fix: Disable kernel networking in bridge mode (#656)

2025-02-24 05:20:02 +08:00 · 2024-03-12 01:50:43 +01:00 · 2024-03-12 01:50:43 +01:00 · 1c8cad92f8
commit 1c8cad92f8
parent fabb8ea3b7
6 changed files with 36 additions and 15 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -5,12 +5,8 @@ services:
        image: vdsm/virtual-dsm:latest
        environment:
            DISK_SIZE: "16G"
-            RAM_SIZE: "1G"
-            CPU_CORES: "1"
        devices:
            - /dev/kvm
-        device_cgroup_rules:
-            - 'c *:* rwm'
        cap_add:
            - NET_ADMIN
        ports:
--- a/readme.md
+++ b/readme.md
@ -194,6 +194,8 @@ docker run -it --rm --name dsm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMI
  ```yaml
  environment:
    DHCP: "Y"
+  devices:
+    - /dev/vhost-net
  device_cgroup_rules:
    - 'c *:* rwm'
  ```
--- a/src/check.sh
+++ b/src/check.sh
@ -1,8 +1,11 @@
 #!/usr/bin/env bash
 set -Eeuo pipefail

+: "${NETWORK:="Y"}"
+
 [ -f "/run/shm/qemu.end" ] && echo "QEMU is shutting down.." && exit 1
 [ ! -f "/run/shm/qemu.pid" ] && echo "QEMU is not running yet.." && exit 0
+[[ "$NETWORK" != [Yy1]* ]] && echo "Networking is disabled.." && exit 0

 file="/run/shm/dsm.url"
 address="/run/shm/qemu.ip"
--- a/src/entry.sh
+++ b/src/entry.sh
@ -32,4 +32,5 @@ terminal
 tail -fn +0 "$QEMU_LOG" 2>/dev/null &
 cat "$QEMU_TERM" 2>/dev/null & wait $! || :

-sleep 1 && finish 0
+sleep 1 & wait $!
+finish 0
--- a/src/network.sh
+++ b/src/network.sh
@ -5,6 +5,7 @@ set -Eeuo pipefail

 : "${MAC:=""}"
 : "${DHCP:="N"}"
+: "${NETWORK:="Y"}"

 : "${VM_NET_DEV:=""}"
 : "${VM_NET_TAP:="dsm"}"
@ -23,8 +24,14 @@ ADD_ERR="Please add the following setting to your container:"

 configureDHCP() {

-  # Create a macvtap network for the VM guest
+  # Create the necessary file structure for /dev/vhost-net
+  if [ ! -c /dev/vhost-net ]; then
+    if mknod /dev/vhost-net c 10 238; then
+      chmod 660 /dev/vhost-net
+    fi
+  fi

+  # Create a macvtap network for the VM guest
  { ip link add link "$VM_NET_DEV" name "$VM_NET_TAP" address "$VM_NET_MAC" type macvtap mode bridge ; rc=$?; } || :

  if (( rc != 0 )); then
@ -160,8 +167,10 @@ configureNAT() {

  NET_OPTS="-netdev tap,ifname=$VM_NET_TAP,script=no,downscript=no,id=hostnet0"

-  { exec 40>>/dev/vhost-net; rc=$?; } 2>/dev/null || :
-  (( rc == 0 )) && NET_OPTS="$NET_OPTS,vhost=on,vhostfd=40"
+  if [ -c /dev/vhost-net ]; then
+    { exec 40>>/dev/vhost-net; rc=$?; } 2>/dev/null || :
+    (( rc == 0 )) && NET_OPTS="$NET_OPTS,vhost=on,vhostfd=40"
+  fi

  configureDNS

@ -170,15 +179,21 @@ configureNAT() {

 closeNetwork() {

-  exec 30<&- || true
-  exec 40<&- || true
-
  if [[ "$DHCP" == [Yy1]* ]]; then

    # Shutdown nginx
    nginx -s stop 2> /dev/null
    fWait "nginx"

+  fi
+
+  [[ "$NETWORK" != [Yy1]* ]] && return 0
+
+  exec 30<&- || true
+  exec 40<&- || true
+
+  if [[ "$DHCP" == [Yy1]* ]]; then
+
    ip link set "$VM_NET_TAP" down || true
    ip link delete "$VM_NET_TAP" || true

@ -245,10 +260,9 @@ getInfo() {
 #  Configure Network
 # ######################################

-if [ ! -c /dev/vhost-net ]; then
-  if mknod /dev/vhost-net c 10 238; then
-    chmod 660 /dev/vhost-net
-  fi
+if [[ "$NETWORK" != [Yy1]* ]]; then
+  NET_OPTS=""
+  return 0
 fi

 getInfo
--- a/src/print.sh
+++ b/src/print.sh
@ -2,6 +2,9 @@
 set -Eeuo pipefail

 : "${DHCP:="N"}"
+: "${NETWORK:="Y"}"
+
+[[ "$NETWORK" != [Yy1]* ]] && exit 0

 info () { printf "%b%s%b" "\E[1;34m❯ \E[1;36m" "$1" "\E[0m\n" >&2; }
 error () { printf "%b%s%b" "\E[1;31m❯ " "ERROR: $1" "\E[0m\n" >&2; }
@ -101,3 +104,5 @@ info "-----------------------------------------------------------"
 info " You can now login to DSM at $msg"
 info "-----------------------------------------------------------"
 echo "" >&2
+
+exit 0