Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unprivileged udev #75

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Unprivileged udev #75

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bcbe684
Use nsenter and CAP_NET_ADMIN for udev instead of privileged mode
zb140 Sep 3, 2022
eb7dbb6
fix running udevadm trigger, add a UDEVD_QUIET environment variable
zb140 Oct 12, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 7 additions & 6 deletions compose/headless.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,10 @@ services:
# BASE_APP_IMAGE: ${BUILD_BASE_APP_IMAGE}
runtime: ${DOCKER_RUNTIME}
network_mode: ${UDEVD_NETWORK}
# The xorg container needs to be privileged to have access to all of the devices it requires.
# NOTE: actually, all it _really_ needs is CAP_SYS_TTY_CONFIG plus a
# devices: entry for each required device. Unfortunately, the list of
# required devices will vary based on host and is hard to predict.
privileged: true
volumes:
# Shared with Sunshine in order to get mouse and joypad working
Expand Down Expand Up @@ -60,12 +64,9 @@ services:
# args:
# BASE_IMAGE: ${BUILD_BASE_IMAGE}
# BASE_APP_IMAGE: ${BUILD_BASE_APP_IMAGE}
# # Setting network to host
# # There must be a way to avoid this but I can't figure it out
# # We need to be on the host network in order to get the PF_NETLINK socket
# # You can listen to events even without that socket but Xorg and RetroArch will not pickup the devices
network_mode: host
privileged: true

cap_add:
- NET_ADMIN
volumes:
- udev:/run/udev/

Expand Down
2 changes: 2 additions & 0 deletions images/udevd/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,7 @@ RUN apt-get update -y && \

COPY --chmod=777 scripts/startup.sh /opt/gow/startup.sh

ENV UDEVD_QUIET=false

ARG IMAGE_SOURCE
LABEL org.opencontainers.image.source $IMAGE_SOURCE
15 changes: 12 additions & 3 deletions images/udevd/scripts/startup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,24 @@
#!/bin/bash

set -e

source /opt/gow/bash-lib/utils.sh

function start_udev() {
# mount_dev
if command -v udevd &>/dev/null; then
unshare --net udevd --daemon &> /dev/null
nsenter udevd --daemon &> /dev/null
else
unshare --net /lib/systemd/systemd-udevd --daemon &> /dev/null
nsenter /lib/systemd/systemd-udevd --daemon &> /dev/null
fi
udevadm trigger &> /dev/null
udevadm trigger &> /dev/null || true
}

start_udev

if [ "${UDEVD_QUIET:-false}" = "true" ]; then
# redirect stdout to /dev/null before running udevadm monitor
exec >/dev/null
fi

exec udevadm monitor