twh_eastasia/virtual-dsm
1
0
Fork 0
mirror of https://github.com/vdsm/virtual-dsm.git synced 2025-12-14 22:30:33 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: twh_eastasia:v7.48
Branches Tags
twh_eastasia:master
twh_eastasia:v7.50 twh_eastasia:v7.49 twh_eastasia:v7.48 twh_eastasia:v7.47 twh_eastasia:v7.46 twh_eastasia:v7.45 twh_eastasia:v7.44 twh_eastasia:v7.43 twh_eastasia:v7.42 twh_eastasia:v7.41 twh_eastasia:v7.40 twh_eastasia:v7.39 twh_eastasia:v7.38 twh_eastasia:v7.37 twh_eastasia:v7.36 twh_eastasia:v7.35 twh_eastasia:v7.34 twh_eastasia:v7.33 twh_eastasia:v7.32 twh_eastasia:v7.31 twh_eastasia:v7.30 twh_eastasia:v7.29 twh_eastasia:v7.28 twh_eastasia:v7.27 twh_eastasia:v7.26 twh_eastasia:v7.25 twh_eastasia:v7.24 twh_eastasia:v7.23 twh_eastasia:v7.22 twh_eastasia:v7.21 twh_eastasia:v7.20 twh_eastasia:v7.19 twh_eastasia:v7.18 twh_eastasia:v7.17 twh_eastasia:v7.16 twh_eastasia:v7.15 twh_eastasia:v7.14 twh_eastasia:v7.13 twh_eastasia:v7.12 twh_eastasia:v7.11 twh_eastasia:v7.10 twh_eastasia:v7.09 twh_eastasia:v7.08 twh_eastasia:v7.07 twh_eastasia:v7.06 twh_eastasia:v7.05 twh_eastasia:v7.04 twh_eastasia:v7.03 twh_eastasia:v7.02 twh_eastasia:v7.01 twh_eastasia:v7.00 twh_eastasia:v5.25 twh_eastasia:v5.24 twh_eastasia:v5.23 twh_eastasia:v5.22 twh_eastasia:v5.21 twh_eastasia:v5.20 twh_eastasia:v5.19 twh_eastasia:v5.18 twh_eastasia:v5.17 twh_eastasia:v5.16 twh_eastasia:v5.15 twh_eastasia:v5.14 twh_eastasia:v5.13 twh_eastasia:v5.12 twh_eastasia:v5.11 twh_eastasia:v5.10 twh_eastasia:v5.09 twh_eastasia:v5.08 twh_eastasia:v5.07 twh_eastasia:v5.06 twh_eastasia:v5.05 twh_eastasia:v5.04 twh_eastasia:v5.03 twh_eastasia:v5.02 twh_eastasia:v5.01 twh_eastasia:v5.00 twh_eastasia:v4.44 twh_eastasia:v4.43 twh_eastasia:v4.42 twh_eastasia:v4.41 twh_eastasia:v4.40 twh_eastasia:v4.39 twh_eastasia:v4.38 twh_eastasia:v4.37 twh_eastasia:v4.36 twh_eastasia:v4.35 twh_eastasia:v4.34 twh_eastasia:v4.33 twh_eastasia:v4.32 twh_eastasia:v4.31 twh_eastasia:v4.30 twh_eastasia:v4.29 twh_eastasia:v4.28 twh_eastasia:v4.27 twh_eastasia:v4.26 twh_eastasia:v4.25 twh_eastasia:v4.24 twh_eastasia:v4.23 twh_eastasia:v4.22 twh_eastasia:v4.21 twh_eastasia:v4.20 twh_eastasia:v4.19 twh_eastasia:v4.18 twh_eastasia:v4.17 twh_eastasia:v4.16 twh_eastasia:v4.15 twh_eastasia:v4.14 twh_eastasia:v4.13 twh_eastasia:v4.12 twh_eastasia:v4.11 twh_eastasia:v4.10 twh_eastasia:v4.09 twh_eastasia:v4.08 twh_eastasia:v4.07 twh_eastasia:v4.06 twh_eastasia:v4.05 twh_eastasia:v4.04 twh_eastasia:v4.03 twh_eastasia:v4.02
..
compare: twh_eastasia:v7.50
Branches Tags
twh_eastasia:master
twh_eastasia:v7.50 twh_eastasia:v7.49 twh_eastasia:v7.48 twh_eastasia:v7.47 twh_eastasia:v7.46 twh_eastasia:v7.45 twh_eastasia:v7.44 twh_eastasia:v7.43 twh_eastasia:v7.42 twh_eastasia:v7.41 twh_eastasia:v7.40 twh_eastasia:v7.39 twh_eastasia:v7.38 twh_eastasia:v7.37 twh_eastasia:v7.36 twh_eastasia:v7.35 twh_eastasia:v7.34 twh_eastasia:v7.33 twh_eastasia:v7.32 twh_eastasia:v7.31 twh_eastasia:v7.30 twh_eastasia:v7.29 twh_eastasia:v7.28 twh_eastasia:v7.27 twh_eastasia:v7.26 twh_eastasia:v7.25 twh_eastasia:v7.24 twh_eastasia:v7.23 twh_eastasia:v7.22 twh_eastasia:v7.21 twh_eastasia:v7.20 twh_eastasia:v7.19 twh_eastasia:v7.18 twh_eastasia:v7.17 twh_eastasia:v7.16 twh_eastasia:v7.15 twh_eastasia:v7.14 twh_eastasia:v7.13 twh_eastasia:v7.12 twh_eastasia:v7.11 twh_eastasia:v7.10 twh_eastasia:v7.09 twh_eastasia:v7.08 twh_eastasia:v7.07 twh_eastasia:v7.06 twh_eastasia:v7.05 twh_eastasia:v7.04 twh_eastasia:v7.03 twh_eastasia:v7.02 twh_eastasia:v7.01 twh_eastasia:v7.00 twh_eastasia:v5.25 twh_eastasia:v5.24 twh_eastasia:v5.23 twh_eastasia:v5.22 twh_eastasia:v5.21 twh_eastasia:v5.20 twh_eastasia:v5.19 twh_eastasia:v5.18 twh_eastasia:v5.17 twh_eastasia:v5.16 twh_eastasia:v5.15 twh_eastasia:v5.14 twh_eastasia:v5.13 twh_eastasia:v5.12 twh_eastasia:v5.11 twh_eastasia:v5.10 twh_eastasia:v5.09 twh_eastasia:v5.08 twh_eastasia:v5.07 twh_eastasia:v5.06 twh_eastasia:v5.05 twh_eastasia:v5.04 twh_eastasia:v5.03 twh_eastasia:v5.02 twh_eastasia:v5.01 twh_eastasia:v5.00 twh_eastasia:v4.44 twh_eastasia:v4.43 twh_eastasia:v4.42 twh_eastasia:v4.41 twh_eastasia:v4.40 twh_eastasia:v4.39 twh_eastasia:v4.38 twh_eastasia:v4.37 twh_eastasia:v4.36 twh_eastasia:v4.35 twh_eastasia:v4.34 twh_eastasia:v4.33 twh_eastasia:v4.32 twh_eastasia:v4.31 twh_eastasia:v4.30 twh_eastasia:v4.29 twh_eastasia:v4.28 twh_eastasia:v4.27 twh_eastasia:v4.26 twh_eastasia:v4.25 twh_eastasia:v4.24 twh_eastasia:v4.23 twh_eastasia:v4.22 twh_eastasia:v4.21 twh_eastasia:v4.20 twh_eastasia:v4.19 twh_eastasia:v4.18 twh_eastasia:v4.17 twh_eastasia:v4.16 twh_eastasia:v4.15 twh_eastasia:v4.14 twh_eastasia:v4.13 twh_eastasia:v4.12 twh_eastasia:v4.11 twh_eastasia:v4.10 twh_eastasia:v4.09 twh_eastasia:v4.08 twh_eastasia:v4.07 twh_eastasia:v4.06 twh_eastasia:v4.05 twh_eastasia:v4.04 twh_eastasia:v4.03 twh_eastasia:v4.02

11 Commits
v7.48 ... v7.50

Author SHA1 Message Date
Kroese
e0545b37d7 fix: Avoid duplicating dnsmasq arguments (#1113) 2025-11-22 04:28:11 +01:00
renovate[bot]
4161c21082 chore(deps): update actions/checkout action to v6 (#1112)
Some checks failed
Update / dockerHubDescription (push) Has been cancelled
Details
2025-11-21 12:39:39 +01:00
Kroese
48d9a1771d fix: Update Codespaces configuration (#1110) 2025-11-14 06:05:19 +01:00
Kroese
471cdbb338 fix: Workaround AppArmor profile for passt (#1108) 2025-11-12 07:03:22 +01:00
Kroese
e77bca202b fix: Spelling mistake (#1105) 2025-11-06 03:46:35 +01:00
Kroese
2e6c01e934 feat: Detect if container is running in privileged mode (#1104) 2025-11-06 03:39:46 +01:00
Kroese
302c991c0c fix: Change condition for OverlayFS warning (#1103) 2025-11-06 03:22:47 +01:00
Kroese
a89007ee03 build: Use Github token (#1100) 2025-10-29 14:05:53 +01:00
Kroese
8a89149d58 feat: Check for SSE4 instruction set (#1099) 2025-10-29 08:32:42 +01:00
Kroese
5e8bbc2868 fix: Remove unnecessary operation (#1097) 2025-10-24 04:30:21 +02:00
Kroese
4e48920309 fix: Do not assume Podman never has privileges (#1096) 2025-10-24 01:19:38 +02:00
10 changed files with 113 additions and 89 deletions
Expand all files Collapse all files

6
.devcontainer/devcontainer.json
View File

@@ -1,6 +1,6 @@
{ {
"name": "Virtual DSM", "name": "Virtual DSM",
"service": "vdsm", "service": "dsm",
"forwardPorts": [5000], "forwardPorts": [5000],
"portsAttributes": { "portsAttributes": {
"5000": { "5000": {
@@ -11,7 +11,5 @@
"otherPortsAttributes": { "otherPortsAttributes": {
"onAutoForward": "ignore" "onAutoForward": "ignore"
}, },
"dockerComposeFile": "codespaces.yml", "dockerComposeFile": "codespaces.yml"
"workspaceFolder": "/workspaces/vdsm",
"initializeCommand": "docker system prune --all --force"
} }

2
.github/workflows/build.yml vendored
View File

@@ -22,7 +22,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v5 uses: actions/checkout@v6
with: with:
fetch-depth: 0 fetch-depth: 0
- -

2
.github/workflows/check.yml vendored
View File

@@ -9,7 +9,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v5 uses: actions/checkout@v6
- -
name: Run ShellCheck name: Run ShellCheck
uses: ludeeus/action-shellcheck@master uses: ludeeus/action-shellcheck@master

4
.github/workflows/hub.yml vendored
View File

@@ -12,7 +12,9 @@ jobs:
dockerHubDescription: dockerHubDescription:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v5 -
name: Checkout repo
uses: actions/checkout@v6
- -
name: Docker Hub Description name: Docker Hub Description
uses: peter-evans/dockerhub-description@v5 uses: peter-evans/dockerhub-description@v5

14
.github/workflows/review.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v5 uses: actions/checkout@v6
- -
name: Spelling name: Spelling
uses: reviewdog/action-misspell@v1 uses: reviewdog/action-misspell@v1
@@ -26,7 +26,7 @@ jobs:
*.md *.md
*.sh *.sh
reporter: github-pr-review reporter: github-pr-review
github_token: ${{ secrets.REPO_ACCESS_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }}
- -
name: Hadolint name: Hadolint
uses: reviewdog/action-hadolint@v1 uses: reviewdog/action-hadolint@v1
@@ -34,28 +34,28 @@ jobs:
level: warning level: warning
reporter: github-pr-review reporter: github-pr-review
hadolint_ignore: DL3008 DL3003 DL3006 DL3013 hadolint_ignore: DL3008 DL3003 DL3006 DL3013
github_token: ${{ secrets.REPO_ACCESS_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }}
- -
name: YamlLint name: YamlLint
uses: reviewdog/action-yamllint@v1 uses: reviewdog/action-yamllint@v1
with: with:
level: warning level: warning
reporter: github-pr-review reporter: github-pr-review
github_token: ${{ secrets.REPO_ACCESS_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }}
- -
name: ActionLint name: ActionLint
uses: reviewdog/action-actionlint@v1 uses: reviewdog/action-actionlint@v1
with: with:
level: warning level: warning
reporter: github-pr-review reporter: github-pr-review
github_token: ${{ secrets.REPO_ACCESS_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }}
- -
name: Shellformat name: Shellformat
uses: reviewdog/action-shfmt@v1 uses: reviewdog/action-shfmt@v1
with: with:
level: warning level: warning
shfmt_flags: "-i 2 -ci -bn" shfmt_flags: "-i 2 -ci -bn"
github_token: ${{ secrets.REPO_ACCESS_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }}
- -
name: Shellcheck name: Shellcheck
uses: reviewdog/action-shellcheck@v1 uses: reviewdog/action-shellcheck@v1
@@ -63,4 +63,4 @@ jobs:
level: warning level: warning
reporter: github-pr-review reporter: github-pr-review
shellcheck_flags: -x -e SC2001 -e SC2034 -e SC2064 -e SC2317 -e SC2153 -e SC2028 shellcheck_flags: -x -e SC2001 -e SC2034 -e SC2064 -e SC2317 -e SC2153 -e SC2028
github_token: ${{ secrets.REPO_ACCESS_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }}

2
src/disk.sh
View File

@@ -346,7 +346,7 @@ checkFS () {
DIR=$(dirname "$DISK_FILE") DIR=$(dirname "$DISK_FILE")
[ ! -d "$DIR" ] && return 0 [ ! -d "$DIR" ] && return 0
if [[ "${FS,,}" == "overlay"* && "$PODMAN" != [Yy1]* ]]; then if [[ "${FS,,}" == "overlay"* && "${ENGINE,,}" == "docker" ]]; then
warn "the filesystem of $DIR is OverlayFS, this usually means it was binded to an invalid path!" warn "the filesystem of $DIR is OverlayFS, this usually means it was binded to an invalid path!"
fi fi

4
src/install.sh
View File

@@ -31,7 +31,6 @@ if [ -n "$URL" ] && [ ! -s "$FILE" ] && [ ! -d "$DIR" ]; then
BASE=$(basename "$URL" .pat) BASE=$(basename "$URL" .pat)
if [ ! -s "$STORAGE/$BASE.system.img" ]; then if [ ! -s "$STORAGE/$BASE.system.img" ]; then
BASE=$(basename "${URL%%\?*}" .pat) BASE=$(basename "${URL%%\?*}" .pat)
BASE="${BASE//+/ }"
printf -v BASE '%b' "${BASE//%/\\x}" printf -v BASE '%b' "${BASE//%/\\x}"
BASE="${BASE//[!A-Za-z0-9._-]/_}" BASE="${BASE//[!A-Za-z0-9._-]/_}"
fi fi
@@ -66,7 +65,6 @@ fi
if [ ! -s "$FILE" ]; then if [ ! -s "$FILE" ]; then
BASE=$(basename "${URL%%\?*}" .pat) BASE=$(basename "${URL%%\?*}" .pat)
BASE="${BASE//+/ }"
printf -v BASE '%b' "${BASE//%/\\x}" printf -v BASE '%b' "${BASE//%/\\x}"
BASE="${BASE//[!A-Za-z0-9._-]/_}" BASE="${BASE//[!A-Za-z0-9._-]/_}"
fi fi
@@ -82,7 +80,7 @@ rm -f "$STORAGE/$BASE.system.img"
# Check filesystem # Check filesystem
FS=$(stat -f -c %T "$STORAGE") FS=$(stat -f -c %T "$STORAGE")
if [[ "${FS,,}" == "overlay"* && "$PODMAN" != [Yy1]* ]]; then if [[ "${FS,,}" == "overlay"* && "${ENGINE,,}" == "docker" ]]; then
warn "the filesystem of $STORAGE is OverlayFS, this usually means it was binded to an invalid path!" warn "the filesystem of $STORAGE is OverlayFS, this usually means it was binded to an invalid path!"
fi fi

102
src/network.sh
View File

@@ -19,14 +19,16 @@ set -Eeuo pipefail
: "${VM_NET_HOST:="VirtualDSM"}" : "${VM_NET_HOST:="VirtualDSM"}"
: "${VM_NET_MASK:="255.255.255.0"}" : "${VM_NET_MASK:="255.255.255.0"}"
: "${PASST:="passt"}" : "${PASST:="/run/passt"}"
: "${PASST_MTU:=""}" : "${PASST_MTU:=""}"
: "${PASST_OPTS:=""}" : "${PASST_OPTS:=""}"
: "${PASST_DEBUG:=""}" : "${PASST_DEBUG:=""}"
: "${PASST_PID:="/var/run/passt.pid"}"
: "${DNSMASQ_OPTS:=""}" : "${DNSMASQ_OPTS:=""}"
: "${DNSMASQ_DEBUG:=""}" : "${DNSMASQ_DEBUG:=""}"
: "${DNSMASQ:="/usr/sbin/dnsmasq"}" : "${DNSMASQ:="/usr/sbin/dnsmasq"}"
: "${DNSMASQ_PID:="/var/run/dnsmasq.pid"}"
: "${DNSMASQ_CONF_DIR:="/etc/dnsmasq.d"}" : "${DNSMASQ_CONF_DIR:="/etc/dnsmasq.d"}"
ADD_ERR="Please add the following setting to your container:" ADD_ERR="Please add the following setting to your container:"
@@ -121,14 +123,15 @@ configureDNS() {
local host="$4" local host="$4"
local mask="$5" local mask="$5"
local gateway="$6" local gateway="$6"
local arguments="$DNSMASQ_OPTS"
echo "$gateway" > /run/shm/qemu.gw echo "$gateway" > /run/shm/qemu.gw
[[ "${DNSMASQ_DISABLE:-}" == [Yy1]* ]] && return 0 [[ "${DNSMASQ_DISABLE:-}" == [Yy1]* ]] && return 0
[[ "$DEBUG" == [Yy1]* ]] && echo "Starting dnsmasq daemon..." [[ "$DEBUG" == [Yy1]* ]] && echo "Starting dnsmasq daemon..."
local log="/var/log/dnsmasq.log" [ -s "$DNSMASQ_PID" ] && pKill "$(<"$DNSMASQ_PID")"
rm -f "$log" rm -f "$DNSMASQ_PID"
case "${NETWORK,,}" in case "${NETWORK,,}" in
"tap" | "tun" | "tuntap" | "y" ) "tap" | "tun" | "tuntap" | "y" )
@@ -138,40 +141,45 @@ configureDNS() {
chmod 644 /var/lib/misc/dnsmasq.leases chmod 644 /var/lib/misc/dnsmasq.leases
# dnsmasq configuration: # dnsmasq configuration:
DNSMASQ_OPTS+=" --dhcp-authoritative" arguments+=" --dhcp-authoritative"
# Set DHCP range and host # Set DHCP range and host
DNSMASQ_OPTS+=" --dhcp-range=$ip,$ip" arguments+=" --dhcp-range=$ip,$ip"
DNSMASQ_OPTS+=" --dhcp-host=$mac,,$ip,$host,infinite" arguments+=" --dhcp-host=$mac,,$ip,$host,infinite"
# Set DNS server and gateway # Set DNS server and gateway
DNSMASQ_OPTS+=" --dhcp-option=option:netmask,$mask" arguments+=" --dhcp-option=option:netmask,$mask"
DNSMASQ_OPTS+=" --dhcp-option=option:router,$gateway" arguments+=" --dhcp-option=option:router,$gateway"
DNSMASQ_OPTS+=" --dhcp-option=option:dns-server,$gateway" arguments+=" --dhcp-option=option:dns-server,$gateway"
esac esac
# Set interfaces # Set interfaces
DNSMASQ_OPTS+=" --interface=$if" arguments+=" --interface=$if"
DNSMASQ_OPTS+=" --bind-interfaces" arguments+=" --bind-interfaces"
# Add DNS entry for container # Add DNS entry for container
DNSMASQ_OPTS+=" --address=/host.lan/$gateway" arguments+=" --address=/host.lan/$gateway"
# Set local dns resolver to dnsmasq when needed # Set local dns resolver to dnsmasq when needed
[ -f /etc/resolv.dnsmasq ] && DNSMASQ_OPTS+=" --resolv-file=/etc/resolv.dnsmasq" [ -f /etc/resolv.dnsmasq ] && arguments+=" --resolv-file=/etc/resolv.dnsmasq"
# Enable logging to file # Enable logging to file
DNSMASQ_OPTS+=" --log-facility=$log" local log="/var/log/dnsmasq.log"
rm -f "$log"
arguments+=" --log-facility=$log"
DNSMASQ_OPTS=$(echo "$DNSMASQ_OPTS" | sed 's/\t/ /g' | tr -s ' ' | sed 's/^ *//') arguments=$(echo "$arguments" | sed 's/\t/ /g' | tr -s ' ' | sed 's/^ *//')
[[ "$DEBUG" == [Yy1]* ]] && printf "Dnsmasq arguments:\n\n%s\n\n" "${DNSMASQ_OPTS// -/$'\n-'}" [[ "$DEBUG" == [Yy1]* ]] && printf "Dnsmasq arguments:\n\n%s\n\n" "${arguments// -/$'\n-'}"
if ! $DNSMASQ ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS}; then if ! $DNSMASQ ${arguments:+ $arguments}; then
local msg="Failed to start Dnsmasq, reason: $?" local msg="Failed to start Dnsmasq, reason: $?"
[ -f "$log" ] && cat "$log"
if [[ "${NETWORK,,}" == "slirp" || "${NETWORK,,}" == "passt" || "$ROOTLESS" != [Yy1]* || "$DEBUG" == [Yy1]* ]]; then
[ -f "$log" ] && [ -s "$log" ] && cat "$log"
error "$msg" error "$msg"
fi
return 1 return 1
fi fi
@@ -309,12 +317,9 @@ configurePasst() {
NETWORK="passt" NETWORK="passt"
[[ "$DEBUG" == [Yy1]* ]] && echo "Configuring user-mode networking..." [[ "$DEBUG" == [Yy1]* ]] && echo "Configuring user-mode networking..."
local log="/var/log/passt.log" local log="/tmp/passt.log"
rm -f "$log" rm -f "$log"
local pid="/var/run/dnsmasq.pid"
[ -s "$pid" ] && pKill "$(<"$pid")"
local ip="$IP" local ip="$IP"
[ -n "$VM_NET_IP" ] && ip="$VM_NET_IP" [ -n "$VM_NET_IP" ] && ip="$VM_NET_IP"
@@ -346,13 +351,7 @@ configurePasst() {
PASST_OPTS+=" -H $VM_NET_HOST" PASST_OPTS+=" -H $VM_NET_HOST"
PASST_OPTS+=" -M $GATEWAY_MAC" PASST_OPTS+=" -M $GATEWAY_MAC"
PASST_OPTS+=" -P $PASST_PID"
local uid gid
uid=$(id -u)
gid=$(id -g)
PASST_OPTS+=" --runas $uid:$gid"
PASST_OPTS+=" -P /var/run/passt.pid"
PASST_OPTS+=" -l $log" PASST_OPTS+=" -l $log"
PASST_OPTS+=" -q" PASST_OPTS+=" -q"
@@ -364,6 +363,8 @@ configurePasst() {
PASST_OPTS=$(echo "$PASST_OPTS" | sed 's/\t/ /g' | tr -s ' ' | sed 's/^ *//') PASST_OPTS=$(echo "$PASST_OPTS" | sed 's/\t/ /g' | tr -s ' ' | sed 's/^ *//')
[[ "$DEBUG" == [Yy1]* ]] && printf "Passt arguments:\n\n%s\n\n" "${PASST_OPTS// -/$'\n-'}" [[ "$DEBUG" == [Yy1]* ]] && printf "Passt arguments:\n\n%s\n\n" "${PASST_OPTS// -/$'\n-'}"
[ ! -f "$PASST" ] && cp /usr/bin/passt* /run
if ! $PASST ${PASST_OPTS:+ $PASST_OPTS} >/dev/null 2>&1; then if ! $PASST ${PASST_OPTS:+ $PASST_OPTS} >/dev/null 2>&1; then
rm -f "$log" rm -f "$log"
@@ -371,7 +372,7 @@ configurePasst() {
{ $PASST ${PASST_OPTS:+ $PASST_OPTS}; rc=$?; } || : { $PASST ${PASST_OPTS:+ $PASST_OPTS}; rc=$?; } || :
if (( rc != 0 )); then if (( rc != 0 )); then
[ -f "$log" ] && cat "$log" [ -f "$log" ] && [ -s "$log" ] && cat "$log"
warn "failed to start passt ($rc), falling back to slirp networking!" warn "failed to start passt ($rc), falling back to slirp networking!"
configureSlirp && return 0 || return 1 configureSlirp && return 0 || return 1
fi fi
@@ -382,7 +383,7 @@ configurePasst() {
tail -fn +0 "$log" --pid=$$ & tail -fn +0 "$log" --pid=$$ &
else else
if [[ "$DEBUG" == [Yy1]* ]]; then if [[ "$DEBUG" == [Yy1]* ]]; then
[ -f "$log" ] && cat "$log" && echo "" [ -f "$log" ] && [ -s "$log" ] && cat "$log" && echo ""
fi fi
fi fi
@@ -403,7 +404,6 @@ configureNAT() {
# Create the necessary file structure for /dev/net/tun # Create the necessary file structure for /dev/net/tun
if [ ! -c /dev/net/tun ]; then if [ ! -c /dev/net/tun ]; then
[[ "$PODMAN" == [Yy1]* ]] && return 1
[ ! -d /dev/net ] && mkdir -m 755 /dev/net [ ! -d /dev/net ] && mkdir -m 755 /dev/net
if mknod /dev/net/tun c 10 200; then if mknod /dev/net/tun c 10 200; then
chmod 666 /dev/net/tun chmod 666 /dev/net/tun
@@ -411,6 +411,7 @@ configureNAT() {
fi fi
if [ ! -c /dev/net/tun ]; then if [ ! -c /dev/net/tun ]; then
[[ "$ROOTLESS" == [Yy1]* && "$DEBUG" != [Yy1]* ]] && return 1
warn "$tuntap" && return 1 warn "$tuntap" && return 1
fi fi
@@ -418,6 +419,7 @@ configureNAT() {
if [[ $(< /proc/sys/net/ipv4/ip_forward) -eq 0 ]]; then if [[ $(< /proc/sys/net/ipv4/ip_forward) -eq 0 ]]; then
{ sysctl -w net.ipv4.ip_forward=1 > /dev/null 2>&1; rc=$?; } || : { sysctl -w net.ipv4.ip_forward=1 > /dev/null 2>&1; rc=$?; } || :
if (( rc != 0 )) || [[ $(< /proc/sys/net/ipv4/ip_forward) -eq 0 ]]; then if (( rc != 0 )) || [[ $(< /proc/sys/net/ipv4/ip_forward) -eq 0 ]]; then
[[ "$ROOTLESS" == [Yy1]* && "$DEBUG" != [Yy1]* ]] && return 1
warn "IP forwarding is disabled. $ADD_ERR --sysctl net.ipv4.ip_forward=1" warn "IP forwarding is disabled. $ADD_ERR --sysctl net.ipv4.ip_forward=1"
return 1 return 1
fi fi
@@ -444,6 +446,7 @@ configureNAT() {
{ ip link add dev "$VM_NET_BRIDGE" type bridge ; rc=$?; } || : { ip link add dev "$VM_NET_BRIDGE" type bridge ; rc=$?; } || :
if (( rc != 0 )); then if (( rc != 0 )); then
[[ "$ROOTLESS" == [Yy1]* && "$DEBUG" != [Yy1]* ]] && return 1
warn "failed to create bridge. $ADD_ERR --cap-add NET_ADMIN" && return 1 warn "failed to create bridge. $ADD_ERR --cap-add NET_ADMIN" && return 1
fi fi
@@ -458,6 +461,7 @@ configureNAT() {
# QEMU Works with taps, set tap to the bridge created # QEMU Works with taps, set tap to the bridge created
if ! ip tuntap add dev "$VM_NET_TAP" mode tap; then if ! ip tuntap add dev "$VM_NET_TAP" mode tap; then
[[ "$ROOTLESS" == [Yy1]* && "$DEBUG" != [Yy1]* ]] && return 1
warn "$tuntap" && return 1 warn "$tuntap" && return 1
fi fi
@@ -498,9 +502,12 @@ configureNAT() {
fi fi
fi fi
if ! iptables -t nat -A POSTROUTING -o "$VM_NET_DEV" -j MASQUERADE > /dev/null 2>&1; then
[[ "$ROOTLESS" == [Yy1]* && "$DEBUG" != [Yy1]* ]] && return 1
if ! iptables -t nat -A POSTROUTING -o "$VM_NET_DEV" -j MASQUERADE; then if ! iptables -t nat -A POSTROUTING -o "$VM_NET_DEV" -j MASQUERADE; then
warn "$tables" && return 1 warn "$tables" && return 1
fi fi
fi
# shellcheck disable=SC2086 # shellcheck disable=SC2086
if ! iptables -t nat -A PREROUTING -i "$VM_NET_DEV" -d "$IP" -p tcp${exclude} -j DNAT --to "$ip"; then if ! iptables -t nat -A PREROUTING -i "$VM_NET_DEV" -d "$IP" -p tcp${exclude} -j DNAT --to "$ip"; then
@@ -533,13 +540,11 @@ configureNAT() {
closeBridge() { closeBridge() {
local pid="/var/run/dnsmasq.pid" [ -s "$PASST_PID" ] && pKill "$(<"$PASST_PID")"
[ -s "$pid" ] && pKill "$(<"$pid")" rm -f "$PASST_PID"
rm -f "$pid"
pid="/var/run/passt.pid" [ -s "$DNSMASQ_PID" ] && pKill "$(<"$DNSMASQ_PID")"
[ -s "$pid" ] && pKill "$(<"$pid")" rm -f "$DNSMASQ_PID"
rm -f "$pid"
case "${NETWORK,,}" in case "${NETWORK,,}" in
"user"* | "passt" | "slirp" ) return 0 ;; "user"* | "passt" | "slirp" ) return 0 ;;
@@ -595,9 +600,9 @@ closeNetwork() {
cleanUp() { cleanUp() {
# Clean up old files # Clean up old files
rm -f "$PASST_PID"
rm -f "$DNSMASQ_PID"
rm -f /etc/resolv.dnsmasq rm -f /etc/resolv.dnsmasq
rm -f /var/run/passt.pid
rm -f /var/run/dnsmasq.pid
if [[ -d "/sys/class/net/$VM_NET_TAP" ]]; then if [[ -d "/sys/class/net/$VM_NET_TAP" ]]; then
info "Lingering interface will be removed..." info "Lingering interface will be removed..."
@@ -637,7 +642,7 @@ getInfo() {
[ -d "/sys/class/net/net1" ] && VM_NET_DEV="net1" [ -d "/sys/class/net/net1" ] && VM_NET_DEV="net1"
[ -d "/sys/class/net/net2" ] && VM_NET_DEV="net2" [ -d "/sys/class/net/net2" ] && VM_NET_DEV="net2"
[ -d "/sys/class/net/net3" ] && VM_NET_DEV="net3" [ -d "/sys/class/net/net3" ] && VM_NET_DEV="net3"
# Automaticly detect the default network interface # Automatically detect the default network interface
[ -z "$VM_NET_DEV" ] && VM_NET_DEV=$(awk '$2 == 00000000 { print $1 }' /proc/net/route) [ -z "$VM_NET_DEV" ] && VM_NET_DEV=$(awk '$2 == 00000000 { print $1 }' /proc/net/route)
[ -z "$VM_NET_DEV" ] && VM_NET_DEV="eth0" [ -z "$VM_NET_DEV" ] && VM_NET_DEV="eth0"
fi fi
@@ -737,13 +742,6 @@ getInfo() {
GATEWAY_MAC=$(echo "$VM_NET_MAC" | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/') GATEWAY_MAC=$(echo "$VM_NET_MAC" | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/')
if [[ "$PODMAN" == [Yy1]* && "$DHCP" != [Yy1]* ]]; then
if [ -z "$NETWORK" ] || [[ "${NETWORK^^}" == "Y" ]]; then
# By default Podman has no permissions for NAT networking
NETWORK="user"
fi
fi
if [[ "$DEBUG" == [Yy1]* ]]; then if [[ "$DEBUG" == [Yy1]* ]]; then
line="Host: $HOST IP: $IP Gateway: $GATEWAY Interface: $VM_NET_DEV MAC: $VM_NET_MAC MTU: $mtu" line="Host: $HOST IP: $IP Gateway: $GATEWAY Interface: $VM_NET_DEV MAC: $VM_NET_MAC MTU: $mtu"
[[ "$MTU" != "0" && "$MTU" != "$mtu" ]] && line+=" ($MTU)" [[ "$MTU" != "0" && "$MTU" != "$mtu" ]] && line+=" ($MTU)"
@@ -798,22 +796,26 @@ else
case "${NETWORK,,}" in case "${NETWORK,,}" in
"passt" | "slirp" | "user"* ) ;; "passt" | "slirp" | "user"* ) ;;
"tap" | "tun" | "tuntap" | "y" ) "tap" | "tun" | "tuntap" | "y" | "" )
# Configure tap interface # Configure tap interface
if ! configureNAT; then if ! configureNAT; then
closeBridge closeBridge
NETWORK="user" NETWORK="user"
if [[ "$ROOTLESS" != [Yy1]* || "$DEBUG" == [Yy1]* ]]; then
msg="falling back to user-mode networking!" msg="falling back to user-mode networking!"
msg="failed to setup NAT networking, $msg" msg="failed to setup NAT networking, $msg"
warn "$msg"
fi
fi ;; fi ;;
esac esac
case "${NETWORK,,}" in case "${NETWORK,,}" in
"tap" | "tun" | "tuntap" | "y" ) ;; "tap" | "tun" | "tuntap" | "y" | "" ) ;;
"passt" | "user"* ) "passt" | "user"* )
# Configure for user-mode networking (passt) # Configure for user-mode networking (passt)

5
src/proc.sh
View File

@@ -33,9 +33,8 @@ if [[ "$KVM" != [Nn]* ]]; then
KVM_OPTS=",accel=kvm -enable-kvm -global kvm-pit.lost_tick_policy=discard" KVM_OPTS=",accel=kvm -enable-kvm -global kvm-pit.lost_tick_policy=discard"
if ! grep -qw "sse4_2" <<< "$flags"; then if ! grep -qw "sse4_2" <<< "$flags"; then
info "Your CPU does not have the SSE4 instruction set that Virtual DSM requires, it will be emulated..." error "Your CPU does not have the SSE4 instruction set that Virtual DSM requires!"
[ -z "$CPU_MODEL" ] && CPU_MODEL="qemu64" [[ "$DEBUG" != [Yy1]* ]] && exit 88
CPU_FEATURES+=",+ssse3,+sse4.1,+sse4.2"
fi fi
if [ -z "$CPU_MODEL" ]; then if [ -z "$CPU_MODEL" ]; then

29
src/reset.sh
View File

@@ -24,19 +24,40 @@ trap 'error "Status $? while: $BASH_COMMAND (line $LINENO/$BASH_LINENO)"' ERR
# Helper variables # Helper variables
PODMAN="N" ROOTLESS="N"
PRIVILEGED="N"
ENGINE="Docker" ENGINE="Docker"
PROCESS="${APP,,}" PROCESS="${APP,,}"
PROCESS="${PROCESS// /-}" PROCESS="${PROCESS// /-}"
if [ -f "/run/.containerenv" ]; then if [ -f "/run/.containerenv" ]; then
PODMAN="Y" ENGINE="${container:-}"
if [[ "${ENGINE,,}" == *"podman"* ]]; then
ROOTLESS="Y"
ENGINE="Podman" ENGINE="Podman"
else
[ -z "$ENGINE" ] && ENGINE="Kubernetes"
fi
fi fi
echo " Starting $APP for $ENGINE v$(</run/version)..." echo " Starting $APP for $ENGINE v$(</run/version)..."
echo " For support visit $SUPPORT" echo " For support visit $SUPPORT"
# Get the capability bounding set
CAP_BND=$(grep '^CapBnd:' /proc/$$/status | awk '{print $2}')
CAP_BND=$(printf "%d" "0x${CAP_BND}")
# Get the last capability number
LAST_CAP=$(cat /proc/sys/kernel/cap_last_cap)
# Calculate the maximum capability value
MAX_CAP=$(((1 << (LAST_CAP + 1)) - 1))
if [ "${CAP_BND}" -eq "${MAX_CAP}" ]; then
ROOTLESS="N"
PRIVILEGED="Y"
fi
INFO="/run/shm/msg.html" INFO="/run/shm/msg.html"
PAGE="/run/shm/index.html" PAGE="/run/shm/index.html"
TEMPLATE="/var/www/index.html" TEMPLATE="/var/www/index.html"
@@ -166,6 +187,10 @@ if [[ "$KVM" != [Nn]* ]]; then
if ! grep -qw "vmx\|svm" <<< "$flags"; then if ! grep -qw "vmx\|svm" <<< "$flags"; then
KVM_ERR="(not enabled in BIOS)" KVM_ERR="(not enabled in BIOS)"
fi fi
if ! grep -qw "sse4_2" <<< "$flags"; then
error "Your CPU does not have the SSE4 instruction set that Virtual DSM requires!"
[[ "$DEBUG" != [Yy1]* ]] && exit 88
fi
fi fi
fi fi
fi fi