc=$?; } || :
 
   if (( rc != 0 )); then
-    error "Capability NET_ADMIN has not been set most likely. Please add the "
-    error "following docker setting to your container: --cap-add NET_ADMIN" && exit 23
+    error "Failed to create bridge. $ADD_ERR --cap-add NET_ADMIN" && exit 23
   fi
 
   ip address add ${VM_NET_IP%.*}.1/24 broadcast ${VM_NET_IP%.*}.255 dev dockerbridge
@@ -138,7 +137,7 @@ configureNAT () {
   if [[ $(< /proc/sys/net/ipv4/ip_forward) -eq 0 ]]; then
     { sysctl -w net.ipv4.ip_forward=1 ; rc=$?; } || :
     if (( rc != 0 )); then
-      error "Please add the following docker setting to your container: --sysctl net.ipv4.ip_forward=1" && exit 24
+      error "IP forwarding is disabled. $ADD_ERR --sysctl net.ipv4.ip_forward=1" && exit 24
     fi
   fi
 
@@ -154,6 +153,9 @@ configureNAT () {
 
 closeNetwork () {
 
+  exec 30<&- || true
+  exec 40<&- || true
+
   if [[ "$DHCP" == [Yy1]* ]]; then
 
     { pkill -f server.sh || true; } 2>/dev/null
@@ -189,7 +191,7 @@ if [ ! -c /dev/net/tun ]; then
 fi
 
 if [ ! -c /dev/net/tun ]; then
-  error "Please add the following docker settings to your container: --device=/dev/net/tun" && exit 25
+  error "TUN device missing. $ADD_ERR --cap-add NET_ADMIN" && exit 25
 fi
 
 # Create the necessary file structure for /dev/vhost-net
@@ -213,9 +215,7 @@ fi
 if [[ "$DHCP" == [Yy1]* ]]; then
 
   if [[ "$GATEWAY" == "172."* ]]; then
-    if [[ "$DEBUG" == [Yy1]* ]]; then
-      info "Warning: Are you sure the container is on a macvlan network?"
-    else
+    if [[ "$DEBUG" != [Yy1]* ]]; then
       error "You can only enable DHCP while the container is on a macvlan network!" && exit 26
     fi
   fi