[Buildroot] [PATCH v2 0/7] Container - Guest

[Buildroot] [PATCH v2 0/7] Container - Guest

[Francois Perrad]

Buildroot supports some OS-level virtualization tools: Docker, LXC, systemd-nspawn.
These tools are built on an host image.

This series introduces a set of defconfig in order to create a guest image.

After some experiments, packages docker & systemd need some tweaks.

RFC -> v2:
  - refactor with FOO_LINUX_CONFIG_FIXUPS (new in 2020.05)
  - add option BR2_PACKAGE_SYSTEMD_GUEST

Francois Perrad (7):
  configs/guest_*: some new defconfig
  board/guest: documentation and sample files
  package/docker-engine: needs some kernel options
  package/docker-engine: needs more runtime dependencies
  package/systemd: needs kernel options
  package/systemd: add an option BR2_PACKAGE_SYSTEMD_GUEST
  configs/guest_*: use BR2_PACKAGE_SYSTEMD_GUEST

 DEVELOPERS                             |  2 +
 board/guest/Dockerfile                 |  3 ++
 board/guest/readme.txt                 | 53 ++++++++++++++++++++
 configs/guest_arm_a7_defconfig         | 29 +++++++++++
 configs/guest_arm_a9_defconfig         | 31 ++++++++++++
 configs/guest_x86_64_defconfig         | 28 +++++++++++
 package/docker-engine/Config.in        |  1 +
 package/docker-engine/docker-engine.mk | 67 ++++++++++++++++++++++++++
 package/systemd/Config.in              | 14 ++++--
 package/systemd/systemd.mk             | 16 +++++-
 10 files changed, 238 insertions(+), 6 deletions(-)
 create mode 100644 board/guest/Dockerfile
 create mode 100644 board/guest/readme.txt
 create mode 100644 configs/guest_arm_a7_defconfig
 create mode 100644 configs/guest_arm_a9_defconfig
 create mode 100644 configs/guest_x86_64_defconfig

-- 
2.25.1

[Buildroot] [PATCH v2 1/7] configs/guest_*: some new defconfig

[Francois Perrad]

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
---
 DEVELOPERS                     |  1 +
 configs/guest_arm_a7_defconfig | 16 ++++++++++++++++
 configs/guest_arm_a9_defconfig | 18 ++++++++++++++++++
 configs/guest_x86_64_defconfig | 15 +++++++++++++++
 4 files changed, 50 insertions(+)
 create mode 100644 configs/guest_arm_a7_defconfig
 create mode 100644 configs/guest_arm_a9_defconfig
 create mode 100644 configs/guest_x86_64_defconfig

diff --git a/DEVELOPERS b/DEVELOPERS
index 99f47c3a3..e930c011b 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -934,6 +934,7 @@ F:	package/ser2net/
 N:	Francois Perrad <francois.perrad@gadz.org>
 F:	board/olimex/a20_olinuxino
 F:	board/olimex/imx233_olinuxino/
+F:	configs/guest_*
 F:	configs/olimex_a20_olinuxino_*
 F:	configs/olimex_imx233_olinuxino_defconfig
 F:	package/4th/
diff --git a/configs/guest_arm_a7_defconfig b/configs/guest_arm_a7_defconfig
new file mode 100644
index 000000000..efe9a1369
--- /dev/null
+++ b/configs/guest_arm_a7_defconfig
@@ -0,0 +1,16 @@
+# Architecture
+BR2_arm=y
+BR2_cortex_a7=y
+
+# Toolchain
+BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
+BR2_KERNEL_HEADERS_VERSION=y
+BR2_DEFAULT_KERNEL_VERSION="4.15"
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_15=y
+
+# System
+BR2_INIT_SYSTEMD=y
+# BR2_TARGET_GENERIC_GETTY is not set
+
+# Filesystem
+BR2_TARGET_ROOTFS_TAR=y
diff --git a/configs/guest_arm_a9_defconfig b/configs/guest_arm_a9_defconfig
new file mode 100644
index 000000000..02c3d302d
--- /dev/null
+++ b/configs/guest_arm_a9_defconfig
@@ -0,0 +1,18 @@
+# Architecture
+BR2_arm=y
+BR2_cortex_a9=y
+BR2_ARM_ENABLE_NEON=y
+BR2_ARM_ENABLE_VFP=y
+
+# Toolchain
+BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
+BR2_KERNEL_HEADERS_VERSION=y
+BR2_DEFAULT_KERNEL_VERSION="4.15"
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_15=y
+
+# System
+BR2_INIT_SYSTEMD=y
+# BR2_TARGET_GENERIC_GETTY is not set
+
+# Filesystem
+BR2_TARGET_ROOTFS_TAR=y
diff --git a/configs/guest_x86_64_defconfig b/configs/guest_x86_64_defconfig
new file mode 100644
index 000000000..42d1d659a
--- /dev/null
+++ b/configs/guest_x86_64_defconfig
@@ -0,0 +1,15 @@
+# Architecture
+BR2_x86_64=y
+
+# Toolchain
+BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
+BR2_KERNEL_HEADERS_VERSION=y
+BR2_DEFAULT_KERNEL_VERSION="4.15"
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_15=y
+
+# System
+BR2_INIT_SYSTEMD=y
+# BR2_TARGET_GENERIC_GETTY is not set
+
+# Filesystem
+BR2_TARGET_ROOTFS_TAR=y
-- 
2.25.1

[Buildroot] [PATCH v2 2/7] board/guest: documentation and sample files

[Francois Perrad]

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
---
 DEVELOPERS             |  1 +
 board/guest/Dockerfile |  3 +++
 board/guest/readme.txt | 53 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 57 insertions(+)
 create mode 100644 board/guest/Dockerfile
 create mode 100644 board/guest/readme.txt

diff --git a/DEVELOPERS b/DEVELOPERS
index e930c011b..a9cff405c 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -932,6 +932,7 @@ N:	Francisco Gonzalez <gzmorell@gmail.com>
 F:	package/ser2net/
 
 N:	Francois Perrad <francois.perrad@gadz.org>
+F:	board/guest/
 F:	board/olimex/a20_olinuxino
 F:	board/olimex/imx233_olinuxino/
 F:	configs/guest_*
diff --git a/board/guest/Dockerfile b/board/guest/Dockerfile
new file mode 100644
index 000000000..712a134c9
--- /dev/null
+++ b/board/guest/Dockerfile
@@ -0,0 +1,3 @@
+FROM scratch
+ADD rootfs.tar /
+CMD ["/bin/ash"]
diff --git a/board/guest/readme.txt b/board/guest/readme.txt
new file mode 100644
index 000000000..40664dc99
--- /dev/null
+++ b/board/guest/readme.txt
@@ -0,0 +1,53 @@
+Container - Guest
+
+Intro
+=====
+
+Buildroot supports some OS-level virtualization tools: Docker, LXC, systemd-nspawn.
+These tools are built on an host image.
+
+A container could be created from a rootfs (guest image) built by Buildroot with a guest_*_defconfig
+
+The following defconfig are available:
+    - guest_arm_a7_defconfig
+    - guest_arm_a9_defconfig
+    - guest_x86_64_defconfig
+
+The artifact produced by these defconfig is the file output/images/rootfs.tar.
+The guest has no bootloader, no kernel.
+
+How to with Docker
+==================
+
+A Docker image could created with a Dockerfile and few commands are needed:
+
+    # dockerd &
+
+    $ cat Dockerfile
+    FROM scratch
+    ADD rootfs.tar /
+    CMD ["/bin/ash"]
+    $ docker build --tag br:guest .
+    $ docker images
+    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+    br                  guest               0c54c85a3452        42 seconds ago      1.75MB
+
+The Docker image could be exported and imported with the commands `docker save` and `docker load`.
+
+And the Docker image could be launched:
+
+    $ docker run -it br:guest
+        / # ls -l /bin/sh
+        lrwxrwxrwx    1 root     root             7 Mar 11 15:46 /bin/sh -> busybox
+        / # exit
+
+How to with systemd-nspawn
+==========================
+
+Extract rootfs.tar in a directory container.
+
+    # systemd-nspawn -D container
+        # ls -l /bin/sh
+        lrwxrwxrwx    1 1002     1002             7 Mar 11 15:46 /bin/sh -> busybox
+        # exit
+
-- 
2.25.1

[Buildroot] [PATCH v2 3/7] package/docker-engine: needs some kernel options

[Francois Perrad]

according to https://wiki.gentoo.org/wiki/Docker#Kernel

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
---
 package/docker-engine/docker-engine.mk | 67 ++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)

diff --git a/package/docker-engine/docker-engine.mk b/package/docker-engine/docker-engine.mk
index 78f6c1261..41600486c 100644
--- a/package/docker-engine/docker-engine.mk
+++ b/package/docker-engine/docker-engine.mk
@@ -79,4 +79,71 @@ define DOCKER_ENGINE_USERS
 	- - docker -1 * - - - Docker Application Container Framework
 endef
 
+ifeq ($(BR2_PACKAGE_DOCKER_ENGINE_DRIVER_BTRFS),y)
+define DOCKER_ENGINE_DRIVER_BTRFS_LINUX_CONFIG_FIXUPS
+	$(call KCONFIG_ENABLE_OPT,CONFIG_BTRFS_FS)
+endef
+endif
+
+define DOCKER_ENGINE_LINUX_CONFIG_FIXUPS
+	$(call KCONFIG_ENABLE_OPT,CONFIG_POSIX_MQUEUE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_CGROUPS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_MEMCG)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_MEMCG_SWAP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_BLK_CGROUP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_CGROUP_SCHED)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_FAIR_GROUP_SCHED)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_CFS_BANDWIDTH)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_RT_GROUP_SCHED)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_CGROUP_PIDS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_CGROUP_FREEZER)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_CPUSETS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_PROC_PID_CPUSET)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_CGROUP_DEVICE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_CGROUP_CPUACCT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_CGROUP_PERF)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NAMESPACES)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_UTS_NS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IPC_NS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_USER_NS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_PID_NS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NET_NS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_BLOCK)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_BLK_DEV_THROTTLING)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_ADVANCED)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_BRIDGE_NETFILTER)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XTABLES)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_ADDRTYPE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_CONNTRACK)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_IPTABLES)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_FILTER)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_NAT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_TARGET_MASQUERADE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_TARGET_NETMAP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_TARGET_REDIRECT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_BRIDGE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NET_SCHED)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NET_CLS_CGROUP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NET_L3_MASTER_DEV)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_CGROUP_NET_PRIO)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_CGROUP_NETCLASSID)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_MD)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_BLK_DEV_DM)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_MD_THIN_PROVISIONING)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NET_CORE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_DUMMY)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_MACVLAN)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IPVLAN)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_VXLAN)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_VETH)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_OVERLAY_FS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_KEYS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_PERSISTENT_KEYRINGS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_ENCRYPTED_KEYS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_KEY_DH_OPERATIONS)
+	$(DOCKER_ENGINE_DRIVER_BTRFS_LINUX_CONFIG_FIXUPS)
+endef
+
 $(eval $(golang-package))
-- 
2.25.1

[Buildroot] [PATCH v2 4/7] package/docker-engine: needs more runtime dependencies

[Francois Perrad]

fix error:
	failed to start daemon: Devices cgroup isn't mounted

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
---
 package/docker-engine/Config.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/docker-engine/Config.in b/package/docker-engine/Config.in
index 1fd229fcb..64afba30f 100644
--- a/package/docker-engine/Config.in
+++ b/package/docker-engine/Config.in
@@ -5,6 +5,7 @@ config BR2_PACKAGE_DOCKER_ENGINE
 	depends on BR2_TOOLCHAIN_HAS_THREADS
 	depends on !BR2_TOOLCHAIN_USES_UCLIBC # docker-containerd -> runc
 	depends on BR2_USE_MMU # docker-containerd
+	select BR2_PACKAGE_CGROUPFS_MOUNT # runtime dependency
 	select BR2_PACKAGE_DOCKER_CONTAINERD # runtime dependency
 	select BR2_PACKAGE_DOCKER_PROXY # runtime dependency
 	select BR2_PACKAGE_IPTABLES # runtime dependency
-- 
2.25.1

[Buildroot] [PATCH v2 5/7] package/systemd: needs kernel options

[Francois Perrad]

according to https://wiki.gentoo.org/wiki/Systemd#Kernel

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
---
 package/systemd/systemd.mk | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index 92de54072..c34671071 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -568,8 +568,16 @@ SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV)
 
 define SYSTEMD_LINUX_CONFIG_FIXUPS
 	$(call KCONFIG_ENABLE_OPT,CONFIG_CGROUPS)
-	$(call KCONFIG_ENABLE_OPT,CONFIG_INOTIFY_USER)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_CGROUP_BPF)
 	$(call KCONFIG_ENABLE_OPT,CONFIG_FHANDLE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_EPOLL)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_SIGNALFD)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_TIMERFD)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_BPF_SYSCALL)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_DEVTMPFS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_INOTIFY_USER)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_PROC_FS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_SYSFS)
 	$(call KCONFIG_ENABLE_OPT,CONFIG_AUTOFS4_FS)
 	$(call KCONFIG_ENABLE_OPT,CONFIG_TMPFS_POSIX_ACL)
 	$(call KCONFIG_ENABLE_OPT,CONFIG_TMPFS_XATTR)
-- 
2.25.1

[Buildroot] [PATCH v2 6/7] package/systemd: add an option BR2_PACKAGE_SYSTEMD_GUEST

[Francois Perrad]

this option allows a systemd tailored for a guest/container

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
---
 package/systemd/Config.in  | 14 ++++++++++----
 package/systemd/systemd.mk |  6 +++++-
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/package/systemd/Config.in b/package/systemd/Config.in
index dd3b8c534..a8595dce8 100644
--- a/package/systemd/Config.in
+++ b/package/systemd/Config.in
@@ -35,10 +35,10 @@ menuconfig BR2_PACKAGE_SYSTEMD
 	select BR2_PACKAGE_UTIL_LINUX_MOUNT
 	select BR2_PACKAGE_UTIL_LINUX_NOLOGIN
 	select BR2_PACKAGE_UTIL_LINUX_FSCK
-	select BR2_PACKAGE_KMOD
-	select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS # kmod-tools
-	select BR2_PACKAGE_KMOD_TOOLS
-	select BR2_TARGET_TZ_INFO
+	select BR2_PACKAGE_KMOD if !BR2_PACKAGE_SYSTEMD_GUEST
+	select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS if !BR2_PACKAGE_SYSTEMD_GUEST # kmod-tools
+	select BR2_PACKAGE_KMOD_TOOLS if !BR2_PACKAGE_SYSTEMD_GUEST
+	select BR2_TARGET_TZ_INFO if !BR2_PACKAGE_SYSTEMD_GUEST
 	select BR2_NEEDS_HOST_UTF8_LOCALE
 	select BR2_PACKAGE_HOST_SYSTEMD # for systemctl preset-all, during target-finalize
 	help
@@ -90,6 +90,12 @@ if BR2_PACKAGE_SYSTEMD
 config BR2_PACKAGE_PROVIDES_UDEV
 	default "systemd"
 
+config BR2_PACKAGE_SYSTEMD_GUEST
+	bool "systemd-guest"
+	default n
+	help
+	  this option allows a systemd tailored for a guest/container.
+
 config BR2_PACKAGE_SYSTEMD_BOOT
 	bool "systemd-boot"
 	depends on BR2_i386 || BR2_x86_64
diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index c34671071..87b1824de 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -13,11 +13,15 @@ SYSTEMD_DEPENDENCIES = \
 	$(BR2_COREUTILS_HOST_DEPENDENCY) \
 	$(if $(BR2_PACKAGE_BASH_COMPLETION),bash-completion) \
 	host-gperf \
-	kmod \
 	libcap \
 	util-linux \
 	$(TARGET_NLS_DEPENDENCIES)
 
+ifneq ($(BR2_PACKAGE_SYSTEMD_GUEST),y)
+	SYSTEMD_DEPENDENCIES += kmod
+endif
+
+
 SYSTEMD_PROVIDES = udev
 
 SYSTEMD_CONF_OPTS += \
-- 
2.25.1

[Buildroot] [PATCH v2 7/7] configs/guest_*: use BR2_PACKAGE_SYSTEMD_GUEST

[Francois Perrad]

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
---
 configs/guest_arm_a7_defconfig | 13 +++++++++++++
 configs/guest_arm_a9_defconfig | 13 +++++++++++++
 configs/guest_x86_64_defconfig | 13 +++++++++++++
 3 files changed, 39 insertions(+)

diff --git a/configs/guest_arm_a7_defconfig b/configs/guest_arm_a7_defconfig
index efe9a1369..2a9081edf 100644
--- a/configs/guest_arm_a7_defconfig
+++ b/configs/guest_arm_a7_defconfig
@@ -11,6 +11,19 @@ BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_15=y
 # System
 BR2_INIT_SYSTEMD=y
 # BR2_TARGET_GENERIC_GETTY is not set
+# BR2_TARGET_TZ_INFO is not set
 
 # Filesystem
 BR2_TARGET_ROOTFS_TAR=y
+
+# Packages
+# BR2_PACKAGE_BUSYBOX_SHOW_OTHERS is not set
+# BR2_PACKAGE_KMOD is not set
+BR2_PACKAGE_SYSTEMD_GUEST=y
+# BR2_PACKAGE_SYSTEMD_PSTORE is not set
+# BR2_PACKAGE_SYSTEMD_HOSTNAMED is not set
+# BR2_PACKAGE_SYSTEMD_HWDB is not set
+# BR2_PACKAGE_SYSTEMD_MYHOSTNAME is not set
+# BR2_PACKAGE_SYSTEMD_NETWORKD is not set
+# BR2_PACKAGE_SYSTEMD_TIMEDATED is not set
+# BR2_PACKAGE_SYSTEMD_TIMESYNCD is not set
diff --git a/configs/guest_arm_a9_defconfig b/configs/guest_arm_a9_defconfig
index 02c3d302d..2d19a31cd 100644
--- a/configs/guest_arm_a9_defconfig
+++ b/configs/guest_arm_a9_defconfig
@@ -13,6 +13,19 @@ BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_15=y
 # System
 BR2_INIT_SYSTEMD=y
 # BR2_TARGET_GENERIC_GETTY is not set
+# BR2_TARGET_TZ_INFO is not set
 
 # Filesystem
 BR2_TARGET_ROOTFS_TAR=y
+
+# Packages
+# BR2_PACKAGE_BUSYBOX_SHOW_OTHERS is not set
+# BR2_PACKAGE_KMOD is not set
+BR2_PACKAGE_SYSTEMD_GUEST=y
+# BR2_PACKAGE_SYSTEMD_PSTORE is not set
+# BR2_PACKAGE_SYSTEMD_HOSTNAMED is not set
+# BR2_PACKAGE_SYSTEMD_HWDB is not set
+# BR2_PACKAGE_SYSTEMD_MYHOSTNAME is not set
+# BR2_PACKAGE_SYSTEMD_NETWORKD is not set
+# BR2_PACKAGE_SYSTEMD_TIMEDATED is not set
+# BR2_PACKAGE_SYSTEMD_TIMESYNCD is not set
diff --git a/configs/guest_x86_64_defconfig b/configs/guest_x86_64_defconfig
index 42d1d659a..4e19d23e5 100644
--- a/configs/guest_x86_64_defconfig
+++ b/configs/guest_x86_64_defconfig
@@ -10,6 +10,19 @@ BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_15=y
 # System
 BR2_INIT_SYSTEMD=y
 # BR2_TARGET_GENERIC_GETTY is not set
+# BR2_TARGET_TZ_INFO is not set
 
 # Filesystem
 BR2_TARGET_ROOTFS_TAR=y
+
+# Packages
+# BR2_PACKAGE_BUSYBOX_SHOW_OTHERS is not set
+# BR2_PACKAGE_KMOD is not set
+BR2_PACKAGE_SYSTEMD_GUEST=y
+# BR2_PACKAGE_SYSTEMD_PSTORE is not set
+# BR2_PACKAGE_SYSTEMD_HOSTNAMED is not set
+# BR2_PACKAGE_SYSTEMD_HWDB is not set
+# BR2_PACKAGE_SYSTEMD_MYHOSTNAME is not set
+# BR2_PACKAGE_SYSTEMD_NETWORKD is not set
+# BR2_PACKAGE_SYSTEMD_TIMEDATED is not set
+# BR2_PACKAGE_SYSTEMD_TIMESYNCD is not set
-- 
2.25.1

[Buildroot] [PATCH v2 6/7] package/systemd: add an option BR2_PACKAGE_SYSTEMD_GUEST

[Christian Stewart]

Hi Francois,

On Sat, May 30, 2020 at 5:48 AM Francois Perrad <fperrad@gmail.com> wrote:
> this option allows a systemd tailored for a guest/container

I don't see any changes other than disabling kmod. Actually, in my
Docker containers I use the systemd feature of loading kernel modules,
with the kernel modules directory mapped in. So I'm not certain that
you want to disable kmod in all circumstances when a guest.

Given that this is the only effect of the flag, I don't think it's
worth adding (too little impact for a new flag).

Best,
Christian

[Buildroot] [PATCH v2 1/7] configs/guest_*: some new defconfig

[Christian Stewart]

Hi Francois,


On Sat, May 30, 2020 at 5:48 AM Francois Perrad <fperrad@gmail.com> wrote:
>  create mode 100644 configs/guest_arm_a7_defconfig
>  create mode 100644 configs/guest_arm_a9_defconfig
>  create mode 100644 configs/guest_x86_64_defconfig
> +++ b/configs/guest_arm_a7_defconfig
> @@ -0,0 +1,16 @@
> +# Architecture
> +BR2_arm=y
> +BR2_cortex_a7=y
> +
> +# Toolchain
> +BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
> +BR2_KERNEL_HEADERS_VERSION=y
> +BR2_DEFAULT_KERNEL_VERSION="4.15"
> +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_15=y
> +
> +# System
> +BR2_INIT_SYSTEMD=y
> +# BR2_TARGET_GENERIC_GETTY is not set
> +
> +# Filesystem
> +BR2_TARGET_ROOTFS_TAR=y

These appear to be basically the default configuration, except TAR is
selected and GETTY is disabled. Is it necessary to add these given
that they don't do much?

Best,
Christian Stewart

[Buildroot] [PATCH v2 2/7] board/guest: documentation and sample files

[Christian Stewart]

Hi Francois,

On Sat, May 30, 2020 at 5:49 AM Francois Perrad <fperrad@gmail.com> wrote:
> +++ b/board/guest/Dockerfile
> @@ -0,0 +1,3 @@
> +FROM scratch
> +ADD rootfs.tar /
> +CMD ["/bin/ash"]

There is a typo here, you put the command as "ash"

Also, this isn't a sufficient Dockerfile. From your other patches I
guess you intend to run systemd in the container.

For reference, see how I do this in Skiff:

https://github.com/paralin/SkiffOS/tree/master/configs/virt/docker

For the Dockerfile:

FROM scratch

ENV container docker
ENV init /lib/systemd/systemd
ENV LC_ALL C

ADD rootfs.tar /

USER root
RUN systemctl set-default multi-user.target && \
    systemctl mask tmp.mount && \
    find /etc/systemd/system \
         /lib/systemd/system \
         \( -path '*.wants/*' \
         -name '*swapon*' \
         -or -name '*ntpd*' \
         -or -name '*resolved*' \
         -or -name '*remount-fs*' \
         -or -name '*getty*' \
         -or -name '*systemd-sysctl*' \
         -or -name '*.mount' \
         -or -name '*remote-fs*' \) \
         -exec echo \{} \; \
         -exec rm \{} \;

COPY fstab /etc/fstab
VOLUME [ "/sys/fs/cgroup" ]
ENTRYPOINT ["/usr/lib/systemd/systemd"]

For running the image you want to have something like this:

docker run -d --name=skiff \
  --privileged \
  --cap-add=NET_ADMIN \
  --security-opt seccomp=unconfined \
  --stop-signal=SIGRTMIN+3 \
  --tmpfs /run \
  --tmpfs /run/lock \
  -t \
  -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
  paralin/skiffos

This works with systemd.

> +
> +How to with Docker
> +==================
> +
> +A Docker image could created with a Dockerfile and few commands are needed:
> +
> +    # dockerd &
> +
> +    $ cat Dockerfile
> +    FROM scratch
> +    ADD rootfs.tar /
> +    CMD ["/bin/ash"]

Typo again with "ash" ?

Best regards,
Christian Stewart

[Buildroot] [PATCH v2 4/7] package/docker-engine: needs more runtime dependencies

[Christian Stewart]

Hi Francois,

On Sat, May 30, 2020 at 5:48 AM Francois Perrad <fperrad@gmail.com> wrote:
>
> fix error:
>         failed to start daemon: Devices cgroup isn't mounted

I don't see this error, and I don't have the cgroupfs-mount enabled.

With systemd, cgroups should be mounted automatically, at least as far
as I know.

> diff --git a/package/docker-engine/Config.in b/package/docker-engine/Config.in
> index 1fd229fcb..64afba30f 100644
> --- a/package/docker-engine/Config.in
> +++ b/package/docker-engine/Config.in
> @@ -5,6 +5,7 @@ config BR2_PACKAGE_DOCKER_ENGINE
>         depends on BR2_TOOLCHAIN_HAS_THREADS
>         depends on !BR2_TOOLCHAIN_USES_UCLIBC # docker-containerd -> runc
>         depends on BR2_USE_MMU # docker-containerd
> +       select BR2_PACKAGE_CGROUPFS_MOUNT # runtime dependency
>         select BR2_PACKAGE_DOCKER_CONTAINERD # runtime dependency
>         select BR2_PACKAGE_DOCKER_PROXY # runtime dependency
>         select BR2_PACKAGE_IPTABLES # runtime dependency

Best regards,
Christian Stewart

[Buildroot] [PATCH v2 6/7] package/systemd: add an option BR2_PACKAGE_SYSTEMD_GUEST

[François Perrad]

Le dim. 7 juin 2020 ? 00:57, Christian Stewart <christian@paral.in> a
?crit :

> Hi Francois,
>
> On Sat, May 30, 2020 at 5:48 AM Francois Perrad <fperrad@gmail.com> wrote:
> > this option allows a systemd tailored for a guest/container
>
> I don't see any changes other than disabling kmod. Actually, in my
> Docker containers I use the systemd feature of loading kernel modules,
> with the kernel modules directory mapped in. So I'm not certain that
> you want to disable kmod in all circumstances when a guest.
>
>
Currently, kmod is always selected, I want to give the choice to the user.

The host & guest share the same kernel.
In the guest, I want use it as it is configured by the host.
In my point of view, system stuff goes in the host side and the service
application goes in the guest.
At this time, my primary target is systemd-nspawn in the host, not
docker-engine
(I don't need a deployment model like with docker and the interaction
between a host systemd-nspawn and a guest systemd seems easy)

Fran?ois


> Given that this is the only effect of the flag, I don't think it's
> worth adding (too little impact for a new flag).
>
> Best,
> Christian
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200608/c96bf994/attachment-0001.html>

[Buildroot] [PATCH v2 2/7] board/guest: documentation and sample files

[François Perrad]

Le dim. 7 juin 2020 ? 01:10, Christian Stewart <christian@paral.in> a
?crit :

> Hi Francois,
>
> On Sat, May 30, 2020 at 5:49 AM Francois Perrad <fperrad@gmail.com> wrote:
> > +++ b/board/guest/Dockerfile
> > @@ -0,0 +1,3 @@
> > +FROM scratch
> > +ADD rootfs.tar /
> > +CMD ["/bin/ash"]
>
> There is a typo here, you put the command as "ash"
>

`ash` is the default shell of Busybox.


>
> Also, this isn't a sufficient Dockerfile. From your other patches I
> guess you intend to run systemd in the container.
>
>
This Dockerfile is minimal, but that allows to run in mode interactive as
described.
I agree that looks like a toy.
I will add another section which refers your project SkiffOS, and allows to
have a running systemd in the container.

Fran?ois


> For reference, see how I do this in Skiff:
>
> https://github.com/paralin/SkiffOS/tree/master/configs/virt/docker
>
> For the Dockerfile:
>
> FROM scratch
>
> ENV container docker
> ENV init /lib/systemd/systemd
> ENV LC_ALL C
>
> ADD rootfs.tar /
>
> USER root
> RUN systemctl set-default multi-user.target && \
>     systemctl mask tmp.mount && \
>     find /etc/systemd/system \
>          /lib/systemd/system \
>          \( -path '*.wants/*' \
>          -name '*swapon*' \
>          -or -name '*ntpd*' \
>          -or -name '*resolved*' \
>          -or -name '*remount-fs*' \
>          -or -name '*getty*' \
>          -or -name '*systemd-sysctl*' \
>          -or -name '*.mount' \
>          -or -name '*remote-fs*' \) \
>          -exec echo \{} \; \
>          -exec rm \{} \;
>
> COPY fstab /etc/fstab
> VOLUME [ "/sys/fs/cgroup" ]
> ENTRYPOINT ["/usr/lib/systemd/systemd"]
>
> For running the image you want to have something like this:
>
> docker run -d --name=skiff \
>   --privileged \
>   --cap-add=NET_ADMIN \
>   --security-opt seccomp=unconfined \
>   --stop-signal=SIGRTMIN+3 \
>   --tmpfs /run \
>   --tmpfs /run/lock \
>   -t \
>   -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
>   paralin/skiffos
>
> This works with systemd.
>
> > +
> > +How to with Docker
> > +==================
> > +
> > +A Docker image could created with a Dockerfile and few commands are
> needed:
> > +
> > +    # dockerd &
> > +
> > +    $ cat Dockerfile
> > +    FROM scratch
> > +    ADD rootfs.tar /
> > +    CMD ["/bin/ash"]
>
> Typo again with "ash" ?
>
> Best regards,
> Christian Stewart
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200608/9fd6ce23/attachment.html>

[Buildroot] [PATCH v2 4/7] package/docker-engine: needs more runtime dependencies

[François Perrad]

Le dim. 7 juin 2020 ? 01:12, Christian Stewart <christian@paral.in> a
?crit :

> Hi Francois,
>
> On Sat, May 30, 2020 at 5:48 AM Francois Perrad <fperrad@gmail.com> wrote:
> >
> > fix error:
> >         failed to start daemon: Devices cgroup isn't mounted
>
> I don't see this error, and I don't have the cgroupfs-mount enabled.
>
> With systemd, cgroups should be mounted automatically, at least as far
> as I know.
>
>
I see this error with a host using the old default SysV init (so without
systemd)
So, I will update the patch like this:
        select BR2_PACKAGE_CGROUPFS_MOUNT if !BR2_PACKAGE_SYSTEMD # runtime
dependenc

Fran?ois

> diff --git a/package/docker-engine/Config.in
> b/package/docker-engine/Config.in
> > index 1fd229fcb..64afba30f 100644
> > --- a/package/docker-engine/Config.in
> > +++ b/package/docker-engine/Config.in
> > @@ -5,6 +5,7 @@ config BR2_PACKAGE_DOCKER_ENGINE
> >         depends on BR2_TOOLCHAIN_HAS_THREADS
> >         depends on !BR2_TOOLCHAIN_USES_UCLIBC # docker-containerd -> runc
> >         depends on BR2_USE_MMU # docker-containerd
> > +       select BR2_PACKAGE_CGROUPFS_MOUNT # runtime dependency
> >         select BR2_PACKAGE_DOCKER_CONTAINERD # runtime dependency
> >         select BR2_PACKAGE_DOCKER_PROXY # runtime dependency
> >         select BR2_PACKAGE_IPTABLES # runtime dependency
>
> Best regards,
> Christian Stewart
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200608/0a770fdf/attachment.html>