[lxc-devel] [PATCH v2] lxc-template: enable chroot + chpasswd functionality for Busybox hosts
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Apr 11 14:19:24 UTC 2013
Quoting Bogdan Purcareata (bogdan.purcareata at freescale.com):
> This patch supports the scenario where a user wants to install a
> busybox container on a busybox host.
>
> When running the template, in order to change the root password,
> the template needs to do the chroot. On busybox-powered hosts, chroot
> is not part of the coreutils package - it's part of busybox. And the
> busybox implementation or chroot only works if it has /lib in the new
> root populated with the right binaries (or at least that's the
> solution I found to make it work).
>
> The temporarily bind-mounts /lib in the NEWROOT, chroots there,
> changes the password, goes back and unmounts. This set of operations
> is contained in a new MOUNT namespace, using the lxc-unshare call.
>
> Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Thanks much, Bogdan. There are other parts of templates which should
be doing this too. Given how unwieldy it is, we should have a helper
for this.
We should merge this patch now, then at some point I (or someone) should
add a helper to lxc.functions which runs a set of commands in a fresh
namespace.
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
BTW, what about cases where the library path is more complicated, i.e.
might /lib64 or others need to be bind-mounted as well? (Even if so
that shouldn't stop us taking this patch as it obviously is fixing a
problem for Bogdan, and won't break others).
> ---
> templates/lxc-busybox.in | 30 ++++++++++++++++++++++++++++--
> 1 file changed, 28 insertions(+), 2 deletions(-)
>
> diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
> index cb425ec..2ca2bfd 100644
> --- a/templates/lxc-busybox.in
> +++ b/templates/lxc-busybox.in
> @@ -189,9 +189,35 @@ configure_busybox()
> # passwd exec must be setuid
> chmod +s $rootfs/bin/passwd
> touch $rootfs/etc/shadow
> - echo "setting root passwd to root"
> - echo "root:root" | chroot $rootfs chpasswd
>
> + # setting passwd for root
> + CHPASSWD_FILE=$rootfs/root/chpasswd.sh
> +
> + cat <<EOF >$CHPASSWD_FILE
> +echo "setting root password to \"root\""
> +
> +mount --bind /lib $rootfs/lib
> +if [ \$? -ne 0 ]; then
> + echo "Failed bind-mounting /lib at $rootfs/lib"
> + exit 1
> +fi
> +
> +chroot $rootfs chpasswd <<EOFF 2>/dev/null
> +root:root
> +EOFF
> +
> +
> +if [ \$? -ne 0 ]; then
> + echo "Failed to change root password"
> + exit 1
> +fi
> +
> +umount $rootfs/lib
> +
> +EOF
> +
> + lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE
> + rm $CHPASSWD_FILE
>
> # add ssh functionality if dropbear package available on host
> which dropbear >/dev/null 2>&1
> --
> 1.7.11.7
>
>
>
> ------------------------------------------------------------------------------
> Precog is a next-generation analytics platform capable of advanced
> analytics on semi-structured data. The platform includes APIs for building
> apps and a phenomenal toolset for data science. Developers can use
> our toolset for easy data analysis & visualization. Get a free account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
More information about the lxc-devel
mailing list