Use qemu-user >= 8.0.0 which fixes a memory leak bug

https://gitlab.com/qemu-project/qemu/-/issues/866 In docker-easyconnect, it was first mentioned in #128.
docker-easyconnect · Jul 26, 2023 · e13ece4 · e13ece4
1 parent 604c6ef
commit e13ece4
Show file tree

Hide file tree

Showing 6 changed files with 6 additions and 31 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -34,8 +34,6 @@ COPY ./docker-root /
 
 COPY --from=hagb/docker-easyconnect:build /results/fake-hwaddr/ /results/tinyproxy-ws/ /results/novnc/ /
 
-ENV QEMU_ECAGENT_MEM_LIMIT=256
-
 #ENV TYPE="" PASSWORD="" LOOP=""
 #ENV DISPLAY
 #ENV USE_NOVNC=""

diff --git a/Dockerfile.cli b/Dockerfile.cli
@@ -55,8 +55,6 @@ COPY ./docker-root /
 
 COPY --from=hagb/docker-easyconnect:build /results/fake-hwaddr/ /results/tinyproxy-ws/ /
 
-ENV QEMU_ECAGENT_MEM_LIMIT=256
-
 VOLUME /root/ /usr/share/sangfor/EasyConnect/resources/logs/
 
 CMD start.sh
diff --git a/Dockerfile.vncless b/Dockerfile.vncless
@@ -35,8 +35,6 @@ COPY ./docker-root /
 
 COPY --from=hagb/docker-easyconnect:build /results/fake-hwaddr/ /results/tinyproxy-ws/ /
 
-ENV QEMU_ECAGENT_MEM_LIMIT=256
-
 VOLUME /root/ /usr/share/sangfor/EasyConnect/resources/logs/
 
 CMD TYPE=x11 start.sh
diff --git a/build-scripts/config-apt.sh b/build-scripts/config-apt.sh
@@ -3,7 +3,12 @@
 if [ -n "${ANDROID_PATCH}" ]; then
 	groupadd -g 3003 inet && usermod -a -G inet root && usermod -g inet -ou 0 daemon && usermod -g inet -ou 0 _apt
 fi &&
-echo "
+echo "APT::Default-Release \"$VERSION_CODENAME\";" > /etc/apt/apt.conf.d/80release &&
+# use qemu-user >= 8.0.0 which fixes https://gitlab.com/qemu-project/qemu/-/issues/866
+echo "Package: qemu-user
+Pin: release n=trixie
+Pin-Priority: 990" > /etc/apt/preferences.d/qemu &&
+echo "deb $MIRROR_URL trixie main
 deb $MIRROR_URL $VERSION_CODENAME main
 deb http://deb.debian.org/debian-security $VERSION_CODENAME-security main
 deb $MIRROR_URL bullseye main

diff --git a/doc/usage.md b/doc/usage.md
@@ -31,8 +31,6 @@
 
 - `NODANTED`: 默认为空。不为空时提供 socks5 代理的`danted`将不会启动（可用于和`--net host`参数配合，提供全局透明代理）。
 
-- `QEMU_ECAGENT_MEM_LIMIT`：在非 amd64 架构上用 `qemu-x86_64` 运行 `ECAgent` 时，限制 `ECAgent` 的最大内存（MB），默认为 256。（qemu-user 内存泄漏问题 https://gitlab.com/qemu-project/qemu/-/issues/866 的 workaround）
-
 - `SOCKS_USER`: 默认为空，不为空时以此为用户名启用 socks5 代理的密码认证
 
 - `SOCKS_PASSWD`: 默认为空，`SOCKS_USER` 不为空时此变量作为 socks5 代理的密码

diff --git a/docker-root/usr/local/bin/start-sangfor.sh b/docker-root/usr/local/bin/start-sangfor.sh
@@ -5,28 +5,6 @@ if [ -n "$FAKE_HWADDR" ]; then
 	fake-hwaddr-run() { LD_PRELOAD=/usr/local/lib/fake-hwaddr.so "$@" ; }
 fi
 
-# 对 qemu-user 内存泄漏 https://gitlab.com/qemu-project/qemu/-/issues/866 的一个 workaround
-# 在 ECAgent 超过一定内存时杀掉它，经试验并不会对 vpn 服务造成很大影响
-# https://github.com/Hagb/docker-easyconnect/issues/128#issuecomment-1074058067
-[ -e /usr/local/libexec/qemu-hack ] && {
-	page_size=$(getconf PAGESIZE)
-	while true; do
-		rss_pages=0
-		for pid in $(pidof ECAgent); do
-			statm=($(cat /proc/$pid/statm))
-			((rss_pages+=statm[1]))
-		done
-		((rss_size_mb=rss_pages*page_size/1024/1024))
-		if ((rss_size_mb>QEMU_ECAGENT_MEM_LIMIT)); then
-			killall ECAgent
-			echo "ECAgent spend memory $rss_size_mb MB > $QEMU_ECAGENT_MEM_LIMIT MB! Kill ECAgent!" >&2
-		fi
-		sleep 15
-	done
-} &
-
-sleep 1
-
 while true
 do
 	vpn_daemon