[lxc-devel] [PATCH v2] lxc-template: enable chroot + chpasswd functionality for Busybox hosts

[Bogdan Purcareata]

This patch supports the scenario where a user wants to install a
busybox container on a busybox host.

When running the template, in order to change the root password,
the template needs to do the chroot. On busybox-powered hosts, chroot
is not part of the coreutils package - it's part of busybox. And the
busybox implementation or chroot only works if it has /lib in the new
root populated with the right binaries (or at least that's the
solution I found to make it work).

The temporarily bind-mounts /lib in the NEWROOT, chroots there,
changes the password, goes back and unmounts. This set of operations
is contained in a new MOUNT namespace, using the lxc-unshare call.

Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
---
 templates/lxc-busybox.in | 30 ++++++++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
index cb425ec..2ca2bfd 100644
--- a/templates/lxc-busybox.in
+++ b/templates/lxc-busybox.in
@@ -189,9 +189,35 @@ configure_busybox()
     # passwd exec must be setuid
     chmod +s $rootfs/bin/passwd
     touch $rootfs/etc/shadow
-    echo "setting root passwd to root"
-    echo "root:root" | chroot $rootfs chpasswd
 
+    # setting passwd for root
+    CHPASSWD_FILE=$rootfs/root/chpasswd.sh
+
+    cat <<EOF >$CHPASSWD_FILE
+echo "setting root password to \"root\""
+
+mount --bind /lib $rootfs/lib
+if [ \$? -ne 0 ]; then
+    echo "Failed bind-mounting /lib at $rootfs/lib"
+    exit 1
+fi
+
+chroot $rootfs chpasswd <<EOFF 2>/dev/null
+root:root
+EOFF
+
+
+if [ \$? -ne 0 ]; then
+    echo "Failed to change root password"
+    exit 1
+fi
+
+umount $rootfs/lib
+
+EOF
+
+    lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE
+    rm $CHPASSWD_FILE
 
     # add ssh functionality if dropbear package available on host
     which dropbear >/dev/null 2>&1
-- 
1.7.11.7