From 71df311bb203a68ab1237bf0cb4f8b75cf541201 Mon Sep 17 00:00:00 2001 From: Douglas Schilling Landgraf Date: Wed, 2 Oct 2024 22:50:49 -0400 Subject: [PATCH] qm subpackage - qm_mount_bind_tty7 /dev/tty7 is typically the virtual terminal associated with the graphical user interface (GUI) on Linux systems. It is where the X server or the Wayland display server usually runs, handling the graphical display, input, and windowing environment. When you start a graphical session (such as GNOME, KDE, etc.), it usually runs on this virtual console. This patch mount bind /dev/tty7 to QM container and also to the nested containers. Just run: make qm_dropin_mount_bind_tty7 Signed-off-by: Douglas Schilling Landgraf --- .gitignore | 3 +- Makefile | 30 ++++++----- .../qm_dropin_mount_bind_tty7.conf | 12 +++++ rpm/.gitignore | 1 + rpm/qm.spec | 52 ++++++++++++++++++- 5 files changed, 84 insertions(+), 14 deletions(-) create mode 100644 etc/qm/containers/containers.conf.d/qm_dropin_mount_bind_tty7.conf create mode 100644 rpm/.gitignore diff --git a/.gitignore b/.gitignore index 9c011cdb..208c5fc6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,8 @@ /*.tar.gz +rpmbuild/ tmp qm.pp.bz2 *~ qm_file_contexts *.8 -tests/e2e/ContainerFile.template \ No newline at end of file +tests/e2e/ContainerFile.template diff --git a/Makefile b/Makefile index e51c0d17..deebd357 100644 --- a/Makefile +++ b/Makefile @@ -14,11 +14,11 @@ VERSION ?= $(shell cat VERSION) .PHONY: help help: @echo "Available targets:" - @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' + @grep -E '^[a-zA-Z0-9_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' @grep -E '^##@ .*$$' $(MAKEFILE_LIST) | sed 's/##@/\n\033[1;32m/' | sed 's/$$/\033[0m/' .PHONY: file_contexts -file_contexts: qm.fc ## - Generates the qm_file_contexts +file_contexts: qm.fc ## - Generates the qm_file_contexts sed \ -e "s|${QMDIR}/rootfs||" \ -e "s/gen_context(//g" \ @@ -28,7 +28,7 @@ file_contexts: qm.fc ## - Generates the qm_file_contexts all: selinux file_contexts man .PHONY: selinux -selinux: qm.pp ## - Compresses the QM SELinux policy file (qm.pp) +selinux: qm.pp ## - Compresses the QM SELinux policy file (qm.pp) @echo Compressing $^ -\> $@ bzip2 -f -9 $^ @@ -41,47 +41,53 @@ selinux: qm.pp ## - Compresses the QM SELinux policy file (qm.pp) cp tmp/qm.pp .; rm -rf tmp .PHONY: codespell -codespell: ## - Runs codespell to check for spelling errors +codespell: ## - Runs codespell to check for spelling errors @codespell -S tmp,.git -L te -w -clean: ## - Removes generated files and dirs +clean: ## - Removes generated files and dirs rm -f *~ *.tc *.pp *.pp.bz2 rm -rf tmp *.tar.gz ${RPM_TOPDIR} -man: qm.8.md ## - Generates the QM man page +man: qm.8.md ## - Generates the QM man page go-md2man --in qm.8.md --out qm.8 .PHONY: dist -dist: ## - Creates the QM distribution package +dist: ## - Creates the QM distribution package tar cvz --transform s/qm/qm-${VERSION}/ -f /tmp/v${VERSION}.tar.gz ../qm mv /tmp/v${VERSION}.tar.gz ./rpm .PHONY: rpm -rpm: clean dist ## - Creates a local RPM package, useful for development +rpm: clean dist ## - Creates a local RPM package, useful for development mkdir -p ${RPM_TOPDIR}/{RPMS,SRPMS,BUILD,SOURCES} cp ./rpm/v${VERSION}.tar.gz ${RPM_TOPDIR}/SOURCES rpmbuild -ba \ --define="enable_qm_dropin_img_tempdir 0" \ + --define="enable_qm_mount_bind_tty7 0" \ --define="_topdir ${RPM_TOPDIR}" \ --define="version ${VERSION}" \ ${SPECFILE} # ostree target is a helper for everything required for ostree .PHONY: ostree -ostree: qm_dropin_img_tempdir ## - A helper for creating QM packages for ostree based distros +ostree: qm_dropin_img_tempdir ## - A helper for creating QM packages for ostree based distros .PHONY: qm_dropin_img_tempdir -qm_dropin_img_tempdir: ## - Creates a QM RPM sub-package qm_dropin_img_tempdir +qm_dropin_img_tempdir: ## - Creates a QM RPM sub-package qm_dropin_img_tempdir sed -i 's/%define enable_qm_dropin_img_tempdir 0/%define enable_qm_dropin_img_tempdir 1/' ${SPECFILE} sed -i 's/^Version:.*/Version: ${VERSION}/' ${SPECFILE} make VERSION=${VERSION} rpm +.PHONY: qm_dropin_mount_bind_tty7 +qm_dropin_mount_bind_tty7: ## - Creates a QM RPM sub-package to mount bind /dev/tty7 in the nested containers + sed -i 's/%define enable_qm_mount_bind_tty7 0/%define enable_qm_mount_bind_tty7 1/' ${SPECFILE} + sed -i 's/^Version:.*/Version: ${VERSION}/' ${SPECFILE} + make VERSION=${VERSION} rpm -install-policy: all ## - Install selinux policies only +install-policy: all ## - Install selinux policies only semodule -i ${TARGETS}.pp.bz2 sepolicy manpage --path . --domain ${TARGETS}_t -install: man all ## - Install QM files (including selinux) +install: man all ## - Install QM files (including selinux) install -D -pm 644 ${TARGETS}.pp.bz2 ${DESTDIR}${DATADIR}/selinux/packages/qm.pp.bz2 install -D -pm 644 qm.if ${DESTDIR}${DATADIR}/selinux/devel/include/services/qm.if install -D -pm 644 qm_selinux.8 ${DESTDIR}${DATADIR}/man/man8/qm_selinux.8 diff --git a/etc/qm/containers/containers.conf.d/qm_dropin_mount_bind_tty7.conf b/etc/qm/containers/containers.conf.d/qm_dropin_mount_bind_tty7.conf new file mode 100644 index 00000000..36de116f --- /dev/null +++ b/etc/qm/containers/containers.conf.d/qm_dropin_mount_bind_tty7.conf @@ -0,0 +1,12 @@ +# Drop-in configuration for Podman to mount bind /dev/tty7 from host to container +# +# /dev/tty7 is typically the virtual terminal associated +# with the graphical user interface (GUI) on Linux systems. +# It is where the X server or the Wayland display server usually runs, +# handling the graphical display, input, and windowing environment. +# When you start a graphical session (such as GNOME, KDE, etc.), +# it usually runs on this virtual console. +[containers] +devices = [ + "/dev/tty7:/dev/tty7" +] diff --git a/rpm/.gitignore b/rpm/.gitignore new file mode 100644 index 00000000..8999a8b0 --- /dev/null +++ b/rpm/.gitignore @@ -0,0 +1 @@ +v*.tar.gz diff --git a/rpm/qm.spec b/rpm/qm.spec index 2de7e440..62f2d2cd 100644 --- a/rpm/qm.spec +++ b/rpm/qm.spec @@ -2,8 +2,25 @@ # Define the feature flag: 1 to enable, 0 to disable # By default it's disabled: 0 + +########################################### +# subpackage QM - img_tempdir # +########################################### +# use img temp dir as /var/tmp %define enable_qm_dropin_img_tempdir 0 +########################################### +# subpackage QM - mount bind /dev/tty7 # +########################################### +# mount bind /dev/tty7 from host to nested containers as /dev/tty7:rw +# Please note: /dev/tty7 is typically the virtual terminal associated +# with the graphical user interface (GUI) on Linux systems. +# It is where the X server or the Wayland display server usually runs, +# handling the graphical display, input, and windowing environment. +# When you start a graphical session (such as GNOME, KDE, etc.), +# it usually runs on this virtual console. +%define enable_qm_mount_bind_tty7 0 + # Some bits borrowed from the openstack-selinux package %global selinuxtype targeted %global moduletype services @@ -94,12 +111,27 @@ sed -i 's/^install: man all/install:/' Makefile %install # Create the directory for drop-in configurations +install -d %{buildroot}%{_sysconfdir}/containers/containers.conf.d install -d %{buildroot}%{_sysconfdir}/qm/containers/containers.conf.d +# START - qm dropin sub-package - img tempdir %if %{enable_qm_dropin_img_tempdir} install -m 644 %{_builddir}/qm-%{version}/etc/qm/containers/containers.conf.d/qm_dropin_img_tempdir.conf \ %{buildroot}%{_sysconfdir}/qm/containers/containers.conf.d/qm_dropin_img_tempdir.conf %endif +# END - qm dropin sub-package - img tempdir + +# START - qm dropin sub-package - mount bind /dev/tty7 +%if %{enable_qm_mount_bind_tty7} + # first step - add drop-in file in /etc/containers/containers.d.conf/qm_dropin_mount_bind_tty.conf + # to QM container mount bind /dev/tty7 + install -m 644 %{_builddir}/qm-%{version}/etc/qm/containers/containers.conf.d/qm_dropin_mount_bind_tty7.conf %{buildroot}%{_sysconfdir}/containers/containers.conf.d/qm_dropin_mount_bind_tty7.conf + + # second step - add drop-in file in /etc/qm/containers/containers.d.conf/qm_dropin/mount_bind_tty.conf + # to nested containers in QM env mount bind it in /dev/tty7 + install -m 644 %{_builddir}/qm-%{version}/etc/qm/containers/containers.conf.d/qm_dropin_mount_bind_tty7.conf %{buildroot}%{_sysconfdir}/qm/containers/containers.conf.d/qm_dropin_mount_bind_tty7.conf +%endif +# END - qm dropin sub-package - mount bind /dev/tty7 # install policy modules %_format MODULES $x.pp.bz2 @@ -157,9 +189,10 @@ fi %ghost %dir %{_installscriptdir}/rootfs %ghost %{_installscriptdir}/rootfs/* +# sub-package QM Img TempDir %if %{enable_qm_dropin_img_tempdir} %package -n qm-dropin-img-tempdir -Summary: Drop-in configuration for QM containers +Summary: Drop-in configuration for QM nested containers to img tempdir Requires: %{name} = %{version}-%{release} BuildArch: noarch @@ -172,6 +205,23 @@ additional drop-in configurations. %{_sysconfdir}/qm/containers/containers.conf.d/qm_dropin_img_tempdir.conf %endif +# sub-package QM Mount Bind /dev/tty7 +%if %{enable_qm_mount_bind_tty7} +%package -n qm_mount_bind_tty7 +Summary: Drop-in configuration for QM containers to mount bind /dev/tty7 +Requires: %{name} = %{version}-%{release} +BuildArch: noarch + +%description -n qm_mount_bind_tty7 +This sub-package installs a drop-in configurations for the QM. +It creates the `/etc/qm/containers/containers.conf.d/` directory for adding +additional drop-in configurations. + +%files -n qm_mount_bind_tty7 +%{_sysconfdir}/containers/containers.conf.d/qm_dropin_mount_bind_tty7.conf +%{_sysconfdir}/qm/containers/containers.conf.d/qm_dropin_mount_bind_tty7.conf +%endif + %changelog %if %{defined autochangelog} %autochangelog