[lxc-devel] [PATCH] lxc-busybox: make some OpenSSH tools optional

Serge Hallyn serge.hallyn at ubuntu.com
Fri Apr 24 15:48:13 UTC 2015


Quoting Purcareata Bogdan (b43198 at freescale.com):
> On 24.04.2015 16:05, Serge Hallyn wrote:
> >Quoting Bogdan Purcareata (bogdan.purcareata at freescale.com):
> >>Currently, when installing OpenSSH in a Busybox container, the template searches
> >>for all the OpenSSH client binaries available in the Debian distro package. The
> >>included tools might differ from distro to distro, so make part of the tools
> >>optional. The mandatory tools, without which installing OpenSSH fails, are
> >>"sshd" for the server and "ssh" and "scp" for the client.
> >>
> >>Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
> >>---
> >>  templates/lxc-busybox.in | 9 +++++++++
> >>  1 file changed, 9 insertions(+)
> >>
> >>diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
> >>index 95961a3..17a3006 100644
> >>--- a/templates/lxc-busybox.in
> >>+++ b/templates/lxc-busybox.in
> >>@@ -197,6 +197,8 @@ install_openssh()
> >>      client_utils="\
> >>          ssh \
> >>          scp \
> >>+        "
> >>+    client_optional_utils="\
> >>          sftp \
> >>          ssh-add \
> >>          ssh-agent \
> >>@@ -230,6 +232,13 @@ $rootfs/var/run/sshd \
> >>          fi
> >>      done
> >>
> >>+    for bin in $client_optional_utils; do
> >>+        tool_path=`which $bin`
> >>+        if [ $? -eq 0 ]; then
> >>+            cp $tool_path $rootfs/$tool_path
> >
> >If ssh-agent for some reason is found in /usr/local/bin, then
> >you'll need to create /usr/local/bin first in the container
> >or this will fail, right?
> 
> That's true. And I guess, if that's the case, it wouldn't be
> excluded to have the related libraries in /usr/local/lib as well,
> right?
> 
> Currently the lxc-busybox template has a tree of directories it will
> create in the container rootfs. Besides that, it also has a couple
> of library entries which it will bind-mount from the host to the
> container.
> 
> How about I send an additional patch to add /usr/local/* directories
> in the rootfs, and map any eventual library host directories to them
> as well (should that be the case)?

Sure.  I suppose you could ldd the binaries to check for libraries
from new directories.  But then, maybe the right thing to do is to
just make sure the binaries are in /{s,}bin or /usr/{s,}bin and, if
not, exit with a clear error message.


More information about the lxc-devel mailing list