[lxc-devel] [PATCH] lxc-oracle: add pts/[1-4] to securetty for libvirt-lxc
Dwight Engen
dwight.engen at oracle.com
Mon May 19 21:53:45 UTC 2014
On Mon, 19 May 2014 23:14:29 +0200
Stéphane Graber <stgraber at ubuntu.com> wrote:
> Hi Dwight,
>
> Do you care about having 5f2ea8cfcb8ccd9bbb7cf18e1e260044f3f6dcaf in
> 1.0.4? If so, can you provide me with a version of the change which
> applies to stable-1.0?
>
> Thanks
Well, this only matters when a container created with lxc runs under
libvirt-lxc so I'm not if this one qualifies as a fix or feature. I'm
fine you don't want to apply on that basis, but I'll be merging it into
Oracle's build of 1.0.4, so I'd prefer it to be upstream where it'd help
anyone else trying that scenario.
Below is the backport to stable of
5f2ea8cfcb8ccd9bbb7cf18e1e260044f3f6dcaf and
7e4ca1a21debdf0d04285446e4dbff5d8647b2d3 (follow up fix to it) rolled
into one if you choose to apply.
-->8
Don't spawn a getty on /dev/console when running under libvirt-lxc
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
templates/lxc-oracle.in | 28 +++++++++++++++++++++-------
1 file changed, 21 insertions(+), 7 deletions(-)
diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
index 37bb7ac..52aa633 100644
--- a/templates/lxc-oracle.in
+++ b/templates/lxc-oracle.in
@@ -326,22 +326,35 @@ EOF
# allow root login on console, tty[1-4], and pts/0 for libvirt
echo "# LXC (Linux Containers)" >>$container_rootfs/etc/securetty
echo "lxc/console" >>$container_rootfs/etc/securetty
- echo "lxc/tty1" >>$container_rootfs/etc/securetty
- echo "lxc/tty2" >>$container_rootfs/etc/securetty
- echo "lxc/tty3" >>$container_rootfs/etc/securetty
- echo "lxc/tty4" >>$container_rootfs/etc/securetty
+ for i in 1 2 3 4; do
+ echo "lxc/tty$i" >>$container_rootfs/etc/securetty
+ done
echo "# For libvirt/Virtual Machine Monitor" >>$container_rootfs/etc/securetty
- echo "pts/0" >>$container_rootfs/etc/securetty
+ for i in 0 1 2 3 4; do
+ echo "pts/$i" >>$container_rootfs/etc/securetty
+ done
# prevent mingetty from calling vhangup(2) since it fails with userns
if [ -f $container_rootfs/etc/init/tty.conf ]; then
sed -i 's|mingetty|mingetty --nohangup|' $container_rootfs/etc/init/tty.conf
fi
+ # create maygetty which only spawns a getty on the console when running
+ # under lxc, not libvirt-lxc which symlinks /dev/console to the same pty
+ # as /dev/tty1
+ cat <<EOF >$container_rootfs/sbin/maygetty
+#!/bin/sh
+if [ "\$container" = "lxc" ]; then
+ exec /sbin/mingetty \$@
+fi
+exec sleep infinity
+EOF
+ chmod 755 $container_rootfs/sbin/maygetty
+
# start a getty on /dev/console, /dev/tty[1-4]
if [ $container_release_major = "4" -o $container_release_major = "5" ]; then
sed -i 's|mingetty|mingetty --nohangup|' $container_rootfs/etc/inittab
- sed -i '/1:2345:respawn/i cns:2345:respawn:/sbin/mingetty --nohangup --noclear console' $container_rootfs/etc/inittab
+ sed -i '/1:2345:respawn/i cns:2345:respawn:/sbin/maygetty --nohangup --noclear console' $container_rootfs/etc/inittab
sed -i '/5:2345:respawn/d' $container_rootfs/etc/inittab
sed -i '/6:2345:respawn/d' $container_rootfs/etc/inittab
fi
@@ -355,9 +368,10 @@ EOF
start on stopped rc RUNLEVEL=[2345]
stop on runlevel [!2345]
+env container
respawn
-exec /sbin/mingetty --nohangup --noclear /dev/console
+exec /sbin/maygetty --nohangup --noclear /dev/console
EOF
fi
--
1.9.0
More information about the lxc-devel
mailing list