fix: Disable kernel networking in bridge mode (#32)

2024-03-12 01:25:07 +01:00 · 2024-03-12 01:25:07 +01:00 · fbf829e4f2
commit fbf829e4f2
parent c469e1a918
6 changed files with 30 additions and 12 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -96,6 +96,13 @@ jobs:
        uses: action-pack/bump@v2
        with:
          token: ${{ secrets.REPO_ACCESS_TOKEN }}
+      -
+        name: Push to Gitlab mirror
+        uses: action-pack/gitlab-sync@v3
+        with:
+          url: ${{ secrets.GITLAB_URL }}
+          token: ${{ secrets.GITLAB_TOKEN }}
+          username: ${{ secrets.GITLAB_USERNAME }}
      -
        name: Send mail
        uses: action-pack/send-mail@v1
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -4,14 +4,9 @@ services:
    container_name: qemu
    image: qemux/qemu-arm
    environment:
-      RAM_SIZE: "1G"
-      CPU_CORES: "1"
-      DISK_SIZE: "16G"
      BOOT: "https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/aarch64/alpine-virt-3.19.1-aarch64.iso"
    devices:
      - /dev/kvm
-    device_cgroup_rules:
-      - 'c *:* rwm'
    cap_add:
      - NET_ADMIN
    ports:
--- a/readme.md
+++ b/readme.md
@ -150,6 +150,8 @@ docker run -it --rm --name qemu -e "BOOT=http://example.com/image.iso" -p 8006:8
  ```yaml
  environment:
    DHCP: "Y"
+  devices:
+    - /dev/vhost-net
  device_cgroup_rules:
    - 'c *:* rwm'
  ```
--- a/src/display.sh
+++ b/src/display.sh
@ -22,6 +22,9 @@ case "${DISPLAY,,}" in
  ramfb)
    DISPLAY_OPTS="-display vnc=:0,websocket=5700 -device ramfb"
    ;;
+  disabled)
+    DISPLAY_OPTS="-display none -device $VGA"
+    ;;
  none)
    DISPLAY_OPTS="-display none"
    ;;
--- a/src/network.sh
+++ b/src/network.sh
@ -5,6 +5,7 @@ set -Eeuo pipefail

 : "${MAC:=""}"
 : "${DHCP:="N"}"
+: "${NETWORK:="Y"}"
 : "${HOST_PORTS:=""}"

 : "${VM_NET_DEV:=""}"
@ -24,8 +25,14 @@ ADD_ERR="Please add the following setting to your container:"

 configureDHCP() {

-  # Create a macvtap network for the VM guest
+  # Create the necessary file structure for /dev/vhost-net
+  if [ ! -c /dev/vhost-net ]; then
+    if mknod /dev/vhost-net c 10 238; then
+      chmod 660 /dev/vhost-net
+    fi
+  fi

+  # Create a macvtap network for the VM guest
  { ip link add link "$VM_NET_DEV" name "$VM_NET_TAP" address "$VM_NET_MAC" type macvtap mode bridge ; rc=$?; } || :

  if (( rc != 0 )); then
@ -187,8 +194,10 @@ configureNAT() {

  NET_OPTS="-netdev tap,ifname=$VM_NET_TAP,script=no,downscript=no,id=hostnet0"

+  if [ -c /dev/vhost-net ]; then
    { exec 40>>/dev/vhost-net; rc=$?; } 2>/dev/null || :
    (( rc == 0 )) && NET_OPTS="$NET_OPTS,vhost=on,vhostfd=40"
+  fi

  configureDNS

@ -201,6 +210,8 @@ closeNetwork() {
  nginx -s stop 2> /dev/null
  fWait "nginx"

+  [[ "$NETWORK" != [Yy1]* ]] && return 0
+
  exec 30<&- || true
  exec 40<&- || true

@ -271,10 +282,9 @@ getInfo() {
 #  Configure Network
 # ######################################

-if [ ! -c /dev/vhost-net ]; then
-  if mknod /dev/vhost-net c 10 238; then
-    chmod 660 /dev/vhost-net
-  fi
+if [[ "$NETWORK" != [Yy1]* ]]; then
+  NET_OPTS=""
+  return 0
 fi

 getInfo
--- a/src/reset.sh
+++ b/src/reset.sh
@ -18,6 +18,7 @@ echo

 : "${BOOT:=""}"           # URL of the ISO file
 : "${DEBUG:="N"}"         # Disable debugging
+: "${CONSOLE:="N"}"       # Disable console
 : "${MACHINE:="virt"}"      # Machine selection
 : "${ALLOCATE:=""}"       # Preallocate diskspace
 : "${ARGUMENTS:=""}"      # Extra QEMU parameters