From 687807fa735d94d178fee0cf906b5d6450f60dbe Mon Sep 17 00:00:00 2001 From: Alexey Min Date: Wed, 2 Jun 2021 00:24:04 +0300 Subject: [PATCH] Add kconfig check for containers (MR 2060) Usage: pmbootstrap kconfig check --containers linux-postmarketos-qcom-msm8974 --- pmb/build/menuconfig.py | 4 +- pmb/config/__init__.py | 112 ++++++++++++++++++++++++++++++++++++++++ pmb/helpers/frontend.py | 11 ++-- pmb/parse/arguments.py | 2 + pmb/parse/kconfig.py | 21 ++++++-- 5 files changed, 140 insertions(+), 10 deletions(-) diff --git a/pmb/build/menuconfig.py b/pmb/build/menuconfig.py index 6263a085..7f6e0dea 100644 --- a/pmb/build/menuconfig.py +++ b/pmb/build/menuconfig.py @@ -152,4 +152,6 @@ def menuconfig(args, pkgname): # Check config pmb.parse.kconfig.check(args, apkbuild["_flavor"], force_anbox_check=False, - force_nftables_check=False, details=True) + force_nftables_check=False, + force_containers_check=False, + details=True) diff --git a/pmb/config/__init__.py b/pmb/config/__init__.py index 8aec8aaa..b85c2328 100644 --- a/pmb/config/__init__.py +++ b/pmb/config/__init__.py @@ -323,6 +323,117 @@ necessary_kconfig_options_nftables = { }, } +# Necessary kernel config options for containers (lxc, Docker) +necessary_kconfig_options_containers = { + ">=0.0.0": { # all versions, more specifically - since >=2.5~2.6 + "all": { # all arches + "NAMESPACES": True, + "NET_NS": True, + "PID_NS": True, + "IPC_NS": True, + "UTS_NS": True, + "CGROUPS": True, + "CGROUP_CPUACCT": True, + "CGROUP_DEVICE": True, + "CGROUP_FREEZER": True, + "CGROUP_SCHED": True, + "CPUSETS": True, + "KEYS": True, + "VETH": True, + "BRIDGE": True, # (also needed for anbox) + "BRIDGE_NETFILTER": True, + "IP_NF_FILTER": True, + "IP_NF_TARGET_MASQUERADE": True, + "NETFILTER_XT_MATCH_ADDRTYPE": True, + "NETFILTER_XT_MATCH_CONNTRACK": True, + "NETFILTER_XT_MATCH_IPVS": True, + "NETFILTER_XT_MARK": True, + "NETFILTER_XT_TARGET_CHECKSUM": True, # Needed for lxc + "IP_NF_NAT": True, + "NF_NAT": True, + "POSIX_MQUEUE": True, + "BLK_DEV_DM": True, # Storage Drivers + "DUMMY": True, # Network Drivers + # "USER_NS": True, # This is already in pmOS kconfig check + "BLK_CGROUP": True, # Optional section + "BLK_DEV_THROTTLING": True, # Optional section + "CGROUP_PERF": True, # Optional section + "NET_CLS_CGROUP": True, # Optional section + "FAIR_GROUP_SCHED": True, # Optional section + "RT_GROUP_SCHED": True, # Optional section + "IP_NF_TARGET_REDIRECT": True, # Optional section + "IP_VS": True, # Optional section + "IP_VS_NFCT": True, # Optional section + "IP_VS_PROTO_TCP": True, # Optional section + "IP_VS_PROTO_UDP": True, # Optional section + "IP_VS_RR": True, # Optional section + # "EXT4_FS": True, # This is already in pmOS kconfig check + "EXT4_FS_POSIX_ACL": True, # Optional section + "EXT4_FS_SECURITY": True, # Optional section + } + }, + ">=3.2": { + "all": { + "CFS_BANDWIDTH": True, # Optional section + } + }, + ">=3.3": { + "all": { # all arches + "CHECKPOINT_RESTORE": True, # Needed for lxc + } + }, + ">=3.6": { + "all": { # all arches + "MEMCG": True, + "MEMCG_SWAP": True, + "DM_THIN_PROVISIONING": True, # Storage Drivers + }, + "x86 x86_64": { # only for x86, x86_64 (and sparc64, ia64) + "CONFIG_HUGETLB_PAGE": True, + "CGROUP_HUGETLB": True, # Optional section + } + }, + ">=3.7 <5.0": { + "all": { + "NF_NAT_IPV4": True, # Needed for lxc + "NF_NAT_IPV6": True, # Needed for lxc + }, + }, + ">=3.7": { + "all": { # all arches + "VXLAN": True, # Network Drivers + "IP6_NF_TARGET_MASQUERADE": True, # Needed for lxc + } + }, + ">=3.9": { + "all": { # all arches + "BRIDGE_VLAN_FILTERING": True, # Network Drivers (also for anbox) + "MACVLAN": True, # Network Drivers + } + }, + ">=3.14": { + "all": { # all arches + "CGROUP_NET_PRIO": True, # Optional section + } + }, + ">=3.18": { + "all": { # all arches + "OVERLAY_FS": True, # Storage Drivers + } + }, + ">=3.19": { + "all": { # all arches + "IPVLAN": True, # Network Drivers + "SECCOMP": True, # Optional section + } + }, + ">=4.4": { + "all": { # all arches + "CGROUP_PIDS": True, # Optional section + } + }, +} + # # PARSE # @@ -390,6 +501,7 @@ apkbuild_custom_valid_options = [ "!pmb:crossdirect", "!pmb:kconfig-check", "pmb:kconfigcheck-anbox", + "pmb:kconfigcheck-containers", "pmb:kconfigcheck-nftables", "pmb:cross-native", "pmb:strict", diff --git a/pmb/helpers/frontend.py b/pmb/helpers/frontend.py index fa674712..73110e66 100644 --- a/pmb/helpers/frontend.py +++ b/pmb/helpers/frontend.py @@ -376,6 +376,7 @@ def kconfig(args): if pmb.parse.kconfig.check_file(args, args.package, anbox=args.anbox, nftables=args.nftables, + containers=args.containers, details=True): logging.info("kconfig check succeeded!") return @@ -403,10 +404,12 @@ def kconfig(args): if "!pmb:kconfigcheck" in apkbuild["options"]: skipped += 1 continue - if not pmb.parse.kconfig.check(args, package, - force_anbox_check=args.anbox, - force_nftables_check=args.nftables, - details=True): + if not pmb.parse.kconfig.check( + args, package, + force_anbox_check=args.anbox, + force_nftables_check=args.nftables, + force_containers_check=args.containers, + details=True): error = True # At least one failure diff --git a/pmb/parse/arguments.py b/pmb/parse/arguments.py index 4aec58e0..06a96cd8 100644 --- a/pmb/parse/arguments.py +++ b/pmb/parse/arguments.py @@ -439,6 +439,8 @@ def arguments_kconfig(subparser): " options needed for anbox too") check.add_argument("--nftables", action="store_true", help="check" " options needed for nftables too") + check.add_argument("--containers", action="store_true", + help="check options needed for containers too") check_package = check.add_argument("package", default="", nargs='?') if argcomplete: check_package.completer = kernel_completer diff --git a/pmb/parse/kconfig.py b/pmb/parse/kconfig.py index af8fbdca..82299ae4 100644 --- a/pmb/parse/kconfig.py +++ b/pmb/parse/kconfig.py @@ -65,7 +65,7 @@ def check_option(component, details, config, config_path_pretty, option, def check_config(config_path, config_path_pretty, config_arch, pkgver, - anbox=False, nftables=False, details=False): + anbox=False, nftables=False, containers=False, details=False): logging.debug(f"Check kconfig: {config_path}") with open(config_path) as handle: config = handle.read() @@ -75,6 +75,9 @@ def check_config(config_path, config_path_pretty, config_arch, pkgver, components["anbox"] = pmb.config.necessary_kconfig_options_anbox if nftables: components["nftables"] = pmb.config.necessary_kconfig_options_nftables + if containers: + components["containers"] = \ + pmb.config.necessary_kconfig_options_containers results = [check_config_options_set(config, config_path_pretty, config_arch, options, component, @@ -118,7 +121,7 @@ def check_config_options_set(config, config_path_pretty, config_arch, options, def check(args, pkgname, force_anbox_check=False, force_nftables_check=False, - details=False): + force_containers_check=False, details=False): """ Check for necessary kernel config options in a package. @@ -141,13 +144,18 @@ def check(args, pkgname, force_anbox_check=False, force_nftables_check=False, "pmb:kconfigcheck-anbox" in apkbuild["options"]) check_nftables = force_nftables_check or ( "pmb:kconfigcheck-nftables" in apkbuild["options"]) + check_containers = force_containers_check or ( + "pmb:kconfigcheck-containers" in apkbuild["options"]) for config_path in glob.glob(aport + "/config-*"): # The architecture of the config is in the name, so it just needs to be # extracted config_arch = os.path.basename(config_path).split(".")[1] config_path_pretty = f"linux-{flavor}/{os.path.basename(config_path)}" ret &= check_config(config_path, config_path_pretty, config_arch, - pkgver, anbox=check_anbox, nftables=check_nftables, + pkgver, + anbox=check_anbox, + nftables=check_nftables, + containers=check_containers, details=details) return ret @@ -185,7 +193,7 @@ def extract_version(config_file): def check_file(args, config_file, anbox=False, nftables=False, - details=False): + containers=False, details=False): """ Check for necessary kernel config options in a kconfig file. @@ -196,4 +204,7 @@ def check_file(args, config_file, anbox=False, nftables=False, logging.debug(f"Check kconfig: parsed arch={arch}, version={version} from " "file: {config_file}") return check_config(config_file, config_file, arch, version, - anbox=anbox, nftables=nftables, details=details) + anbox=anbox, + nftables=nftables, + containers=containers, + details=details)