[lxc-devel] [obnox at samba.org: Re: [PATCHES] add "--mask-tmp" to lxc-fedora, plus some template script fixes]

Michael Adam obnox at samba.org
Mon Jan 19 21:50:58 UTC 2015


Hi Michael,

do you have any concerns with the attached patch to
the fedora template that adds an option --mask-tmp
that prevents fedora/systemd from over-mounting
/tmp with tmpfs, which is useful in some cases?

Thanks - Michael

----- Forwarded message from Michael Adam <obnox at samba.org> -----

Date: Sat, 10 Jan 2015 13:12:06 +0100
From: Michael Adam <obnox at samba.org>
To: LXC development mailing-list <lxc-devel at lists.linuxcontainers.org>
Subject: Re: [lxc-devel] [PATCHES] add "--mask-tmp" to lxc-fedora, plus some
	template script fixes
User-Agent: Mutt/1.5.23 (2014-03-12)

On 2015-01-10 at 13:08 +0100, Michael Adam wrote:
> On 2015-01-10 at 04:05 +0000, Serge Hallyn wrote:
> 
> > The less controversial one is adding mask-tmp to the fedora template.
> > It looks fine to me, but that should go separately to mwarfield, our
> > fedora template maintainer :)
> 
> I had notified mhw of my patches on irc, but apparently he is
> currently very busy.
> 
> For a start, following is an update of the uncontroversial fix
> patches, i.e. the fix patche without the path ones, and without
> the mask-tmp patch.

And here comes the mask-tmp patch.
It needs to be applied onto the previous fix-patchset.


From 9589dca113535ed2f4faad89db2fab33bb8a9d7e Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 8 Jan 2015 10:25:24 +0100
Subject: [PATCH] lxc-fedora: add a new option --mask-tmp

This will configure the container to prevent the standard
behaviour of over-mounting /tmp with tmpfs, which can be
undesirable in some cases.

My personal use case is vagrant-lxc in combination with
vagrant-cachier.

Signed-off-by: Michael Adam <obnox at samba.org>
---
 templates/lxc-fedora.in | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in
index 210f2e7..49e14eb 100644
--- a/templates/lxc-fedora.in
+++ b/templates/lxc-fedora.in
@@ -372,6 +372,12 @@ configure_fedora_systemd()
     chroot ${rootfs_path} ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
     # Make systemd honor SIGPWR
     chroot ${rootfs_path} ln -s /usr/lib/systemd/system/halt.target /etc/systemd/system/sigpwr.target
+
+    # if desired, prevent systemd from over-mounting /tmp with tmpfs
+    if [ $masktmp -eq 1 ]; then
+        chroot ${rootfs_path} ln -s /dev/null /etc/systemd/system/tmp.mount
+    fi
+
     #dependency on a device unit fails it specially that we disabled udev
     # sed -i 's/After=dev-%i.device/After=/' ${rootfs_path}/lib/systemd/system/getty\@.service
     #
@@ -1186,6 +1192,7 @@ usage:
     $1 -n|--name=<container_name>
         [-p|--path=<path>] [-c|--clean] [-R|--release=<Fedora_release>]
         [--fqdn=<network name of container>] [-a|--arch=<arch of the container>]
+        [--mask-tmp]
         [-h|--help]
 Mandatory args:
   -n,--name         container name, used to as an identifier for that container
@@ -1198,18 +1205,21 @@ Optional args:
                     Defaults to host's release if the host is Fedora.
      --fqdn         fully qualified domain name (FQDN) for DNS and system naming
   -a,--arch         Define what arch the container will be [i686,x86_64]
+  --mask-tmp        Prevent systemd from over-mounting /tmp with tmpfs.
   -h,--help         print this help
 EOF
     return 0
 }
 
-options=$(getopt -o a:hp:n:cR: -l help,path:,rootfs:,name:,clean,release:,arch:,fqdn: -- "$@")
+options=$(getopt -o a:hp:n:cR: -l help,path:,rootfs:,name:,clean,release:,arch:,fqdn:,mask-tmp -- "$@")
 if [ $? -ne 0 ]; then
     usage $(basename $0)
     exit 1
 fi
 
 arch=$(uname -m)
+masktmp=0
+
 eval set -- "$options"
 while true
 do
@@ -1222,6 +1232,7 @@ do
         -R|--release)   release=$2; shift 2;;
         -a|--arch)      newarch=$2; shift 2;;
         --fqdn)         utsname=$2; shift 2;;
+        --mask-tmp)     masktmp=1; shift 1;;
         --)             shift 1; break ;;
         *)              break ;;
     esac
-- 
2.1.0





_______________________________________________
lxc-devel mailing list
lxc-devel at lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel


----- End forwarded message -----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20150119/66ea4122/attachment.sig>


More information about the lxc-devel mailing list