[lxc-devel] [PATCH] lxc-oracle: add pts/[1-4] to securetty for libvirt-lxc
Serge Hallyn
serge.hallyn at ubuntu.com
Mon May 12 20:35:52 UTC 2014
Quoting Dwight Engen (dwight.engen at oracle.com):
> Don't spawn a getty on /dev/console when running under libvirt-lxc
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
I'd personally prefer to see the upstart bit handled with
a pre-start check which does { stop; exit 0; } if not in a
container, but since you need maygetty anyway for the inittab
case, I guess this is fewer moving pieces for you.
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> ---
> templates/lxc-oracle.in | 30 +++++++++++++++++++++++-------
> 1 file changed, 23 insertions(+), 7 deletions(-)
>
> diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
> index 4a4df18..1cf1b1b 100644
> --- a/templates/lxc-oracle.in
> +++ b/templates/lxc-oracle.in
> @@ -159,6 +159,9 @@ EOF
> # default config. Number should match lxc.tty
> ( cd $container_rootfs/etc/systemd/system/getty.target.wants
> for i in 1 2 3 4 ; do ln -sf ../getty\@.service getty at tty${i}.service; done )
> + # We only want to spawn a getty on /dev/console in lxc, libvirt-lxc
> + # symlinks /dev/console to /dev/tty1
> + sed -i '/Before=getty.target/a ConditionVirtualization=lxc' $container_rootfs/usr/lib/systemd/system/console-getty.service
>
> # disable some systemd services, set default boot, sigpwr target
> rm -f $container_rootfs/usr/lib/systemd/system/sysinit.target.wants/kmod-static-nodes.service
> @@ -358,22 +361,35 @@ EOF
> # allow root login on console, tty[1-4], and pts/0 for libvirt
> echo "# LXC (Linux Containers)" >>$container_rootfs/etc/securetty
> echo "lxc/console" >>$container_rootfs/etc/securetty
> - echo "lxc/tty1" >>$container_rootfs/etc/securetty
> - echo "lxc/tty2" >>$container_rootfs/etc/securetty
> - echo "lxc/tty3" >>$container_rootfs/etc/securetty
> - echo "lxc/tty4" >>$container_rootfs/etc/securetty
> + for i in 1 2 3 4; do
> + echo "lxc/tty$i" >>$container_rootfs/etc/securetty
> + done
> echo "# For libvirt/Virtual Machine Monitor" >>$container_rootfs/etc/securetty
> - echo "pts/0" >>$container_rootfs/etc/securetty
> + for i in 0 1 2 3 4; do
> + echo "pts/$i" >>$container_rootfs/etc/securetty
> + done
>
> # prevent mingetty from calling vhangup(2) since it fails with userns
> if [ -f $container_rootfs/etc/init/tty.conf ]; then
> sed -i 's|mingetty|mingetty --nohangup|' $container_rootfs/etc/init/tty.conf
> fi
>
> + # create maygetty which only spawns a getty on the console when running
> + # under lxc, not libvirt-lxc which symlinks /dev/console to the same pty
> + # as /dev/tty1
> + cat <<EOF >$container_rootfs/sbin/maygetty
> +#!/bin/sh
> +if [ "\$container" = "lxc" ]; then
> + exec /sbin/mingetty \$@
> +fi
> +exec sleep infinity
> +EOF
> + chmod 755 $container_rootfs/sbin/maygetty
> +
> # start a getty on /dev/console, /dev/tty[1-4]
> if [ $container_release_major = "4" -o $container_release_major = "5" ]; then
> sed -i 's|mingetty|mingetty --nohangup|' $container_rootfs/etc/inittab
> - sed -i '/1:2345:respawn/i cns:2345:respawn:/sbin/mingetty --nohangup --noclear console' $container_rootfs/etc/inittab
> + sed -i '/1:2345:respawn/i cns:2345:respawn:/sbin/maygetty --nohangup --noclear console' $container_rootfs/etc/inittab
> sed -i '/5:2345:respawn/d' $container_rootfs/etc/inittab
> sed -i '/6:2345:respawn/d' $container_rootfs/etc/inittab
> fi
> @@ -389,7 +405,7 @@ start on stopped rc RUNLEVEL=[2345]
> stop on runlevel [!2345]
>
> respawn
> -exec /sbin/mingetty --nohangup --noclear /dev/console
> +exec /sbin/maygetty --nohangup --noclear /dev/console
> EOF
> fi
>
> --
> 1.9.0
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
More information about the lxc-devel
mailing list