Check NET_ADMIN flag

Check NET_ADMIN flag

.github/workflows/check.yml

@@ -11,4 +11,4 @@ jobs:
       - name: Run ShellCheck
         uses: ludeeus/action-shellcheck@master
 env:
-        SHELLCHECK_OPTS: -x -e SC2001 -e SC2002 -e SC2223 -e SC2034 -e SC2064
+        SHELLCHECK_OPTS: -x -e SC2001 -e SC2002 -e SC2223 -e SC2034 -e SC2064 

.github/workflows/test.yml

@@ -1,18 +1,10 @@
 on:
-  push:
-    branches-ignore:
-      - master
-    paths:
-      - '**/*.sh'
-      - '.github/workflows/test.yml'
-      - '.github/workflows/check.yml'
-      
   pull_request:
     paths:
       - '**/*.sh'
       - '.github/workflows/test.yml'
       - '.github/workflows/check.yml'
-      
+
 name: "Test"
 permissions: {}
 

readme.md

@@ -176,10 +176,6 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti
 
     There are only three minor differences: the Virtual Machine Manager package is not provided, Surveillance Station doesn't include any free licenses, and logging in to your Synology account is not supported.
 
-## Acknowledgments
-
-Based on an [article](https://jxcn.org/2022/04/vdsm-first-try/) by JXCN.
-
 ## Disclaimer
 
 Only run this container on Synology hardware, any other use is not permitted and might not be legal.

run/network.sh

@@ -25,7 +25,11 @@ configureDHCP() {
   NETWORK=$(ip -o route | grep "${VM_NET_DEV}" | grep -v default | awk '{print $1}')
   IP=$(ip address show dev "${VM_NET_DEV}" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/)
 
-  ip l add link "${VM_NET_DEV}" "${VM_NET_VLAN}" type macvlan mode bridge
+  if !  ip link add link "${VM_NET_DEV}" "${VM_NET_VLAN}" type macvlan mode bridge > /dev/null 2>&1 ; then
+    echo -n "ERROR: Capability NET_ADMIN has not been set. Please add the "
+    echo "following docker setting to your container: --cap-add NET_ADMIN" && exit 15
+  fi
+
   ip address add "${IP}" dev "${VM_NET_VLAN}"
   ip link set dev "${VM_NET_VLAN}" up
 
@@ -35,10 +39,14 @@ configureDHCP() {
   ip route add "${NETWORK}" dev "${VM_NET_VLAN}" metric 0
   ip route add default via "${GATEWAY}"
 
-  echo "Info: Acquiring an IP address via DHCP using MAC address ${VM_NET_MAC}..."
+  echo "INFO: Acquiring an IP address via DHCP using MAC address ${VM_NET_MAC}..."
 
-  ip l add link "${VM_NET_DEV}" name "${VM_NET_TAP}" address "${VM_NET_MAC}" type macvtap mode bridge || true
-  ip l set "${VM_NET_TAP}" up
+  if !  ip link add link "${VM_NET_DEV}" name "${VM_NET_TAP}" address "${VM_NET_MAC}" type macvtap mode bridge > /dev/null 2>&1 ; then
+    echo -n "ERROR: Capability NET_ADMIN has not been set. Please add the "
+    echo "following docker setting to your container: --cap-add NET_ADMIN" && exit 16
+  fi
+
+  ip link set "${VM_NET_TAP}" up
 
   ip a flush "${VM_NET_DEV}"
   ip a flush "${VM_NET_TAP}"
@@ -46,12 +54,12 @@ configureDHCP() {
   DHCP_IP=$(dhclient -v "${VM_NET_TAP}" 2>&1 | grep ^bound | cut -d' ' -f3)
 
   if [[ "${DHCP_IP}" == [0-9.]* ]]; then
-    echo "Info: Successfully acquired IP ${DHCP_IP} from the DHCP server..."
+    echo "INFO: Successfully acquired IP ${DHCP_IP} from the DHCP server..."
   else
-    echo "ERROR: Cannot acquire an IP address from the DHCP server" && exit 16
+    echo "ERROR: Cannot acquire an IP address from the DHCP server" && exit 17
   fi
 
-  ip a flush "${VM_NET_TAP}"
+  ip address flush "${VM_NET_TAP}"
 
   TAP_NR=$(</sys/class/net/"${VM_NET_TAP}"/ifindex)
   TAP_PATH="/dev/tap${TAP_NR}"
@@ -72,8 +80,8 @@ configureDHCP() {
   fi
 
   if ! exec 30>>"$TAP_PATH"; then
-    echo -n "ERROR: Please add the following docker variables to your container:  "
-    echo "--device=/dev/vhost-net --device-cgroup-rule='c ${MAJOR}:* rwm'" && exit 21
+    echo -n "ERROR: Cannot create TAP interface. Please add the following docker settings to your "
+    echo "container: --device-cgroup-rule='c ${MAJOR}:* rwm' --device=/dev/vhost-net" && exit 21
   fi
 
   # Create /dev/vhost-net
@@ -83,8 +91,8 @@ configureDHCP() {
   fi
 
   if ! exec 40>>/dev/vhost-net; then
-    echo -n "ERROR: VHOST can not be found. Please add the following docker "
-    echo "variable to your container: --device=/dev/vhost-net" && exit 22
+    echo -n "ERROR: VHOST can not be found. Please add the following "
+    echo "docker setting to your container: --device=/dev/vhost-net" && exit 22
   fi
 
   # Store IP for Docker healthcheck
@@ -98,7 +106,12 @@ configureNAT () {
   VM_NET_IP='20.20.20.21'
 
   #Create bridge with static IP for the VM guest
-  ip link add dev dockerbridge type bridge
+
+  if ! ip link add dev dockerbridge type bridge > /dev/null 2>&1 ; then
+    echo -n "ERROR: Capability NET_ADMIN has not been set. Please add the "
+    echo "following docker setting to your container: --cap-add NET_ADMIN" && exit 23
+  fi
+
   ip addr add ${VM_NET_IP%.*}.1/24 broadcast ${VM_NET_IP%.*}.255 dev dockerbridge
   ip link set dockerbridge up
 
@@ -187,7 +200,7 @@ GATEWAY=$(ip r | grep default | awk '{print $3}')
 if [ "$DEBUG" = "Y" ]; then
 
   IP=$(ip address show dev "${VM_NET_DEV}" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/)
-  echo "Info: Container IP is ${IP} with gateway ${GATEWAY}" && echo
+  echo "INFO: Container IP is ${IP} with gateway ${GATEWAY}" && echo
   ifconfig
   ip route && echo
 

run/run.sh

@@ -44,6 +44,7 @@ fi
 . /run/power.sh
 
 KVM_ERR=""
+KVM_OPTS=""
 
 if [ -e /dev/kvm ] && sh -c 'echo -n > /dev/kvm' &> /dev/null; then
   if ! grep -q -e vmx -e svm /proc/cpuinfo; then
@@ -54,11 +55,12 @@ else
 fi
 
 if [ -n "${KVM_ERR}" ]; then
-  echo "Error: KVM acceleration not detected ${KVM_ERR}, please enable it."
+  echo "ERROR: KVM acceleration not detected ${KVM_ERR}, please enable it."
   [ "$DEBUG" != "Y" ] && exit 88
+else
+  KVM_OPTS=",accel=kvm -enable-kvm -cpu host"
 fi
 
-KVM_OPTS=",accel=kvm -enable-kvm -cpu host"
 DEF_OPTS="-nographic -nodefaults -boot strict=on -display none"
 RAM_OPTS=$(echo "-m ${RAM_SIZE}" | sed 's/MB/M/g;s/GB/G/g;s/TB/T/g')
 CPU_OPTS="-smp ${CPU_CORES},sockets=1,dies=1,cores=${CPU_CORES},threads=1"
@@ -70,10 +72,7 @@ EXTRA_OPTS="$EXTRA_OPTS -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pcie.0,ad
 ARGS="${DEF_OPTS} ${CPU_OPTS} ${RAM_OPTS} ${MAC_OPTS} ${MON_OPTS} ${SERIAL_OPTS} ${NET_OPTS} ${DISK_OPTS} ${EXTRA_OPTS}"
 ARGS=$(echo "$ARGS" | sed 's/\t/ /g' | tr -s ' ')
 
-if [ "$DEBUG" = "Y" ]; then
-  echo -n "qemu-system-x86_64 "
-  echo "${ARGS}" && echo
-fi
+[ "$DEBUG" = "Y" ] && echo "qemu-system-x86_64 ${ARGS}" && echo
 
 set -m
 (

run/serial.sh

@@ -26,9 +26,9 @@ HOST_ARGS+=("-cpu_arch=${HOST_CPU}")
 [ -n "$CPU_CORES" ] && HOST_ARGS+=("-cpu=${CPU_CORES}")
 [ -n "$HOST_BUILD" ] && HOST_ARGS+=("-build=${HOST_BUILD}")
 [ -n "$HOST_SERIAL" ] && HOST_ARGS+=("-hostsn=${HOST_SERIAL}")
-[ -n "$HOST_TIMESTAMP" ] && HOST_ARGS+=("-ts=${HOST_TIMESTAMP}")
 [ -n "$GUEST_SERIAL" ] && HOST_ARGS+=("-guestsn=${GUEST_SERIAL}")
 [ -n "$HOST_VERSION" ] && HOST_ARGS+=("-version=${HOST_VERSION}")
+[ -n "$HOST_TIMESTAMP" ] && HOST_ARGS+=("-ts=${HOST_TIMESTAMP}")
 
 if [ "$DEBUG" = "Y" ]; then
   echo -n "./run/host.bin "