[lxc-devel] [lxc/master] Add voidlinux distribution
Dean4Devil on Github
lxc-bot at linuxcontainers.org
Fri Oct 14 13:30:50 UTC 2016
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 410 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20161014/1637504f/attachment.bin>
-------------- next part --------------
From f6bd219e6b4e373ab4bfb7624ab9d9a50abdeeff Mon Sep 17 00:00:00 2001
From: Gregor Reitzenstein <dean4devil at paranoidlabs.org>
Date: Fri, 14 Oct 2016 13:06:29 +0200
Subject: [PATCH] Add voidlinux distribution
Signed-off-by: Gregor Reitzenstein <dean4devil at paranoidlabs.org>
---
config/templates/Makefile.am | 2 +
config/templates/voidlinux.common.conf.in | 35 ++++++
config/templates/voidlinux.userns.conf.in | 8 ++
configure.ac | 3 +
templates/Makefile.am | 3 +-
templates/lxc-voidlinux.in | 199 ++++++++++++++++++++++++++++++
6 files changed, 249 insertions(+), 1 deletion(-)
create mode 100644 config/templates/voidlinux.common.conf.in
create mode 100644 config/templates/voidlinux.userns.conf.in
create mode 100644 templates/lxc-voidlinux.in
diff --git a/config/templates/Makefile.am b/config/templates/Makefile.am
index 1a50f62..86b47d6 100644
--- a/config/templates/Makefile.am
+++ b/config/templates/Makefile.am
@@ -38,4 +38,6 @@ templatesconfig_DATA = \
openwrt.common.conf \
sparclinux.common.conf \
sparclinux.userns.conf \
+ voidlinux.common.conf \
+ voidlinux.userns.conf \
userns.conf
diff --git a/config/templates/voidlinux.common.conf.in b/config/templates/voidlinux.common.conf.in
new file mode 100644
index 0000000..d5d2ee8
--- /dev/null
+++ b/config/templates/voidlinux.common.conf.in
@@ -0,0 +1,35 @@
+# This derives from the global common config
+lxc.include = @LXCTEMPLATECONFIG@/common.conf
+
+# Allow for 6 tty devices by default
+lxc.tty = 6
+
+# Set $VIRTUALIZATION so runit doesn't try to mount filesystems or start udevd
+lxc.environment=VIRTUALIZATION=lxc
+
+# Set the halt/stop signals
+lxc.haltsignal=SIGCONT
+
+
+# Uncomment to disable creating tty devices subdirectory in /dev
+# lxc.devttydir =
+
+# Capabilities
+# Uncomment these if you don't run anything that needs the capability, and
+# would like the container to run with less privilege.
+#
+# Dropping sys_admin disables container root from doing a lot of things
+# that could be bad like re-mounting lxc fstab entries rw for example,
+# but also disables some useful things like being able to nfs mount, and
+# things that are already namespaced with ns_capable() kernel checks, like
+# hostname(1).
+# lxc.cap.drop = sys_admin
+# lxc.cap.drop = net_raw # breaks dhcp/ping
+# lxc.cap.drop = setgid # breaks login (initgroups/setgroups)
+# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd)
+# lxc.cap.drop = setuid # breaks sshd,nfs statd
+# lxc.cap.drop = audit_control # breaks sshd (set_loginuid failed)
+# lxc.cap.drop = audit_write
+# lxc.cap.drop = setpcap # big big login delays in Fedora 20 systemd
+#
+lxc.cap.drop = setfcap sys_nice sys_pacct sys_rawio
diff --git a/config/templates/voidlinux.userns.conf.in b/config/templates/voidlinux.userns.conf.in
new file mode 100644
index 0000000..5e346b7
--- /dev/null
+++ b/config/templates/voidlinux.userns.conf.in
@@ -0,0 +1,8 @@
+# This derives from the global userns config
+lxc.include = @LXCTEMPLATECONFIG@/userns.conf
+
+# Set $VIRTUALIZATION so runit doesn't try to mount filesystems or start udevd
+lxc.environment=VIRTUALIZATION=lxc
+
+# Set the halt/stop signals
+lxc.haltsignal=SIGCONT
diff --git a/configure.ac b/configure.ac
index 2f0137b..5985578 100644
--- a/configure.ac
+++ b/configure.ac
@@ -707,6 +707,8 @@ AC_CONFIG_FILES([
config/templates/openwrt.common.conf
config/templates/sparclinux.common.conf
config/templates/sparclinux.userns.conf
+ config/templates/voidlinux.common.conf
+ config/templates/voidlinux.userns.conf
config/templates/userns.conf
config/yum/Makefile
config/sysconfig/Makefile
@@ -858,6 +860,7 @@ AC_CONFIG_FILES([
templates/lxc-ubuntu
templates/lxc-ubuntu-cloud
templates/lxc-sparclinux
+ templates/lxc-voidlinux
src/Makefile
src/lxc/Makefile
diff --git a/templates/Makefile.am b/templates/Makefile.am
index b2ca8f5..c6c5ea5 100644
--- a/templates/Makefile.am
+++ b/templates/Makefile.am
@@ -20,4 +20,5 @@ templates_SCRIPTS = \
lxc-sshd \
lxc-ubuntu \
lxc-ubuntu-cloud \
- lxc-sparclinux
+ lxc-sparclinux \
+ lxc-voidlinux
diff --git a/templates/lxc-voidlinux.in b/templates/lxc-voidlinux.in
new file mode 100644
index 0000000..83214fb
--- /dev/null
+++ b/templates/lxc-voidlinux.in
@@ -0,0 +1,199 @@
+#!/usr/bin/bash
+
+#
+# template script for generating Void Linux container for LXC
+#
+
+#
+# lxc: linux Container library
+
+# Authors:
+# Gregor Reitzenstein <dean4devil at paranoidlabs.org>
+
+# Based on lxc-archlinux template by:
+# Alexander Vladimirov <alexander.idkfa.vladimirov at gmail.com>
+# John Lane <lxc at jelmail.com>
+
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+# Utility functions
+
+# Check if array $2 contains item $1
+containsElement() {
+ local e
+ for e in "${@:2}"; do [[ "$1" == "$e" ]] && return 0; done
+ return 1
+}
+
+# split comma-separated string into an array
+# ${1} - string to split
+# ${2} - separator (default is ",")
+# ${result} - result value on success
+split_string() {
+ local ifs=${IFS}
+ IFS="${2:-,}"
+ read -ra result < <(echo "${1}")
+ IFS=${ifs}
+ return 0
+}
+
+# Make sure the usual locations are in PATH
+export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
+
+# defaults
+default_path="/var/lib/lxc"
+default_path="@LXCPATH@"
+shared_config="@LXCTEMPLATECONFIG@/voidlinux.common.conf"
+userns_config="@LXCTEMPLATECONFIG@/voidlinux.userns.conf"
+
+pkg_blacklist=("linux>=0" "e2fsprogs>=0" "btrfs-progs>=0" "xfsprogs>=0" "f2fs-tools>=0" "dosfstools>=0")
+base_packages=()
+for pkg in $(xbps-query -Mv --repository="http://repo2.voidlinux.eu/current/" -x base-system); do
+ containsElement "$pkg" "${pkg_blacklist[@]}" || base_packages+=($pkg)
+done
+declare -a additional_packages
+
+copy_configuration() {
+ mkdir -p "${config_path}"
+ local config="${config_path}/config"
+ echo "lxc.utsname = ${name}" >> "${config}"
+ grep -q "^lxc.rootfs" "${config}" 2>/dev/null \
+ || echo "lxc.rootfs = ${rootfs_path}" >> "${config}"
+
+ # Detect if were in a UserNS and include the right config
+ if [ -z "${LXC_MAPPED_GID+x}" ] || [ -z "${LXC_MAPPED_UID+x}" ]; then
+ echo "lxc.include = ${userns_config}" >> "${config}"
+ else
+ echo "lxc.include = ${shared_config}" >> "${config}"
+ fi
+
+ if [ $? -ne 0 ]; then
+ echo "Failed to configure container"
+ return 1
+ fi
+ return 0
+}
+
+install_void() {
+ if ! yes | xbps-install -Sy -R http://repo2.voidlinux.eu/current -r "${rootfs_path}" "${base_packages[@]}"
+ then
+ echo "Failed to install container packages"
+ return 1
+ fi
+}
+
+usage() {
+ cat <<EOF
+usage:
+ ${1} -n|--name=<container_name> [-p|--path=<path>] [-a|--arch=<arch of the container>]
+ [-r|--root_password=<root password>] [-P|--packages=<pkg1,pkg2,...>] [-h|--help]
+
+Mandatory args:
+ -n,--name container name, used to as an identifier for that container from now on
+Optional args:
+ -p,--path path to where the container rootfs will be created (${default_path})
+ --rootfs path for actual container rootfs, (${default_path}/rootfs)
+ -P,--packages preinstall additional packages, comma-separated list
+ -c,--config use specified pacman config when installing container packages
+ -a,--arch use specified architecture instead of host's architecture
+ -r,--root_password set container root password
+ -h,--help print this help
+EOF
+ return 0
+}
+
+options=$(getopt -o hp:P:n:c:r: -l help,rootfs:,path:,packages:,name:,config:,root_password:,mapped-uid:,mapped-gid: -- "${@}")
+if [ ${?} -ne 0 ]; then
+ usage "$(basename "${0}")"
+ exit 1
+fi
+eval set -- "${options}"
+
+while true
+do
+ case "${1}" in
+ -h|--help) usage "${0}" && exit 0;;
+ -p|--path) path=${2}; shift 2;;
+ -n|--name) name=${2}; shift 2;;
+ -c|--config) config_path=${2}; shift 2;;
+ --rootfs) rootfs_path=${2}; shift 2;;
+ -P|--packages) additional_packages=${2}; shift 2;;
+ -r|--root_password) root_passwd=${2}; shift 2;;
+ --mapped-uid) LXC_MAPPED_UID=$2; shift 2;;
+ --mapped-gid) LXC_MAPPED_GID=$2; shift 2;;
+ --) shift 1; break ;;
+ *) break ;;
+ esac
+done
+
+if [ -z "${name}" ]; then
+ echo "missing required 'name' parameter"
+ exit 1
+fi
+
+type xbps-install >/dev/null 2>&1
+if [ ${?} -ne 0 ]; then
+ echo "'xbps-install' command is missing."
+fi
+type xbps-query >/dev/null 2>&1
+if [ ${?} -ne 0 ]; then
+ echo "'xbps-query' command is missing."
+fi
+
+if [ -z "${rootfs_path}" ]; then
+ rootfs_path="${path}/rootfs"
+fi
+config_path="${path}"
+
+revert() {
+ echo "Interrupted, cleaning up"
+ lxc-destroy -n "${name}"
+ rm -rf "${path:?}/${name}"
+ rm -rf "${default_path:?}/${name}"
+ exit 1
+}
+trap revert SIGHUP SIGINT SIGTERM
+
+copy_configuration
+if [ $? -ne 0 ]; then
+ echo "Failed to write configuration file"
+ rm -rf "${config_path}"
+ exit 1
+fi
+
+if [ ${#additional_packages[@]} -gt 0 ]; then
+ split_string "${additional_packages}"
+ base_packages+=(${result[@]})
+fi
+
+mkdir -p "${rootfs_path}"
+install_void
+if [ ${?} -ne 0 ]; then
+ echo "Failed to install Void Linux"
+ rm -rf "${config_path}" "${path}"
+ exit 1
+fi
+
+
+
+if [ -n "${root_passwd}" ]; then
+ echo "root:${root_passwd}" | chroot "${rootfs_path}" chpasswd
+fi
+
+cat << EOF
+Void Linux Container ${name} has been successfully created. The configuration is
+stored in ${config_path}/config. Please refer to https://wiki.voidlinux.eu for
+information regarding Void Linux.
+EOF
More information about the lxc-devel
mailing list