Add kconfig check for containers (MR 2060)

Usage: pmbootstrap kconfig check --containers linux-postmarketos-qcom-msm8974
2021-06-02 00:24:04 +03:00 · 2021-06-02 00:24:04 +03:00 · 687807fa73
parent 716336e30b
commit 687807fa73
5 changed files with 140 additions and 10 deletions
--- a/pmb/build/menuconfig.py
+++ b/pmb/build/menuconfig.py
@ -152,4 +152,6 @@ def menuconfig(args, pkgname):

    # Check config
    pmb.parse.kconfig.check(args, apkbuild["_flavor"], force_anbox_check=False,
-                            force_nftables_check=False, details=True)
+                            force_nftables_check=False,
+                            force_containers_check=False,
+                            details=True)
--- a/pmb/config/init.py
+++ b/pmb/config/init.py
@ -323,6 +323,117 @@ necessary_kconfig_options_nftables = {
    },
 }

+# Necessary kernel config options for containers (lxc, Docker)
+necessary_kconfig_options_containers = {
+    ">=0.0.0": {  # all versions, more specifically - since >=2.5~2.6
+        "all": {  # all arches
+            "NAMESPACES": True,
+            "NET_NS": True,
+            "PID_NS": True,
+            "IPC_NS": True,
+            "UTS_NS": True,
+            "CGROUPS": True,
+            "CGROUP_CPUACCT": True,
+            "CGROUP_DEVICE": True,
+            "CGROUP_FREEZER": True,
+            "CGROUP_SCHED": True,
+            "CPUSETS": True,
+            "KEYS": True,
+            "VETH": True,
+            "BRIDGE": True,  # (also needed for anbox)
+            "BRIDGE_NETFILTER": True,
+            "IP_NF_FILTER": True,
+            "IP_NF_TARGET_MASQUERADE": True,
+            "NETFILTER_XT_MATCH_ADDRTYPE": True,
+            "NETFILTER_XT_MATCH_CONNTRACK": True,
+            "NETFILTER_XT_MATCH_IPVS": True,
+            "NETFILTER_XT_MARK": True,
+            "NETFILTER_XT_TARGET_CHECKSUM": True,  # Needed for lxc
+            "IP_NF_NAT": True,
+            "NF_NAT": True,
+            "POSIX_MQUEUE": True,
+            "BLK_DEV_DM": True,  # Storage Drivers
+            "DUMMY": True,  # Network Drivers
+            # "USER_NS": True,  # This is already in pmOS kconfig check
+            "BLK_CGROUP": True,  # Optional section
+            "BLK_DEV_THROTTLING": True,  # Optional section
+            "CGROUP_PERF": True,  # Optional section
+            "NET_CLS_CGROUP": True,  # Optional section
+            "FAIR_GROUP_SCHED": True,  # Optional section
+            "RT_GROUP_SCHED": True,  # Optional section
+            "IP_NF_TARGET_REDIRECT": True,  # Optional section
+            "IP_VS": True,  # Optional section
+            "IP_VS_NFCT": True,  # Optional section
+            "IP_VS_PROTO_TCP": True,  # Optional section
+            "IP_VS_PROTO_UDP": True,  # Optional section
+            "IP_VS_RR": True,  # Optional section
+            # "EXT4_FS": True,  # This is already in pmOS kconfig check
+            "EXT4_FS_POSIX_ACL": True,  # Optional section
+            "EXT4_FS_SECURITY": True,  # Optional section
+        }
+    },
+    ">=3.2": {
+        "all": {
+            "CFS_BANDWIDTH": True,  # Optional section
+        }
+    },
+    ">=3.3": {
+        "all": {  # all arches
+            "CHECKPOINT_RESTORE": True,  # Needed for lxc
+        }
+    },
+    ">=3.6": {
+        "all": {  # all arches
+            "MEMCG": True,
+            "MEMCG_SWAP": True,
+            "DM_THIN_PROVISIONING": True,  # Storage Drivers
+        },
+        "x86 x86_64": {  # only for x86, x86_64 (and sparc64, ia64)
+            "CONFIG_HUGETLB_PAGE": True,
+            "CGROUP_HUGETLB": True,  # Optional section
+        }
+    },
+    ">=3.7 <5.0": {
+        "all": {
+            "NF_NAT_IPV4": True,  # Needed for lxc
+            "NF_NAT_IPV6": True,  # Needed for lxc
+        },
+    },
+    ">=3.7": {
+        "all": {  # all arches
+            "VXLAN": True,  # Network Drivers
+            "IP6_NF_TARGET_MASQUERADE": True,  # Needed for lxc
+        }
+    },
+    ">=3.9": {
+        "all": {  # all arches
+            "BRIDGE_VLAN_FILTERING": True,  # Network Drivers (also for anbox)
+            "MACVLAN": True,  # Network Drivers
+        }
+    },
+    ">=3.14": {
+        "all": {  # all arches
+            "CGROUP_NET_PRIO": True,  # Optional section
+        }
+    },
+    ">=3.18": {
+        "all": {  # all arches
+            "OVERLAY_FS": True,  # Storage Drivers
+        }
+    },
+    ">=3.19": {
+        "all": {  # all arches
+            "IPVLAN": True,  # Network Drivers
+            "SECCOMP": True,  # Optional section
+        }
+    },
+    ">=4.4": {
+        "all": {  # all arches
+            "CGROUP_PIDS": True,  # Optional section
+        }
+    },
+}
+
 #
 # PARSE
 #
@ -390,6 +501,7 @@ apkbuild_custom_valid_options = [
    "!pmb:crossdirect",
    "!pmb:kconfig-check",
    "pmb:kconfigcheck-anbox",
+    "pmb:kconfigcheck-containers",
    "pmb:kconfigcheck-nftables",
    "pmb:cross-native",
    "pmb:strict",
--- a/pmb/helpers/frontend.py
+++ b/pmb/helpers/frontend.py
@ -376,6 +376,7 @@ def kconfig(args):
            if pmb.parse.kconfig.check_file(args, args.package,
                                            anbox=args.anbox,
                                            nftables=args.nftables,
+                                            containers=args.containers,
                                            details=True):
                logging.info("kconfig check succeeded!")
                return
@ -403,10 +404,12 @@ def kconfig(args):
                if "!pmb:kconfigcheck" in apkbuild["options"]:
                    skipped += 1
                    continue
-            if not pmb.parse.kconfig.check(args, package,
-                                           force_anbox_check=args.anbox,
-                                           force_nftables_check=args.nftables,
-                                           details=True):
+            if not pmb.parse.kconfig.check(
+                    args, package,
+                    force_anbox_check=args.anbox,
+                    force_nftables_check=args.nftables,
+                    force_containers_check=args.containers,
+                    details=True):
                error = True

        # At least one failure
--- a/pmb/parse/arguments.py
+++ b/pmb/parse/arguments.py
@ -439,6 +439,8 @@ def arguments_kconfig(subparser):
                       " options needed for anbox too")
    check.add_argument("--nftables", action="store_true", help="check"
                       " options needed for nftables too")
+    check.add_argument("--containers", action="store_true",
+                       help="check options needed for containers too")
    check_package = check.add_argument("package", default="", nargs='?')
    if argcomplete:
        check_package.completer = kernel_completer
--- a/pmb/parse/kconfig.py
+++ b/pmb/parse/kconfig.py
@ -65,7 +65,7 @@ def check_option(component, details, config, config_path_pretty, option,


 def check_config(config_path, config_path_pretty, config_arch, pkgver,
-                 anbox=False, nftables=False, details=False):
+                 anbox=False, nftables=False, containers=False, details=False):
    logging.debug(f"Check kconfig: {config_path}")
    with open(config_path) as handle:
        config = handle.read()
@ -75,6 +75,9 @@ def check_config(config_path, config_path_pretty, config_arch, pkgver,
        components["anbox"] = pmb.config.necessary_kconfig_options_anbox
    if nftables:
        components["nftables"] = pmb.config.necessary_kconfig_options_nftables
+    if containers:
+        components["containers"] = \
+            pmb.config.necessary_kconfig_options_containers

    results = [check_config_options_set(config, config_path_pretty,
                                        config_arch, options, component,
@ -118,7 +121,7 @@ def check_config_options_set(config, config_path_pretty, config_arch, options,


 def check(args, pkgname, force_anbox_check=False, force_nftables_check=False,
-          details=False):
+          force_containers_check=False, details=False):
    """
    Check for necessary kernel config options in a package.

@ -141,13 +144,18 @@ def check(args, pkgname, force_anbox_check=False, force_nftables_check=False,
        "pmb:kconfigcheck-anbox" in apkbuild["options"])
    check_nftables = force_nftables_check or (
        "pmb:kconfigcheck-nftables" in apkbuild["options"])
+    check_containers = force_containers_check or (
+        "pmb:kconfigcheck-containers" in apkbuild["options"])
    for config_path in glob.glob(aport + "/config-*"):
        # The architecture of the config is in the name, so it just needs to be
        # extracted
        config_arch = os.path.basename(config_path).split(".")[1]
        config_path_pretty = f"linux-{flavor}/{os.path.basename(config_path)}"
        ret &= check_config(config_path, config_path_pretty, config_arch,
-                            pkgver, anbox=check_anbox, nftables=check_nftables,
+                            pkgver,
+                            anbox=check_anbox,
+                            nftables=check_nftables,
+                            containers=check_containers,
                            details=details)
    return ret

@ -185,7 +193,7 @@ def extract_version(config_file):


 def check_file(args, config_file, anbox=False, nftables=False,
-               details=False):
+               containers=False, details=False):
    """
    Check for necessary kernel config options in a kconfig file.

@ -196,4 +204,7 @@ def check_file(args, config_file, anbox=False, nftables=False,
    logging.debug(f"Check kconfig: parsed arch={arch}, version={version} from "
                  "file: {config_file}")
    return check_config(config_file, config_file, arch, version,
-                        anbox=anbox, nftables=nftables, details=details)
+                        anbox=anbox,
+                        nftables=nftables,
+                        containers=containers,
+                        details=details)