Exploring the kernel compilation options of LXC

1. lxc-checkconfig

Download the lxc 2.1 source code, compile gcc-linaro-4.9-2014.11-x86_64_arm-linux-gnueabihf, copy the compiled lxc to the development board and execute lxc-checkconfig, report a lot of errors.

root@maya:~# lxc-checkconfig 
--- Namespaces ---
Namespaces: required
Utsname namespace: missing
Ipc namespace: required
Pid namespace: required
User namespace: missing
Network namespace: missing
Multiple /dev/pts instances: missing

--- Control groups ---
Cgroups: enabled
Cgroup v1 mount points: 
Cgroup v2 mount points: 

Cgroup v1 systemd controller: missing
Cgroup v1 freezer controller: missing
Cgroup namespace: required
Cgroup device: missing
Cgroup sched: missing
Cgroup cpu account: missing
Cgroup memory controller: missing
Cgroup cpuset: missing
--- Misc ---
Veth pair device: missing
Macvlan: missing
Vlan: enabled, not loaded
Bridges: missing
Advanced netfilter: missing
CONFIG_NF_NAT_IPV4: missing
CONFIG_NF_NAT_IPV6: missing
CONFIG_IP_NF_TARGET_MASQUERADE: missing
CONFIG_IP6_NF_TARGET_MASQUERADE: missing
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: missing
CONFIG_NETFILTER_XT_MATCH_COMMENT: missing
FUSE (for use with lxcfs): enabled, not loaded

--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: missing
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: missing
CONFIG_NETLINK_DIAG: missing
File capabilities: 

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /home/root/lxc/bin/lxc-checkconfig

Don't worry, the kernel on your development board may already support LXC. This is an error reported because you cannot find the CONFIG=/path/to/config file indicating the kernel compilation options. So, where is this configuration file?

Kernel compilation option file

Run lxc-checkconfig in CentOS 7, the output is as follows:

Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.10.0-957.10.1.el7.x86_64

On the development board, check the /proc directory and find the file config.gz, copy it to the temp directory and decompress it, and then run lxc-checkconfig

root@maya:~/temp# gzip -d config.gz
root@maya:~/temp# CONFIG=./config lxc-checkconfig 
--- Namespaces ---
Namespaces: required
Utsname namespace: missing
Ipc namespace: required
Pid namespace: required
User namespace: missing
Network namespace: missing
Multiple /dev/pts instances: missing
...

The reported error is the same as the previous one. When you open the config file, there are indeed options such as CONFIG_EVENTFD but not options such as CONFIG_NF_NAT_IPV4.

So, which kernel compilation options are LXC related to?

2. lxc-checkconfig in the source code

Open the src/lxc/tools/ directory in the source code, there are several lxc-checkconfig files as follows

lxc-checkconfig
lxc-checkconfig.in
lxc_checkconfig.c

Open the lxc_checkconfig.c file, call the API of liblxc.so, and find no content related to the compilation options. So, search the source code directory

find . -type f -iregex '.*\.\(c|cpp|h|hpp\)' -print0 | xargs -0 grep --color -H -n Utsname

Still did not find the content related to the compilation options.

What the hell?

grep -n Utsname lxc-checkconfig
99:echo -n "Utsname namespace: " && is_enabled CONFIG_UTS_NS

Haha, it turns out that the script lxc-checkconfig did it! However, after compilation, the directory where the ELF command lxc-checkconfig is located does not have the script lxc-checkconfig? !

strings lxc-checkconfig
...
echo "--- Namespaces ---"
echo -n "Namespaces: " && is_enabled CONFIG_NAMESPACES yes
echo
echo -n "Utsname namespace: " && is_enabled CONFIG_UTS_NS
echo
echo -n "Ipc namespace: " && is_enabled CONFIG_IPC_NS yes
echo
echo -n "Pid namespace: " && is_enabled CONFIG_PID_NS yes
echo
echo -n "User namespace: " && is_enabled CONFIG_USER_NS
echo

It turned out that it was packaged into the ELF command lxc-checkconfig when compiling.

3. LXC related kernel compilation options

Now it’s easy to find LXC-related kernel compilation options, as follows

[root@maya]# grep "echo -n" lxc-checkconfig
        $SETCOLOR_SUCCESS && echo -n "enabled" && $SETCOLOR_NORMAL
            $SETCOLOR_FAILURE && echo -n "required" && $SETCOLOR_NORMAL
            $SETCOLOR_WARNING && echo -n "missing" && $SETCOLOR_NORMAL
        echo -n ", loaded"
        echo -n ", not loaded"
echo -n "Namespaces: " && is_enabled CONFIG_NAMESPACES yes
echo -n "Utsname namespace: " && is_enabled CONFIG_UTS_NS
echo -n "Ipc namespace: " && is_enabled CONFIG_IPC_NS yes
echo -n "Pid namespace: " && is_enabled CONFIG_PID_NS yes
echo -n "User namespace: " && is_enabled CONFIG_USER_NS
echo -n "Network namespace: " && is_enabled CONFIG_NET_NS
        echo -n "Multiple /dev/pts instances: " && is_enabled DEVPTS_MULTIPLE_INSTANCES
echo -n "Cgroups: " && is_enabled CONFIG_CGROUPS
    echo -n "Cgroup v1 systemd controller: "
    $SETCOLOR_FAILURE && echo -n "missing" && $SETCOLOR_NORMAL
    echo -n "Cgroup v1 freezer controller: "
    $SETCOLOR_FAILURE && echo -n "missing" && $SETCOLOR_NORMAL
    echo -n "Cgroup v1 clone_children flag: " &&
    echo -n "Cgroup namespace: " && is_enabled CONFIG_CGROUP_NS yes
echo -n "Cgroup device: " && is_enabled CONFIG_CGROUP_DEVICE
echo -n "Cgroup sched: " && is_enabled CONFIG_CGROUP_SCHED
echo -n "Cgroup cpu account: " && is_enabled CONFIG_CGROUP_CPUACCT
echo -n "Cgroup memory controller: "
is_set CONFIG_SMP && echo -n "Cgroup cpuset: " && is_enabled CONFIG_CPUSETS && echo
echo -n "Veth pair device: " && is_enabled CONFIG_VETH && is_probed veth
echo -n "Macvlan: " && is_enabled CONFIG_MACVLAN && is_probed macvlan
echo -n "Vlan: " && is_enabled CONFIG_VLAN_8021Q && is_probed 8021q
echo -n "Bridges: " && is_enabled CONFIG_BRIDGE && is_probed bridge
echo -n "Advanced netfilter: " && is_enabled CONFIG_NETFILTER_ADVANCED && is_probed nf_tables
echo -n "CONFIG_NF_NAT_IPV4: " && is_enabled CONFIG_NF_NAT_IPV4 && is_probed nf_nat_ipv4
echo -n "CONFIG_NF_NAT_IPV6: " && is_enabled CONFIG_NF_NAT_IPV6 && is_probed nf_nat_ipv6
echo -n "CONFIG_IP_NF_TARGET_MASQUERADE: " && is_enabled CONFIG_IP_NF_TARGET_MASQUERADE && is_probed nf_nat_masquerade_ipv4
echo -n "CONFIG_IP6_NF_TARGET_MASQUERADE: " && is_enabled CONFIG_IP6_NF_TARGET_MASQUERADE && is_probed nf_nat_masquerade_ipv6
echo -n "CONFIG_NETFILTER_XT_TARGET_CHECKSUM: " && is_enabled CONFIG_NETFILTER_XT_TARGET_CHECKSUM && is_probed xt_CHECKSUM
echo -n "CONFIG_NETFILTER_XT_MATCH_COMMENT: " && is_enabled CONFIG_NETFILTER_XT_MATCH_COMMENT && is_probed xt_comment
echo -n "FUSE (for use with lxcfs): " && is_enabled CONFIG_FUSE_FS && is_probed fuse
echo -n "checkpoint restore: " && is_enabled CONFIG_CHECKPOINT_RESTORE
echo -n "CONFIG_FHANDLE: " && is_enabled CONFIG_FHANDLE
echo -n "CONFIG_EVENTFD: " && is_enabled CONFIG_EVENTFD
echo -n "CONFIG_EPOLL: " && is_enabled CONFIG_EPOLL
echo -n "CONFIG_UNIX_DIAG: " && is_enabled CONFIG_UNIX_DIAG
echo -n "CONFIG_INET_DIAG: " && is_enabled CONFIG_INET_DIAG
echo -n "CONFIG_PACKET_DIAG: " && is_enabled CONFIG_PACKET_DIAG
echo -n "CONFIG_NETLINK_DIAG: " && is_enabled CONFIG_NETLINK_DIAG
echo -n "File capabilities: " && \

If it is missing, find the lxc-checkconfig script.