1. lxc-checkconfig
下载lxc 2.1源码,gcc-linaro-4.9-2014.11-x86_64_arm-linux-gnueabihf 编译,将编译生成的lxc拷贝到开发板上执行 lxc-checkconfig,报告大量的错误。
root@maya:~# lxc-checkconfig
--- Namespaces ---
Namespaces: required
Utsname namespace: missing
Ipc namespace: required
Pid namespace: required
User namespace: missing
Network namespace: missing
Multiple /dev/pts instances: missing
--- Control groups ---
Cgroups: enabled
Cgroup v1 mount points:
Cgroup v2 mount points:
Cgroup v1 systemd controller: missing
Cgroup v1 freezer controller: missing
Cgroup namespace: required
Cgroup device: missing
Cgroup sched: missing
Cgroup cpu account: missing
Cgroup memory controller: missing
Cgroup cpuset: missing
--- Misc ---
Veth pair device: missing
Macvlan: missing
Vlan: enabled, not loaded
Bridges: missing
Advanced netfilter: missing
CONFIG_NF_NAT_IPV4: missing
CONFIG_NF_NAT_IPV6: missing
CONFIG_IP_NF_TARGET_MASQUERADE: missing
CONFIG_IP6_NF_TARGET_MASQUERADE: missing
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: missing
CONFIG_NETFILTER_XT_MATCH_COMMENT: missing
FUSE (for use with lxcfs): enabled, not loaded
--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: missing
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: missing
CONFIG_NETLINK_DIAG: missing
File capabilities:
Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /home/root/lxc/bin/lxc-checkconfig
别担心,你的开发板上的内核可能已经支持LXC了,这是因为找不到CONFIG=/path/to/config说明内核编译选项文件才报告的错误。那么,这个配置文件在哪儿呢?
内核编译选项文件
在CentOS 7中运行lxc-checkconfig,有如下输出:
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.10.0-957.10.1.el7.x86_64
在开发板上,检查/proc目录,发现有config.gz这个文件,拷贝到temp目录解压,然后运行lxc-checkconfig
root@maya:~/temp# gzip -d config.gz
root@maya:~/temp# CONFIG=./config lxc-checkconfig
--- Namespaces ---
Namespaces: required
Utsname namespace: missing
Ipc namespace: required
Pid namespace: required
User namespace: missing
Network namespace: missing
Multiple /dev/pts instances: missing
...
报告的错误与前面的一样,打开config文件,确实有定义CONFIG_EVENTFD等选项,没有定义CONFIG_NF_NAT_IPV4等选项。
那么,LXC到底与哪些内核的编译选项有关呢?
2. 源代码中的lxc-checkconfig
打开源代码中的src/lxc/tools/目录,有如下几个lxc-checkconfig文件
lxc-checkconfig
lxc-checkconfig.in
lxc_checkconfig.c
打开lxc_checkconfig.c文件,调用的是liblxc.so的API,没有发现与编译选项相关的内容。那么,搜索源代码目录
find . -type f -iregex '.*\.\(c|cpp|h|hpp\)' -print0 | xargs -0 grep --color -H -n Utsname
仍然没有发现与编译选项相关的内容。
什么鬼?
grep -n Utsname lxc-checkconfig
99:echo -n "Utsname namespace: " && is_enabled CONFIG_UTS_NS
呵呵,原来是lxc-checkconfig这个脚本做的啊!但是,编译之后,ELF命令lxc-checkconfig所在目录没有lxc-checkconfig这个脚本啊?!
strings lxc-checkconfig
...
echo "--- Namespaces ---"
echo -n "Namespaces: " && is_enabled CONFIG_NAMESPACES yes
echo
echo -n "Utsname namespace: " && is_enabled CONFIG_UTS_NS
echo
echo -n "Ipc namespace: " && is_enabled CONFIG_IPC_NS yes
echo
echo -n "Pid namespace: " && is_enabled CONFIG_PID_NS yes
echo
echo -n "User namespace: " && is_enabled CONFIG_USER_NS
echo
原来,编译的时候,打包进ELF命令lxc-checkconfig中了。
3. LXC相关的内核编译选项
现在找LXC相关的内核编译选项就简单了,如下
[root@maya]# grep "echo -n" lxc-checkconfig
$SETCOLOR_SUCCESS && echo -n "enabled" && $SETCOLOR_NORMAL
$SETCOLOR_FAILURE && echo -n "required" && $SETCOLOR_NORMAL
$SETCOLOR_WARNING && echo -n "missing" && $SETCOLOR_NORMAL
echo -n ", loaded"
echo -n ", not loaded"
echo -n "Namespaces: " && is_enabled CONFIG_NAMESPACES yes
echo -n "Utsname namespace: " && is_enabled CONFIG_UTS_NS
echo -n "Ipc namespace: " && is_enabled CONFIG_IPC_NS yes
echo -n "Pid namespace: " && is_enabled CONFIG_PID_NS yes
echo -n "User namespace: " && is_enabled CONFIG_USER_NS
echo -n "Network namespace: " && is_enabled CONFIG_NET_NS
echo -n "Multiple /dev/pts instances: " && is_enabled DEVPTS_MULTIPLE_INSTANCES
echo -n "Cgroups: " && is_enabled CONFIG_CGROUPS
echo -n "Cgroup v1 systemd controller: "
$SETCOLOR_FAILURE && echo -n "missing" && $SETCOLOR_NORMAL
echo -n "Cgroup v1 freezer controller: "
$SETCOLOR_FAILURE && echo -n "missing" && $SETCOLOR_NORMAL
echo -n "Cgroup v1 clone_children flag: " &&
echo -n "Cgroup namespace: " && is_enabled CONFIG_CGROUP_NS yes
echo -n "Cgroup device: " && is_enabled CONFIG_CGROUP_DEVICE
echo -n "Cgroup sched: " && is_enabled CONFIG_CGROUP_SCHED
echo -n "Cgroup cpu account: " && is_enabled CONFIG_CGROUP_CPUACCT
echo -n "Cgroup memory controller: "
is_set CONFIG_SMP && echo -n "Cgroup cpuset: " && is_enabled CONFIG_CPUSETS && echo
echo -n "Veth pair device: " && is_enabled CONFIG_VETH && is_probed veth
echo -n "Macvlan: " && is_enabled CONFIG_MACVLAN && is_probed macvlan
echo -n "Vlan: " && is_enabled CONFIG_VLAN_8021Q && is_probed 8021q
echo -n "Bridges: " && is_enabled CONFIG_BRIDGE && is_probed bridge
echo -n "Advanced netfilter: " && is_enabled CONFIG_NETFILTER_ADVANCED && is_probed nf_tables
echo -n "CONFIG_NF_NAT_IPV4: " && is_enabled CONFIG_NF_NAT_IPV4 && is_probed nf_nat_ipv4
echo -n "CONFIG_NF_NAT_IPV6: " && is_enabled CONFIG_NF_NAT_IPV6 && is_probed nf_nat_ipv6
echo -n "CONFIG_IP_NF_TARGET_MASQUERADE: " && is_enabled CONFIG_IP_NF_TARGET_MASQUERADE && is_probed nf_nat_masquerade_ipv4
echo -n "CONFIG_IP6_NF_TARGET_MASQUERADE: " && is_enabled CONFIG_IP6_NF_TARGET_MASQUERADE && is_probed nf_nat_masquerade_ipv6
echo -n "CONFIG_NETFILTER_XT_TARGET_CHECKSUM: " && is_enabled CONFIG_NETFILTER_XT_TARGET_CHECKSUM && is_probed xt_CHECKSUM
echo -n "CONFIG_NETFILTER_XT_MATCH_COMMENT: " && is_enabled CONFIG_NETFILTER_XT_MATCH_COMMENT && is_probed xt_comment
echo -n "FUSE (for use with lxcfs): " && is_enabled CONFIG_FUSE_FS && is_probed fuse
echo -n "checkpoint restore: " && is_enabled CONFIG_CHECKPOINT_RESTORE
echo -n "CONFIG_FHANDLE: " && is_enabled CONFIG_FHANDLE
echo -n "CONFIG_EVENTFD: " && is_enabled CONFIG_EVENTFD
echo -n "CONFIG_EPOLL: " && is_enabled CONFIG_EPOLL
echo -n "CONFIG_UNIX_DIAG: " && is_enabled CONFIG_UNIX_DIAG
echo -n "CONFIG_INET_DIAG: " && is_enabled CONFIG_INET_DIAG
echo -n "CONFIG_PACKET_DIAG: " && is_enabled CONFIG_PACKET_DIAG
echo -n "CONFIG_NETLINK_DIAG: " && is_enabled CONFIG_NETLINK_DIAG
echo -n "File capabilities: " && \
如果遗漏,查找lxc-checkconfig脚本好了。