[lxc-devel] [PATCH 1/1] templates/lxc-fedora Network startup w/o Network Manager

Fri Oct 4 17:39:05 UTC 2013

This patches the Fedora template to insure that the legacy network
startup scripts are enabled when NetworkManager has not been installed
in the container (default).

It also fixes a login problem with pam_loginuid.so in a container.
https://bugzilla.redhat.com/show_bug.cgi?id=966807

Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>

--

diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in
index 484170c..c5bddf1 100644
--- a/templates/lxc-fedora.in
+++ b/templates/lxc-fedora.in
@@ -98,7 +98,13 @@ configure_fedora()
     mkdir -p $rootfs_path/selinux
     echo 0 > $rootfs_path/selinux/enforce
 
-   # configure the network using the dhcp
+    # This may be related to disabling selinux above but this is
+    # a known problem and documented in RedHat bugzilla as relating
+    # to a problem with auditing enabled.  This prevents an error in
+    # the container "Cannot make/remove an entry for the specified session"
+    sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/login
+
+    # configure the network using the dhcp
     cat <<EOF > ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0
 DEVICE=eth0
 BOOTPROTO=dhcp
@@ -160,7 +166,15 @@ EOF
     rm -f ${rootfs_path}/var/lib/rpm/__db*
     chroot ${rootfs_path} rpm --rebuilddb
     chroot ${rootfs_path} yum -y install fedora-release
-    # This just makes sure the rpm db is synced to that version...
+
+    if [[ ! -e ${rootfs_path}/sbin/NetworkManager ]]
+    then
+        # NetworkManager has not been installed.  Use the
+        # legacy chkconfig command to enable the network startup
+        # scripts in the container.
+        chroot ${rootfs_path} chkconfig network on
+    fi
+
     umount ${rootfs_path}/proc
     umount ${rootfs_path}/dev
 

--

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20131004/1f3196d1/attachment.pgp>
