Compare commits
11 commits
Author | SHA1 | Date | |
---|---|---|---|
aadfdb0229 | |||
3421d7eb0f | |||
b6a7210ddc | |||
4b826e5592 | |||
459c281b8e | |||
4777d58e0d | |||
4069ce8595 | |||
a9b0d34bb2 | |||
|
ba8d6ac630 | ||
|
ebec6a80c0 | ||
|
16a555ceec |
7 changed files with 48 additions and 36 deletions
10
.travis.yml
10
.travis.yml
|
@ -1,10 +1,10 @@
|
||||||
|
---
|
||||||
language: ruby
|
language: ruby
|
||||||
rvm:
|
rvm:
|
||||||
- 2.2
|
|
||||||
- 2.3
|
|
||||||
- 2.4
|
|
||||||
- 2.5
|
- 2.5
|
||||||
|
- 2.6
|
||||||
|
- 2.7
|
||||||
install:
|
install:
|
||||||
- gem install -v 1.12.5 bundler
|
- gem install -v 1.16.2 bundler
|
||||||
- bundle _1.12.5_ install --jobs=3 --retry=3
|
- bundle _1.16.2_ install --jobs=3 --retry=3
|
||||||
script: "bundle exec rake ci"
|
script: "bundle exec rake ci"
|
||||||
|
|
4
Gemfile
4
Gemfile
|
@ -1,7 +1,7 @@
|
||||||
source 'https://rubygems.org'
|
source 'https://rubygems.org'
|
||||||
|
|
||||||
group :development do
|
group :development do
|
||||||
gem 'vagrant', git: 'https://github.com/mitchellh/vagrant.git'
|
gem 'vagrant', git: 'https://github.com/mitchellh/vagrant.git', branch: 'main'
|
||||||
gem 'guard'
|
gem 'guard'
|
||||||
gem 'guard-rspec'
|
gem 'guard-rspec'
|
||||||
gem 'rb-inotify'
|
gem 'rb-inotify'
|
||||||
|
@ -11,7 +11,7 @@ group :development, :test do
|
||||||
gem 'rake', '~> 10.4.2'
|
gem 'rake', '~> 10.4.2'
|
||||||
gem 'rspec', '~> 3.5.0'
|
gem 'rspec', '~> 3.5.0'
|
||||||
gem 'coveralls', '~> 0.7.2', require: (ENV['COVERAGE'] == 'true')
|
gem 'coveralls', '~> 0.7.2', require: (ENV['COVERAGE'] == 'true')
|
||||||
gem 'vagrant-spec', git: 'https://github.com/mitchellh/vagrant-spec.git'
|
gem 'vagrant-spec', git: 'https://github.com/mitchellh/vagrant-spec.git', branch: 'main'
|
||||||
end
|
end
|
||||||
|
|
||||||
group :plugins do
|
group :plugins do
|
||||||
|
|
|
@ -22,16 +22,17 @@ module Vagrant
|
||||||
end
|
end
|
||||||
|
|
||||||
def configure_private_networks(env)
|
def configure_private_networks(env)
|
||||||
env[:machine].config.vm.networks.find do |type, config|
|
env[:machine].config.vm.networks.find_all.each do |type, config|
|
||||||
next if type.to_sym != :private_network
|
next if type.to_sym != :private_network
|
||||||
|
|
||||||
container_name = env[:machine].provider.driver.container_name
|
container_name = env[:machine].provider.driver.container_name
|
||||||
|
container_interface = config[:interface]
|
||||||
address_type = config[:type]
|
address_type = config[:type]
|
||||||
ip = config[:ip]
|
ip = config[:ip]
|
||||||
bridge_ip = config.fetch(:lxc__bridge_ip) { build_bridge_ip(ip) }
|
bridge_ip = config.fetch(:lxc__bridge_ip) { build_bridge_ip(ip) }
|
||||||
bridge = config.fetch(:lxc__bridge_name)
|
bridge = config.fetch(:lxc__bridge_name)
|
||||||
|
|
||||||
env[:machine].provider.driver.configure_private_network(bridge, bridge_ip, container_name, address_type, ip)
|
env[:machine].provider.driver.configure_private_network(bridge, bridge_ip, container_name, container_interface, address_type, ip)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -130,8 +130,11 @@ module Vagrant
|
||||||
@cli.info(*command)
|
@cli.info(*command)
|
||||||
end
|
end
|
||||||
|
|
||||||
def configure_private_network(bridge_name, bridge_ip, container_name, address_type, ip)
|
def configure_private_network(bridge_name, bridge_ip, container_name, container_interface, address_type, ip)
|
||||||
@logger.info "Configuring network interface for #{container_name} using #{ip} and bridge #{bridge_name}"
|
if ! container_interface
|
||||||
|
container_interface = "eth1"
|
||||||
|
end
|
||||||
|
@logger.info "Configuring network interface #{container_interface} for #{container_name} using #{ip} and bridge #{bridge_name}"
|
||||||
if ip
|
if ip
|
||||||
ip += '/24'
|
ip += '/24'
|
||||||
end
|
end
|
||||||
|
@ -170,6 +173,8 @@ module Vagrant
|
||||||
cmd = [
|
cmd = [
|
||||||
Vagrant::LXC.source_root.join('scripts/pipework').to_s,
|
Vagrant::LXC.source_root.join('scripts/pipework').to_s,
|
||||||
bridge_name,
|
bridge_name,
|
||||||
|
"-i",
|
||||||
|
container_interface,
|
||||||
container_name,
|
container_name,
|
||||||
ip ||= "dhcp"
|
ip ||= "dhcp"
|
||||||
]
|
]
|
||||||
|
@ -270,7 +275,7 @@ module Vagrant
|
||||||
def write_config(contents)
|
def write_config(contents)
|
||||||
confpath = base_path.join('config').to_s
|
confpath = base_path.join('config').to_s
|
||||||
begin
|
begin
|
||||||
File.open(confpath, File::RDWR) do |file|
|
File.open(confpath, File::WRONLY|File::TRUNC) do |file|
|
||||||
file.write contents
|
file.write contents
|
||||||
end
|
end
|
||||||
rescue
|
rescue
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
module Vagrant
|
module Vagrant
|
||||||
module LXC
|
module LXC
|
||||||
VERSION = "1.4.2"
|
VERSION = "1.4.3"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -144,9 +144,12 @@ CONTAINER_IFNAME=${CONTAINER_IFNAME:-eth1}
|
||||||
|
|
||||||
# Second step: find the guest (for now, we only support LXC containers)
|
# Second step: find the guest (for now, we only support LXC containers)
|
||||||
while read _ mnt fstype options _; do
|
while read _ mnt fstype options _; do
|
||||||
[ "$fstype" != "cgroup" ] && continue
|
[ "$fstype" != "cgroup2" ] && [ "$fstype" != "cgroup" ] && continue
|
||||||
|
if [ "$fstype" = "cgroup" ]; then
|
||||||
echo "$options" | grep -qw devices || continue
|
echo "$options" | grep -qw devices || continue
|
||||||
|
fi
|
||||||
CGROUPMNT=$mnt
|
CGROUPMNT=$mnt
|
||||||
|
CGROUPTYPE=$fstype
|
||||||
done < /proc/mounts
|
done < /proc/mounts
|
||||||
|
|
||||||
[ "$CGROUPMNT" ] || {
|
[ "$CGROUPMNT" ] || {
|
||||||
|
@ -154,7 +157,9 @@ done < /proc/mounts
|
||||||
}
|
}
|
||||||
|
|
||||||
# Try to find a cgroup matching exactly the provided name.
|
# Try to find a cgroup matching exactly the provided name.
|
||||||
N=$(find "$CGROUPMNT" -name "$GUESTNAME" | wc -l)
|
[ "$CGROUPTYPE" = "cgroup" ] && N=$(find "$CGROUPMNT" -name "$GUESTNAME" | wc -l)
|
||||||
|
[ "$CGROUPTYPE" = "cgroup2" ] && N=$(find "$CGROUPMNT" -name "lxc.payload.$GUESTNAME" | wc -l)
|
||||||
|
|
||||||
case "$N" in
|
case "$N" in
|
||||||
0)
|
0)
|
||||||
# If we didn't find anything, try to lookup the container with Docker.
|
# If we didn't find anything, try to lookup the container with Docker.
|
||||||
|
@ -235,7 +240,8 @@ fi
|
||||||
if [ "$DOCKERPID" ]; then
|
if [ "$DOCKERPID" ]; then
|
||||||
NSPID=$DOCKERPID
|
NSPID=$DOCKERPID
|
||||||
else
|
else
|
||||||
NSPID=$(head -n 1 "$(find "$CGROUPMNT" -name "$GUESTNAME" | head -n 1)/tasks")
|
NSPATH=$(find "$CGROUPMNT" -name "$GUESTNAME" | head -n 1)
|
||||||
|
[ -f "$NSPATH/tasks" ] && NSPID=$(head -n 1 "$NSPATH/tasks")
|
||||||
[ "$NSPID" ] || {
|
[ "$NSPID" ] || {
|
||||||
# it is an alternative way to get the pid
|
# it is an alternative way to get the pid
|
||||||
NSPID=$(lxc-info -n "$GUESTNAME" | grep PID | grep -Eo '[0-9]+')
|
NSPID=$(lxc-info -n "$GUESTNAME" | grep PID | grep -Eo '[0-9]+')
|
||||||
|
|
|
@ -79,7 +79,7 @@ class Whitelist
|
||||||
end
|
end
|
||||||
|
|
||||||
base = "<%= lxc_base_path %>"
|
base = "<%= lxc_base_path %>"
|
||||||
base_path = %r{\A#{base}/.*\z}
|
base_path = %r{\A#{base}/[\ -_\/\.\d\w]+$\z}
|
||||||
|
|
||||||
##
|
##
|
||||||
# Commands from provider.rb
|
# Commands from provider.rb
|
||||||
|
@ -93,11 +93,11 @@ Whitelist.add '<%= cmd_paths['cat'] %>', base_path
|
||||||
# - Shared folders
|
# - Shared folders
|
||||||
Whitelist.add '<%= cmd_paths['mkdir'] %>', '-p', base_path
|
Whitelist.add '<%= cmd_paths['mkdir'] %>', '-p', base_path
|
||||||
# - Container config customizations and pruning
|
# - Container config customizations and pruning
|
||||||
Whitelist.add '<%= cmd_paths['cp'] %>', '-f', %r{/tmp/.*}, base_path
|
Whitelist.add '<%= cmd_paths['cp'] %>', '-f', %r{/tmp/[\ -_\/\.\d\w]+$}, base_path
|
||||||
Whitelist.add '<%= cmd_paths['chown'] %>', 'root:root', base_path
|
Whitelist.add '<%= cmd_paths['chown'] %>', 'root:root', base_path
|
||||||
# - Packaging
|
# - Packaging
|
||||||
Whitelist.add '<%= cmd_paths['tar'] %>', '--numeric-owner', '-cvzf', %r{/tmp/.*/rootfs.tar.gz}, '-C', base_path, './rootfs'
|
Whitelist.add '<%= cmd_paths['tar'] %>', '--numeric-owner', '-cvzf', %r{/tmp/^[\ -_\/\.\d\w]+$/rootfs.tar.gz}, '-C', base_path, './rootfs'
|
||||||
Whitelist.add '<%= cmd_paths['chown'] %>', /\A\d+:\d+\z/, %r{\A/tmp/.*/rootfs\.tar\.gz\z}
|
Whitelist.add '<%= cmd_paths['chown'] %>', /\A\d+:\d+\z/, %r{\A/tmp/^[\ -_\/\.\d\w]+$/rootfs\.tar\.gz\z}
|
||||||
# - Private network script and commands
|
# - Private network script and commands
|
||||||
Whitelist.add '<%= cmd_paths['ip'] %>', 'addr', 'add', /(\d+|\.)+\/24/, 'dev', /.+/
|
Whitelist.add '<%= cmd_paths['ip'] %>', 'addr', 'add', /(\d+|\.)+\/24/, 'dev', /.+/
|
||||||
Whitelist.add '<%= cmd_paths['ip'] %>', 'link', 'set', /.+/, /(up|down)/
|
Whitelist.add '<%= cmd_paths['ip'] %>', 'link', 'set', /.+/, /(up|down)/
|
||||||
|
@ -108,22 +108,22 @@ Whitelist.add_regex %r{<%= pipework_regex %>}, '**'
|
||||||
# Commands from driver/cli.rb
|
# Commands from driver/cli.rb
|
||||||
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-version'
|
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-version'
|
||||||
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-ls'
|
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-ls'
|
||||||
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-info', '--name', /.*/
|
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-info', '--name', /^[\ -_\/\.\d\w]+$/
|
||||||
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-info', '--name', /.*/, '-iH'
|
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-info', '--name', /^[\ -_\/\.\d\w]+$/, '-iH'
|
||||||
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-create', '-B', /.*/, '--template', /.*/, '--name', /.*/, '**'
|
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-create', '-B', /^[\ -_\/\.\d\w]+$/, '--template', /^[\ -_\/\.\d\w]+$/, '--name', /^[\ -_\/\.\d\w]+$/, '**'
|
||||||
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-create', '--version'
|
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-create', '--version'
|
||||||
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-destroy', '--name', /.*/
|
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-destroy', '--name', /^[\ -_\/\.\d\w]+$/
|
||||||
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-start', '-d', '--name', /.*/, '**'
|
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-start', '-d', '--name', /^[\ -_\/\.\d\w]+$/, '**'
|
||||||
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-stop', '--name', /.*/
|
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-stop', '--name', /^[\ -_\/\.\d\w]+$/
|
||||||
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-shutdown', '--name', /.*/
|
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-shutdown', '--name', /^[\ -_\/\.\d\w]+$/
|
||||||
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-attach', '--name', /.*/, '**'
|
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-attach', '--name', /^[\ -_\/\.\d\w]+$/, '**'
|
||||||
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-attach', '-h'
|
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-attach', '-h'
|
||||||
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-config', 'lxc.lxcpath'
|
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-config', 'lxc.lxcpath'
|
||||||
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-update-config', '-c', /.*/
|
Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-update-config', '-c', /^[\ -_\/\.\d\w]+$/
|
||||||
|
|
||||||
##
|
##
|
||||||
# Commands from driver/action/remove_temporary_files.rb
|
# Commands from driver/action/remove_temporary_files.rb
|
||||||
Whitelist.add '<%= cmd_paths['rm'] %>', '-rf', %r{\A#{base}/.*/rootfs/tmp/.*}
|
Whitelist.add '<%= cmd_paths['rm'] %>', '-rf', %r{\A#{base}/^[\ -_\/\.\d\w]+$/rootfs/tmp/[\ -_\/\.\d\w]+$}
|
||||||
|
|
||||||
# Watch out for stones
|
# Watch out for stones
|
||||||
Whitelist.run!(ARGV)
|
Whitelist.run!(ARGV)
|
||||||
|
|
Loading…
Reference in a new issue