[Qemu-devel] [PATCH 0/6] linux-user: Misc patches for linux container compatibility

[Qemu-devel] [PATCH 0/6] linux-user: Misc patches for linux container compatibility

[Laurent Vivier]

I bring with me this serie of patches for some months now.

They allow to boot and use a linux-user mode qemu in a linux container.
Some of them have been already sent to the mailing list with no result.

Please review, comments are welcome, and apply.

Laurent Vivier (6):
  linux-user: convert /proc/net/route when endianess differs
  linux-user: Add setsockopt(SO_ATTACH_FILTER)
  linux-user: allow use of TIOCGSID
  linux-user: add some IPV6 commands in setsockop()
  linux-user: add support of binfmt_misc 'O' flag
  scripts: create a template to use with lxc-create

 linux-user/ioctls.h       |   1 +
 linux-user/linuxload.c    |   8 +-
 linux-user/main.c         |  32 ++++-
 linux-user/qemu.h         |   2 +-
 linux-user/syscall.c      | 122 +++++++++++++++-
 linux-user/syscall_defs.h |  12 ++
 scripts/lxc-cross-debian  | 353 ++++++++++++++++++++++++++++++++++++++++++++++
 7 files changed, 517 insertions(+), 13 deletions(-)
 create mode 100755 scripts/lxc-cross-debian

-- 
1.8.1.2

[Qemu-devel] [PATCH 1/6] linux-user: convert /proc/net/route when endianess differs

[Laurent Vivier]

This patch allows to have IP addresses in correct order
in the case of "netstat -nr" when the endianess of the
guest differs from one of the host.

For instance, an m68k guest on an x86_64 host:

WITHOUT this patch:

$ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         1.3.0.10        0.0.0.0         UG        0 0          0 eth0
0.3.0.10        0.0.0.0         0.255.255.255   U         0 0          0 eth0
$ cat /proc/net/route
Iface	Destination	Gateway 	Flags	RefCnt	Use	Metric	Mask	MTU	Window	IRTT

eth0	00000000	0103000A	0003	0	0	0	000000000	0	0
eth0	0003000A	00000000	0001	0	0	0	00FFFFFF0	0	0

WITH this patch:

$ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.0.3.1        0.0.0.0         UG        0 0          0 eth0
10.0.3.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0
$ cat /proc/net/route
Iface	Destination	Gateway 	Flags	RefCnt	Use	Metric	Mask	MTU	Window	IRTT
eth0	00000000	0a000301	0003	0	0	0	000000000	0	0
eth0	0a000300	00000000	0001	0	0	0	ffffff000	0	0

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
 linux-user/syscall.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 53 insertions(+), 5 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index f986548..b19f712 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -5037,22 +5037,70 @@ static int is_proc_myself(const char *filename, const char *entry)
     return 0;
 }
 
+#if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN)
+static int is_proc(const char *filename, const char *entry)
+{
+    return strcmp(filename, entry) == 0;
+}
+
+static int open_net_route(void *cpu_env, int fd)
+{
+    FILE *fp;
+    char *line = NULL;
+    size_t len = 0;
+    ssize_t read;
+
+    fp = fopen("/proc/net/route", "r");
+    if (fp == NULL) {
+        return -EACCES;
+    }
+
+    /* read header */
+
+    read = getline(&line, &len, fp);
+    dprintf(fd, "%s", line);
+
+    /* read routes */
+
+    while ((read = getline(&line, &len, fp)) != -1) {
+        char iface[16];
+        uint32_t dest, gw, mask;
+        unsigned int flags, refcnt, use, metric, mtu, window, irtt;
+        sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
+                     iface, &dest, &gw, &flags, &refcnt, &use, &metric,
+                     &mask, &mtu, &window, &irtt);
+        dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
+                iface, tswap32(dest), tswap32(gw), flags, refcnt, use,
+                metric, tswap32(mask), mtu, window, irtt);
+    }
+
+    free(line);
+    fclose(fp);
+
+    return 0;
+}
+#endif
+
 static int do_open(void *cpu_env, const char *pathname, int flags, mode_t mode)
 {
     struct fake_open {
         const char *filename;
         int (*fill)(void *cpu_env, int fd);
+        int (*cmp)(const char *s1, const char *s2);
     };
     const struct fake_open *fake_open;
     static const struct fake_open fakes[] = {
-        { "maps", open_self_maps },
-        { "stat", open_self_stat },
-        { "auxv", open_self_auxv },
-        { NULL, NULL }
+        { "maps", open_self_maps, is_proc_myself },
+        { "stat", open_self_stat, is_proc_myself },
+        { "auxv", open_self_auxv, is_proc_myself },
+#if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN)
+        { "/proc/net/route", open_net_route, is_proc },
+#endif
+        { NULL, NULL, NULL }
     };
 
     for (fake_open = fakes; fake_open->filename; fake_open++) {
-        if (is_proc_myself(pathname, fake_open->filename)) {
+        if (fake_open->cmp(pathname, fake_open->filename)) {
             break;
         }
     }
-- 
1.8.1.2

[Qemu-devel] [PATCH 2/6] linux-user: Add setsockopt(SO_ATTACH_FILTER)

[Laurent Vivier]

This is needed to be able to run dhclient.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
 linux-user/syscall.c      | 44 ++++++++++++++++++++++++++++++++++++++++++++
 linux-user/syscall_defs.h | 12 ++++++++++++
 2 files changed, 56 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index b19f712..9acc4f5 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -106,6 +106,7 @@ int __clone2(int (*fn)(void *), void *child_stack_base,
 #include <linux/dm-ioctl.h>
 #include <linux/reboot.h>
 #include <linux/route.h>
+#include <linux/filter.h>
 #include "linux_loop.h"
 #include "cpu-uname.h"
 
@@ -1357,6 +1358,49 @@ set_timeout:
         case TARGET_SO_SNDTIMEO:
                 optname = SO_SNDTIMEO;
                 goto set_timeout;
+        case TARGET_SO_ATTACH_FILTER:
+        {
+                struct target_sock_fprog *tfprog;
+                struct target_sock_filter *tfilter;
+                struct sock_fprog fprog;
+                struct sock_filter *filter;
+                int i;
+
+                if (optlen != sizeof(*tfprog)) {
+                    return -TARGET_EINVAL;
+                }
+                if (!lock_user_struct(VERIFY_READ, tfprog, optval_addr, 0)) {
+                    return -TARGET_EFAULT;
+                }
+                if (!lock_user_struct(VERIFY_READ, tfilter,
+                                      tswapal(tfprog->filter), 0)) {
+                    unlock_user_struct(tfprog, optval_addr, 1);
+                    return -TARGET_EFAULT;
+                }
+
+                fprog.len = tswap16(tfprog->len);
+                filter = malloc(fprog.len * sizeof(*filter));
+                if (filter == NULL) {
+                    unlock_user_struct(tfilter, tfprog->filter, 1);
+                    unlock_user_struct(tfprog, optval_addr, 1);
+                    return -TARGET_ENOMEM;
+                }
+                for (i = 0; i < fprog.len; i++) {
+                    filter[i].code = tswap16(tfilter[i].code);
+                    filter[i].jt = tfilter[i].jt;
+                    filter[i].jf = tfilter[i].jf;
+                    filter[i].k = tswap32(tfilter[i].k);
+                }
+                fprog.filter = filter;
+
+                ret = get_errno(setsockopt(sockfd, SOL_SOCKET,
+                                SO_ATTACH_FILTER, &fprog, sizeof(fprog)));
+                free(filter);
+
+                unlock_user_struct(tfilter, tfprog->filter, 1);
+                unlock_user_struct(tfprog, optval_addr, 1);
+                return ret;
+        }
             /* Options with 'int' argument.  */
         case TARGET_SO_DEBUG:
 		optname = SO_DEBUG;
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index 086fbff..b0630ca 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -119,6 +119,18 @@ struct target_sockaddr {
     uint8_t sa_data[14];
 };
 
+struct target_sock_filter {
+    abi_ushort code;
+    uint8_t jt;
+    uint8_t jf;
+    abi_uint k;
+};
+
+struct target_sock_fprog {
+    abi_ushort len;
+    abi_ulong filter;
+};
+
 struct target_in_addr {
     uint32_t s_addr; /* big endian */
 };
-- 
1.8.1.2

[Qemu-devel] [PATCH 3/6] linux-user: allow use of TIOCGSID

[Laurent Vivier]

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
 linux-user/ioctls.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
index 439c2a9..7381012 100644
--- a/linux-user/ioctls.h
+++ b/linux-user/ioctls.h
@@ -20,6 +20,7 @@
      IOCTL(TIOCSCTTY, 0, TYPE_INT)
      IOCTL(TIOCGPGRP, IOC_R, MK_PTR(TYPE_INT))
      IOCTL(TIOCSPGRP, IOC_W, MK_PTR(TYPE_INT))
+     IOCTL(TIOCGSID, IOC_W, MK_PTR(TYPE_INT))
      IOCTL(TIOCOUTQ, IOC_R, MK_PTR(TYPE_INT))
      IOCTL(TIOCSTI, IOC_W, MK_PTR(TYPE_INT))
      IOCTL(TIOCMGET, IOC_R, MK_PTR(TYPE_INT))
-- 
1.8.1.2

[Qemu-devel] [PATCH 4/6] linux-user: add some IPV6 commands in setsockop()

[Laurent Vivier]

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
 linux-user/syscall.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 9acc4f5..b32bff0 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -1315,6 +1315,26 @@ static abi_long do_setsockopt(int sockfd, int level, int optname,
             goto unimplemented;
         }
         break;
+    case SOL_IPV6:
+        switch (optname) {
+        case IPV6_MTU_DISCOVER:
+        case IPV6_MTU:
+        case IPV6_V6ONLY:
+        case IPV6_RECVPKTINFO:
+            val = 0;
+            if (optlen < sizeof(uint32_t)) {
+                return -TARGET_EINVAL;
+            }
+            if (get_user_u32(val, optval_addr)) {
+                return -TARGET_EFAULT;
+            }
+            ret = get_errno(setsockopt(sockfd, level, optname,
+                                       &val, sizeof(val)));
+            break;
+        default:
+            goto unimplemented;
+        }
+        break;
     case SOL_RAW:
         switch (optname) {
         case ICMP_FILTER:
-- 
1.8.1.2

[Qemu-devel] [PATCH 5/6] linux-user: add support of binfmt_misc 'O' flag

[Laurent Vivier]

The binfmt_misc module can calculate the credentials and security
token according to the binary instead of to the interpreter if the
'C' flag is enabled.

To be able to execute non-readable binaries, this flag implies 'O'
flag. When 'O' flag is enabled, bintfmt_misc opens the file for
reading and pass the file descriptor to the interpreter.

References:
linux/Documentation/binfmt_misc.txt          ['O' and 'C' description]
linux/fs/binfmt_misc.c linux/fs/binfmt_elf.c [ AT_EXECFD usage ]

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
 linux-user/linuxload.c |  8 ++------
 linux-user/main.c      | 32 +++++++++++++++++++++++++++++++-
 linux-user/qemu.h      |  2 +-
 3 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/linux-user/linuxload.c b/linux-user/linuxload.c
index 5cd6d91..a1fe5ed 100644
--- a/linux-user/linuxload.c
+++ b/linux-user/linuxload.c
@@ -131,7 +131,7 @@ abi_ulong loader_build_argptr(int envc, int argc, abi_ulong sp,
     return sp;
 }
 
-int loader_exec(const char * filename, char ** argv, char ** envp,
+int loader_exec(int fdexec, const char *filename, char **argv, char **envp,
              struct target_pt_regs * regs, struct image_info *infop,
              struct linux_binprm *bprm)
 {
@@ -140,11 +140,7 @@ int loader_exec(const char * filename, char ** argv, char ** envp,
 
     bprm->p = TARGET_PAGE_SIZE*MAX_ARG_PAGES-sizeof(unsigned int);
     memset(bprm->page, 0, sizeof(bprm->page));
-    retval = open(filename, O_RDONLY);
-    if (retval < 0) {
-        return -errno;
-    }
-    bprm->fd = retval;
+    bprm->fd = fdexec;
     bprm->filename = (char *)filename;
     bprm->argc = count(argv);
     bprm->argv = argv;
diff --git a/linux-user/main.c b/linux-user/main.c
index 03859bc..0223b93 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -3532,6 +3532,26 @@ static int parse_args(int argc, char **argv)
     return optind;
 }
 
+static int get_execfd(char **envp)
+{
+    typedef struct {
+        long a_type;
+        long a_val;
+    } auxv_t;
+    auxv_t *auxv;
+
+    while (*envp++ != NULL) {
+        ;
+    }
+
+    for (auxv = (auxv_t *)envp; auxv->a_type != AT_NULL; auxv++) {
+        if (auxv->a_type == AT_EXECFD) {
+            return auxv->a_val;
+        }
+    }
+    return -1;
+}
+
 int main(int argc, char **argv, char **envp)
 {
     struct target_pt_regs regs1, *regs = &regs1;
@@ -3546,6 +3566,7 @@ int main(int argc, char **argv, char **envp)
     int target_argc;
     int i;
     int ret;
+    int execfd;
 
     module_call_init(MODULE_INIT_QOM);
 
@@ -3721,7 +3742,16 @@ int main(int argc, char **argv, char **envp)
     env->opaque = ts;
     task_settid(ts);
 
-    ret = loader_exec(filename, target_argv, target_environ, regs,
+    execfd = get_execfd(envp);
+    if (execfd < 0) {
+        execfd = open(filename, O_RDONLY);
+    }
+    if (execfd < 0) {
+        printf("Error while loading %s: %s\n", filename, strerror(-execfd));
+        _exit(1);
+    }
+
+    ret = loader_exec(execfd, filename, target_argv, target_environ, regs,
         info, &bprm);
     if (ret != 0) {
         printf("Error while loading %s: %s\n", filename, strerror(-ret));
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index 4a16e8f..111251b 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -172,7 +172,7 @@ struct linux_binprm {
 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop);
 abi_ulong loader_build_argptr(int envc, int argc, abi_ulong sp,
                               abi_ulong stringp, int push_ptr);
-int loader_exec(const char * filename, char ** argv, char ** envp,
+int loader_exec(int fdexec, const char *filename, char **argv, char **envp,
              struct target_pt_regs * regs, struct image_info *infop,
              struct linux_binprm *);
 
-- 
1.8.1.2

[Qemu-devel] [PATCH 6/6] scripts: create a template to use with lxc-create

[Laurent Vivier]

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
 scripts/lxc-cross-debian | 353 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 353 insertions(+)
 create mode 100755 scripts/lxc-cross-debian

diff --git a/scripts/lxc-cross-debian b/scripts/lxc-cross-debian
new file mode 100755
index 0000000..aded1d3
--- /dev/null
+++ b/scripts/lxc-cross-debian
@@ -0,0 +1,353 @@
+#!/bin/bash
+#
+# Some parts from lxc-debian, Daniel Lezcano <daniel.lezcano@free.fr>
+#
+# Copy this script to /usr/share/lxc/templates
+#
+# and use it with
+# lxc-create -t cross-debian -n xxxx  -- --arch xxx --interpreter-path /a/b/c/qemu-xxx
+#
+
+SUITE=${SUITE:-stable}
+MIRROR=${MIRROR:-http://ftp.debian.org/debian}
+
+find_interpreter() {
+    qemu=$(basename "$1")
+
+    if [ ! -d /proc/sys/fs/binfmt_misc/ ] ; then
+        return 1
+    fi
+    for file in /proc/sys/fs/binfmt_misc/* ; do
+        if [ "$file" = "/proc/sys/fs/binfmt_misc/register" -o \
+             "$file" = "/proc/sys/fs/binfmt_misc/status" ] ; then
+            continue
+        fi
+        interpreter_path=$(sed -n "/^interpreter/s/interpreter \([^[:space:]]*\)/\1/p" "$file")
+        interpreter=$(basename $interpreter_path)
+        if [ "$qemu" = "$interpreter" ] ; then
+            echo "$interpreter_path"
+            return 0
+        fi
+    done
+    return 1
+}
+
+download_debian()
+{
+    cache="$1"
+    arch="$2"
+
+    if [ ! -d "$cache/archives-$SUITE-$arch" ]; then
+        if ! mkdir -p "$cache/archives-$SUITE-$arch" ; then
+            echo "Failed to create '$cache/archives-$SUITE-$arch' directory"
+            return 1
+        fi
+    fi
+
+    echo "Downloading debian $SUITE $arch..."
+    if ! debootstrap --download-only \
+                     --no-check-gpg \
+                     --arch=$arch \
+                     --include="locales" \
+                     ${SUITE} "$cache/archives-$SUITE-$arch" \
+                     ${MIRROR} ; then
+        echo "ERROR: failed to download to $cache/archives-$SUITE-$arch" 1>&2
+        exit 1
+    fi
+    echo "Download complete."
+    trap EXIT
+    trap SIGINT
+    trap SIGTERM
+    trap SIGHUP
+
+    return 0
+}
+
+copy_debian()
+{
+    cache=$1
+    arch=$2
+    rootfs=$3
+
+    echo -n "Copying rootfs to $rootfs..."
+    mkdir -p $rootfs
+    rsync -Ha "$cache/archives-$SUITE-$arch"/ $rootfs/ || return 1
+    echo "Copy complete."
+    return 0
+}
+
+install_debian()
+{
+    cache="/var/cache/lxc/debian"
+    rootfs="$1"
+    arch="$2"
+
+    mkdir -p /var/lock/subsys/
+    (
+        if ! flock -x 200 ; then
+            echo "Cache repository is busy."
+            return 1
+        fi
+
+        if ! download_debian $cache $arch ; then
+            echo "Failed to download 'debian base'"
+            return 1
+        fi
+
+        if ! copy_debian $cache $arch $rootfs ; then
+            echo "Failed to copy rootfs"
+            return 1
+        fi
+
+        return 0
+
+    ) 200>/var/lock/subsys/lxc-debian
+
+    return $?
+}
+
+create_root() {
+
+    rootfs="$1"
+    hostname="$2"
+    qemu="$3"
+    arch="$4"
+    interpreter_path="$5"
+    include="$6"
+
+    if ! install_debian "$rootfs" "$arch" ; then
+        echo "ERROR: failed to update cache" 1>&2
+        exit 1
+    fi
+
+    if [ "${include}" = "" ] ; then
+      include="locales"
+    else
+      include="locales,${include}"
+    fi
+
+    # Debian bootstrap
+
+    if ! debootstrap --no-check-gpg --foreign \
+                     --arch=$arch \
+                     --include="${include}" \
+                     ${SUITE} "$rootfs" \
+                     ${MIRROR} ; then
+        echo "ERROR: failed to debootstrap to $rootfs" 1>&2
+        exit 1
+    fi
+
+    # adding qemu binary
+
+    if ! cp "$qemu" "$rootfs/$interpreter_path" ; then
+        echo "ERROR: failed to copy $qemu to $rootfs/$interpreter_path" 1>&2
+        exit 1
+    fi
+
+    # debian bootstrap second stage
+
+    chroot "$rootfs" debootstrap/debootstrap --second-stage
+}
+
+configure_debian() {
+
+    rootfs="$1"
+    hostname="$2"
+    debian_sign="$3"
+
+    # set timezone
+
+    cat /etc/timezone > "$rootfs/etc/timezone"
+    chroot $rootfs dpkg-reconfigure -fnoninteractive tzdata
+
+    # configuration
+
+    cat >> "$rootfs/etc/fstab" <<!EOF
+# <file system> <mount point>   <type>  <options>       <dump>  <pass>
+devpts		/dev/pts	devpts	nodev,noexec,nosuid 0	1
+!EOF
+
+    echo "$hostname" > "$rootfs/etc/hostname"
+    echo "c:2345:respawn:/sbin/getty 38400 console" >> "$rootfs/etc/inittab"
+
+    cat >> "$rootfs/etc/network/interfaces" <<!EOF
+auto eth0
+iface eth0 inet dhcp
+!EOF
+
+    cat > "$rootfs/etc/apt/sources.list" <<!EOF
+deb ${MIRROR} ${SUITE} main contrib non-free
+#deb-src ${MIRROR} ${SUITE} main contrib non-free
+!EOF
+
+    if [ "$debian_sign" != "" ]
+    then
+        HOME=/root chroot "$rootfs" gpg --keyserver pgpkeys.mit.edu --recv-key ${debian_sign}
+        HOME=/root chroot "$rootfs" gpg -a --export ${debian_sign} | chroot "$rootfs"  apt-key add -
+    fi
+
+    chroot "$rootfs" apt-get update
+
+    if [ -z "$LANG" ]; then
+        echo "en_US.UTF-8 UTF-8" > "$rootfs/etc/locale.gen"
+        chroot $rootfs locale-gen
+        chroot $rootfs update-locale LANG=en_US.UTF-8
+    else
+        echo "$LANG $(echo $LANG | cut -d. -f2)" > "$rootfs/etc/locale.gen"
+        chroot $rootfs locale-gen
+        chroot $rootfs update-locale LANG=$LANG
+    fi
+
+    # remove pointless services in a container
+
+    if [ -x "$rootfs/usr/sbin/update-rc.d" ] ; then
+        chroot $rootfs /usr/sbin/update-rc.d -f checkroot.sh remove
+        chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove
+        chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove
+        chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove
+        chroot $rootfs /usr/sbin/update-rc.d -f module-init-tools remove
+    fi
+
+    echo "root:root" | chroot $rootfs chpasswd
+    echo "Root password is 'root', please change !"
+}
+
+get_rootfs() {
+    config="$1/config"
+    rootfs=$(sed -n "s/^lxc.rootfs[[:space:]]*=[[:space:]]*\(.*\)/\1/p" $config)
+    if [ "$rootfs" = "" ]
+    then
+        echo "$path/rootfs"
+    else
+        echo "$rootfs"
+    fi
+}
+
+create_lxc() {
+    path="$1"
+    rootfs="$2"
+    hostname="$3"
+
+    grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> "$path/config"
+    cat >> "$path/config" <<!EOF
+lxc.utsname = $hostname
+
+lxc.pts=1023
+lxc.tty=12
+
+lxc.cgroup.devices.deny = a
+lxc.cgroup.devices.allow = c 136:* rwm # pts
+lxc.cgroup.devices.allow = c 254:0 rwm # rtc
+lxc.cgroup.devices.allow = c 5:* rwm
+lxc.cgroup.devices.allow = c 4:* rwm # ttyXX
+lxc.cgroup.devices.allow = c 1:* rwm
+lxc.cgroup.devices.allow = b 7:* rwm # loop
+lxc.cgroup.devices.allow = b 1:* rwm # ram
+
+lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
+lxc.mount.entry=sysfs sys sysfs defaults  0 0
+
+!EOF
+    if [ $? -ne 0 ] ; then
+        echo "ERROR: failed to create LXC configuration" 1>&2
+        exit 1
+    fi
+}
+
+usage()
+{
+    cat <<!EOF
+Usage: $1 --path PATH --name NAME --arch ARCH --interpreter-path QEMU
+          [--mirror MIRROR][--suite SUITE]
+
+    --path is configuration path
+    --name is container name
+    --arch is debian architecture
+    --interpreter-path is path to the interpreter to copy to rootfs
+    --mirror is URL of debian mirror to use
+    --suite is debian suite to install
+    --include is the list of package to add to debootstrap
+!EOF
+}
+
+options=$(getopt -o hp:n:I:a:s:m:k:i: -l help,path:,name:,interpreter-path:,arch:,suite:,mirror:,deb-sign:,include: -- "$@")
+if [ $? -ne 0 ]; then
+        usage $(basename $0)
+        exit 1
+fi
+eval set -- "$options"
+
+while true ; do
+    case "$1" in
+    -p|--path)
+        shift
+        path="$1"
+        ;;
+    -n|--name)
+        shift
+        name="$1"
+        ;;
+    -a|--arch)
+        shift
+        arch="$1"
+        ;;
+    -I|--interpreter-path)
+        shift
+        qemu="$1"
+        ;;
+    -s|--suite)
+        shift
+        SUITE="$1"
+        ;;
+    -m|--mirror)
+        shift
+        MIRROR="$1"
+        ;;
+    -i|--include)
+        shift
+        include="$1"
+        ;;
+    -k|--deb-sign)
+        shift
+        debian_sign="$1"
+        ;;
+    -h|--help)
+        usage
+        exit 1
+        ;;
+    *)
+        break
+        ;;
+    esac
+    shift
+done
+
+if [ "$path" = "" -o "$name" = "" -o "$arch" = "" -o "$qemu" = "" ] ; then
+    echo "ERROR: missing parameter" 1>&2
+    usage
+    exit 1
+fi
+
+if ! type debootstrap ; then
+    echo "ERROR: 'debootstrap' command is missing" 1>&2
+    exit 1
+fi
+
+if ! file -b "${qemu}" |grep -q "statically linked" ; then
+    echo "ERROR: '${qemu}' must be statically linked" 1>&2
+    exit 1
+fi
+
+interpreter_path=$(find_interpreter "$qemu")
+if [ $? -ne 0 ] ; then
+    echo "ERROR: no binfmt interpreter using $(basename $qemu)" 1>&2
+    exit 1
+fi
+
+rootfs=$(get_rootfs $path)
+
+create_root "$rootfs" "$name" "$qemu" "$arch" "$interpreter_path" "$include"
+
+configure_debian "$rootfs" "$name" "$debian_sign"
+
+create_lxc "$path" "$rootfs" "$name"
-- 
1.8.1.2

Re: [Qemu-devel] [PATCH 5/6] linux-user: add support of binfmt_misc 'O' flag

[Peter Maydell]

On 30 August 2013 00:46, Laurent Vivier <laurent@vivier.eu> wrote:
> The binfmt_misc module can calculate the credentials and security
> token according to the binary instead of to the interpreter if the
> 'C' flag is enabled.
>
> To be able to execute non-readable binaries, this flag implies 'O'
> flag. When 'O' flag is enabled, bintfmt_misc opens the file for
> reading and pass the file descriptor to the interpreter.
>
> References:
> linux/Documentation/binfmt_misc.txt          ['O' and 'C' description]
> linux/fs/binfmt_misc.c linux/fs/binfmt_elf.c [ AT_EXECFD usage ]

> +static int get_execfd(char **envp)
> +{
> +    typedef struct {
> +        long a_type;
> +        long a_val;
> +    } auxv_t;
> +    auxv_t *auxv;
> +
> +    while (*envp++ != NULL) {
> +        ;
> +    }
> +
> +    for (auxv = (auxv_t *)envp; auxv->a_type != AT_NULL; auxv++) {
> +        if (auxv->a_type == AT_EXECFD) {
> +            return auxv->a_val;
> +        }
> +    }
> +    return -1;
> +}

This looks OK in principle, but this is going to clash
with RTH's auxval related patchset
http://patchwork.ozlabs.org/patch/268006/

so some coordination might be a good idea.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 1/6] linux-user: convert /proc/net/route when endianess differs

[Peter Maydell]

On 30 August 2013 00:46, Laurent Vivier <laurent@vivier.eu> wrote:
> This patch allows to have IP addresses in correct order
> in the case of "netstat -nr" when the endianess of the
> guest differs from one of the host.
>
> Signed-off-by: Laurent Vivier <laurent@vivier.eu>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

-- PMM

Re: [Qemu-devel] [PATCH 2/6] linux-user: Add setsockopt(SO_ATTACH_FILTER)

[Peter Maydell]

On 30 August 2013 00:46, Laurent Vivier <laurent@vivier.eu> wrote:
> This is needed to be able to run dhclient.
>
> Signed-off-by: Laurent Vivier <laurent@vivier.eu>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

-- PMM

Re: [Qemu-devel] [PATCH 4/6] linux-user: add some IPV6 commands in setsockop()

[Peter Maydell]

On 30 August 2013 00:46, Laurent Vivier <laurent@vivier.eu> wrote:
> Signed-off-by: Laurent Vivier <laurent@vivier.eu>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

-- PMM

Re: [Qemu-devel] [PATCH 3/6] linux-user: allow use of TIOCGSID

[Peter Maydell]

On 30 August 2013 00:46, Laurent Vivier <laurent@vivier.eu> wrote:
> Signed-off-by: Laurent Vivier <laurent@vivier.eu>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

-- PMM

Re: [Qemu-devel] [PATCH 6/6] scripts: create a template to use with lxc-create

[Peter Maydell]

On 30 August 2013 00:46, Laurent Vivier <laurent@vivier.eu> wrote:
> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
> ---
>  scripts/lxc-cross-debian | 353 +++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 353 insertions(+)
>  create mode 100755 scripts/lxc-cross-debian
>
> diff --git a/scripts/lxc-cross-debian b/scripts/lxc-cross-debian
> new file mode 100755
> index 0000000..aded1d3
> --- /dev/null
> +++ b/scripts/lxc-cross-debian
> @@ -0,0 +1,353 @@
> +#!/bin/bash
> +#
> +# Some parts from lxc-debian, Daniel Lezcano <daniel.lezcano@free.fr>
> +#
> +# Copy this script to /usr/share/lxc/templates
> +#
> +# and use it with
> +# lxc-create -t cross-debian -n xxxx  -- --arch xxx --interpreter-path /a/b/c/qemu-xxx
> +#

I'm afraid I don't know enough about lxc to be able
to review this, or even to say whether it makes sense
for it to be in the QEMU git tree. (It needs a
copyright/license header if it does go in, though.)

-- PMM

Re: [Qemu-devel] [PATCH 5/6] linux-user: add support of binfmt_misc 'O' flag

[Laurent Vivier]

Le 06/09/2013 18:17, Peter Maydell a écrit :
> On 30 August 2013 00:46, Laurent Vivier <laurent@vivier.eu> wrote:
>> The binfmt_misc module can calculate the credentials and security
>> token according to the binary instead of to the interpreter if the
>> 'C' flag is enabled.
>>
>> To be able to execute non-readable binaries, this flag implies 'O'
>> flag. When 'O' flag is enabled, bintfmt_misc opens the file for
>> reading and pass the file descriptor to the interpreter.
>>
>> References:
>> linux/Documentation/binfmt_misc.txt          ['O' and 'C' description]
>> linux/fs/binfmt_misc.c linux/fs/binfmt_elf.c [ AT_EXECFD usage ]
>> +static int get_execfd(char **envp)
>> +{
>> +    typedef struct {
>> +        long a_type;
>> +        long a_val;
>> +    } auxv_t;
>> +    auxv_t *auxv;
>> +
>> +    while (*envp++ != NULL) {
>> +        ;
>> +    }
>> +
>> +    for (auxv = (auxv_t *)envp; auxv->a_type != AT_NULL; auxv++) {
>> +        if (auxv->a_type == AT_EXECFD) {
>> +            return auxv->a_val;
>> +        }
>> +    }
>> +    return -1;
>> +}
> This looks OK in principle, but this is going to clash
> with RTH's auxval related patchset
> http://patchwork.ozlabs.org/patch/268006/
>
> so some coordination might be a good idea.
Yes, thank you to point this out.

What is the state of this patches series ?

Richard, could you add this as patch #7 ?
I think replacing "get_execfd(envp)" by "qemu_getauxval(AT_EXECFD)" 
should be enough.
Do you want I manage this ?

Regards,
Laurent

Re: [Qemu-devel] [PATCH 6/6] scripts: create a template to use with lxc-create

[Laurent Vivier]

Le 06/09/2013 18:33, Peter Maydell a écrit :
> On 30 August 2013 00:46, Laurent Vivier <laurent@vivier.eu> wrote:
>> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
>> ---
>>   scripts/lxc-cross-debian | 353 +++++++++++++++++++++++++++++++++++++++++++++++
>>   1 file changed, 353 insertions(+)
>>   create mode 100755 scripts/lxc-cross-debian
>>
>> diff --git a/scripts/lxc-cross-debian b/scripts/lxc-cross-debian
>> new file mode 100755
>> index 0000000..aded1d3
>> --- /dev/null
>> +++ b/scripts/lxc-cross-debian
>> @@ -0,0 +1,353 @@
>> +#!/bin/bash
>> +#
>> +# Some parts from lxc-debian, Daniel Lezcano <daniel.lezcano@free.fr>
>> +#
>> +# Copy this script to /usr/share/lxc/templates
>> +#
>> +# and use it with
>> +# lxc-create -t cross-debian -n xxxx  -- --arch xxx --interpreter-path /a/b/c/qemu-xxx
>> +#
> I'm afraid I don't know enough about lxc to be able
> to review this, or even to say whether it makes sense
> for it to be in the QEMU git tree. (It needs a
> copyright/license header if it does go in, though.)
Yes, you should be right. I'm going to try to push this into lxc project.

Thank you for your comments.

Regards,
Laurent