twh_eastasia/virtual-dsm
1
0
Fork 0
mirror of https://github.com/vdsm/virtual-dsm.git synced 2025-02-24 13:30:02 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Check NET_ADMIN flag

Browse Source 
Check NET_ADMIN flag
This commit is contained in:
Kroese 2023-04-27 20:09:28 +02:00 committed by GitHub
commit 1936d70ce5
6 changed files with 34 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/test.yml vendored
View File

@ -1,12 +1,4 @@
on: on:
push:
branches-ignore:
- master
paths:
- '**/*.sh'
- '.github/workflows/test.yml'
- '.github/workflows/check.yml'
pull_request: pull_request:
paths: paths:
- '**/*.sh' - '**/*.sh'

4
readme.md
View File

@ -176,10 +176,6 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti
There are only three minor differences: the Virtual Machine Manager package is not provided, Surveillance Station doesn't include any free licenses, and logging in to your Synology account is not supported. There are only three minor differences: the Virtual Machine Manager package is not provided, Surveillance Station doesn't include any free licenses, and logging in to your Synology account is not supported.
## Acknowledgments
Based on an [article](https://jxcn.org/2022/04/vdsm-first-try/) by JXCN.
## Disclaimer ## Disclaimer
Only run this container on Synology hardware, any other use is not permitted and might not be legal. Only run this container on Synology hardware, any other use is not permitted and might not be legal.

39
run/network.sh
View File

@ -25,7 +25,11 @@ configureDHCP() {
NETWORK=$(ip -o route | grep "${VM_NET_DEV}" | grep -v default | awk '{print $1}') NETWORK=$(ip -o route | grep "${VM_NET_DEV}" | grep -v default | awk '{print $1}')
IP=$(ip address show dev "${VM_NET_DEV}" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/) IP=$(ip address show dev "${VM_NET_DEV}" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/)
ip l add link "${VM_NET_DEV}" "${VM_NET_VLAN}" type macvlan mode bridge if ! ip link add link "${VM_NET_DEV}" "${VM_NET_VLAN}" type macvlan mode bridge > /dev/null 2>&1 ; then
echo -n "ERROR: Capability NET_ADMIN has not been set. Please add the "
echo "following docker setting to your container: --cap-add NET_ADMIN" && exit 15
fi
ip address add "${IP}" dev "${VM_NET_VLAN}" ip address add "${IP}" dev "${VM_NET_VLAN}"
ip link set dev "${VM_NET_VLAN}" up ip link set dev "${VM_NET_VLAN}" up
@ -35,10 +39,14 @@ configureDHCP() {
ip route add "${NETWORK}" dev "${VM_NET_VLAN}" metric 0 ip route add "${NETWORK}" dev "${VM_NET_VLAN}" metric 0
ip route add default via "${GATEWAY}" ip route add default via "${GATEWAY}"
echo "Info: Acquiring an IP address via DHCP using MAC address ${VM_NET_MAC}..." echo "INFO: Acquiring an IP address via DHCP using MAC address ${VM_NET_MAC}..."
ip l add link "${VM_NET_DEV}" name "${VM_NET_TAP}" address "${VM_NET_MAC}" type macvtap mode bridge || true if ! ip link add link "${VM_NET_DEV}" name "${VM_NET_TAP}" address "${VM_NET_MAC}" type macvtap mode bridge > /dev/null 2>&1 ; then
ip l set "${VM_NET_TAP}" up echo -n "ERROR: Capability NET_ADMIN has not been set. Please add the "
echo "following docker setting to your container: --cap-add NET_ADMIN" && exit 16
fi
ip link set "${VM_NET_TAP}" up
ip a flush "${VM_NET_DEV}" ip a flush "${VM_NET_DEV}"
ip a flush "${VM_NET_TAP}" ip a flush "${VM_NET_TAP}"
@ -46,12 +54,12 @@ configureDHCP() {
DHCP_IP=$(dhclient -v "${VM_NET_TAP}" 2>&1 | grep ^bound | cut -d' ' -f3) DHCP_IP=$(dhclient -v "${VM_NET_TAP}" 2>&1 | grep ^bound | cut -d' ' -f3)
if [[ "${DHCP_IP}" == [0-9.]* ]]; then if [[ "${DHCP_IP}" == [0-9.]* ]]; then
echo "Info: Successfully acquired IP ${DHCP_IP} from the DHCP server..." echo "INFO: Successfully acquired IP ${DHCP_IP} from the DHCP server..."
else else
echo "ERROR: Cannot acquire an IP address from the DHCP server" && exit 16 echo "ERROR: Cannot acquire an IP address from the DHCP server" && exit 17
fi fi
ip a flush "${VM_NET_TAP}" ip address flush "${VM_NET_TAP}"
TAP_NR=$(</sys/class/net/"${VM_NET_TAP}"/ifindex) TAP_NR=$(</sys/class/net/"${VM_NET_TAP}"/ifindex)
TAP_PATH="/dev/tap${TAP_NR}" TAP_PATH="/dev/tap${TAP_NR}"
@ -72,8 +80,8 @@ configureDHCP() {
fi fi
if ! exec 30>>"$TAP_PATH"; then if ! exec 30>>"$TAP_PATH"; then
echo -n "ERROR: Please add the following docker variables to your container: " echo -n "ERROR: Cannot create TAP interface. Please add the following docker settings to your "
echo "--device=/dev/vhost-net --device-cgroup-rule='c ${MAJOR}:* rwm'" && exit 21 echo "container: --device-cgroup-rule='c ${MAJOR}:* rwm' --device=/dev/vhost-net" && exit 21
fi fi
# Create /dev/vhost-net # Create /dev/vhost-net
@ -83,8 +91,8 @@ configureDHCP() {
fi fi
if ! exec 40>>/dev/vhost-net; then if ! exec 40>>/dev/vhost-net; then
echo -n "ERROR: VHOST can not be found. Please add the following docker " echo -n "ERROR: VHOST can not be found. Please add the following "
echo "variable to your container: --device=/dev/vhost-net" && exit 22 echo "docker setting to your container: --device=/dev/vhost-net" && exit 22
fi fi
# Store IP for Docker healthcheck # Store IP for Docker healthcheck
@ -98,7 +106,12 @@ configureNAT () {
VM_NET_IP='20.20.20.21' VM_NET_IP='20.20.20.21'
#Create bridge with static IP for the VM guest #Create bridge with static IP for the VM guest
ip link add dev dockerbridge type bridge
if ! ip link add dev dockerbridge type bridge > /dev/null 2>&1 ; then
echo -n "ERROR: Capability NET_ADMIN has not been set. Please add the "
echo "following docker setting to your container: --cap-add NET_ADMIN" && exit 23
fi
ip addr add ${VM_NET_IP%.*}.1/24 broadcast ${VM_NET_IP%.*}.255 dev dockerbridge ip addr add ${VM_NET_IP%.*}.1/24 broadcast ${VM_NET_IP%.*}.255 dev dockerbridge
ip link set dockerbridge up ip link set dockerbridge up
@ -187,7 +200,7 @@ GATEWAY=$(ip r | grep default | awk '{print $3}')
if [ "$DEBUG" = "Y" ]; then if [ "$DEBUG" = "Y" ]; then
IP=$(ip address show dev "${VM_NET_DEV}" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/) IP=$(ip address show dev "${VM_NET_DEV}" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/)
echo "Info: Container IP is ${IP} with gateway ${GATEWAY}" && echo echo "INFO: Container IP is ${IP} with gateway ${GATEWAY}" && echo
ifconfig ifconfig
ip route && echo ip route && echo

11
run/run.sh
View File

@ -44,6 +44,7 @@ fi
. /run/power.sh . /run/power.sh
KVM_ERR="" KVM_ERR=""
KVM_OPTS=""
if [ -e /dev/kvm ] && sh -c 'echo -n > /dev/kvm' &> /dev/null; then if [ -e /dev/kvm ] && sh -c 'echo -n > /dev/kvm' &> /dev/null; then
if ! grep -q -e vmx -e svm /proc/cpuinfo; then if ! grep -q -e vmx -e svm /proc/cpuinfo; then
@ -54,11 +55,12 @@ else
fi fi
if [ -n "${KVM_ERR}" ]; then if [ -n "${KVM_ERR}" ]; then
echo "Error: KVM acceleration not detected ${KVM_ERR}, please enable it." echo "ERROR: KVM acceleration not detected ${KVM_ERR}, please enable it."
[ "$DEBUG" != "Y" ] && exit 88 [ "$DEBUG" != "Y" ] && exit 88
else
KVM_OPTS=",accel=kvm -enable-kvm -cpu host"
fi fi
KVM_OPTS=",accel=kvm -enable-kvm -cpu host"
DEF_OPTS="-nographic -nodefaults -boot strict=on -display none" DEF_OPTS="-nographic -nodefaults -boot strict=on -display none"
RAM_OPTS=$(echo "-m ${RAM_SIZE}" | sed 's/MB/M/g;s/GB/G/g;s/TB/T/g') RAM_OPTS=$(echo "-m ${RAM_SIZE}" | sed 's/MB/M/g;s/GB/G/g;s/TB/T/g')
CPU_OPTS="-smp ${CPU_CORES},sockets=1,dies=1,cores=${CPU_CORES},threads=1" CPU_OPTS="-smp ${CPU_CORES},sockets=1,dies=1,cores=${CPU_CORES},threads=1"
@ -70,10 +72,7 @@ EXTRA_OPTS="$EXTRA_OPTS -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pcie.0,ad
ARGS="${DEF_OPTS} ${CPU_OPTS} ${RAM_OPTS} ${MAC_OPTS} ${MON_OPTS} ${SERIAL_OPTS} ${NET_OPTS} ${DISK_OPTS} ${EXTRA_OPTS}" ARGS="${DEF_OPTS} ${CPU_OPTS} ${RAM_OPTS} ${MAC_OPTS} ${MON_OPTS} ${SERIAL_OPTS} ${NET_OPTS} ${DISK_OPTS} ${EXTRA_OPTS}"
ARGS=$(echo "$ARGS" | sed 's/\t/ /g' | tr -s ' ') ARGS=$(echo "$ARGS" | sed 's/\t/ /g' | tr -s ' ')
if [ "$DEBUG" = "Y" ]; then [ "$DEBUG" = "Y" ] && echo "qemu-system-x86_64 ${ARGS}" && echo
echo -n "qemu-system-x86_64 "
echo "${ARGS}" && echo
fi
set -m set -m
( (

2
run/serial.sh
View File

@ -26,9 +26,9 @@ HOST_ARGS+=("-cpu_arch=${HOST_CPU}")
[ -n "$CPU_CORES" ] && HOST_ARGS+=("-cpu=${CPU_CORES}") [ -n "$CPU_CORES" ] && HOST_ARGS+=("-cpu=${CPU_CORES}")
[ -n "$HOST_BUILD" ] && HOST_ARGS+=("-build=${HOST_BUILD}") [ -n "$HOST_BUILD" ] && HOST_ARGS+=("-build=${HOST_BUILD}")
[ -n "$HOST_SERIAL" ] && HOST_ARGS+=("-hostsn=${HOST_SERIAL}") [ -n "$HOST_SERIAL" ] && HOST_ARGS+=("-hostsn=${HOST_SERIAL}")
[ -n "$HOST_TIMESTAMP" ] && HOST_ARGS+=("-ts=${HOST_TIMESTAMP}")
[ -n "$GUEST_SERIAL" ] && HOST_ARGS+=("-guestsn=${GUEST_SERIAL}") [ -n "$GUEST_SERIAL" ] && HOST_ARGS+=("-guestsn=${GUEST_SERIAL}")
[ -n "$HOST_VERSION" ] && HOST_ARGS+=("-version=${HOST_VERSION}") [ -n "$HOST_VERSION" ] && HOST_ARGS+=("-version=${HOST_VERSION}")
[ -n "$HOST_TIMESTAMP" ] && HOST_ARGS+=("-ts=${HOST_TIMESTAMP}")
if [ "$DEBUG" = "Y" ]; then if [ "$DEBUG" = "Y" ]; then
echo -n "./run/host.bin " echo -n "./run/host.bin "