lxc: added void lxc container support (will be upstreamed soon).
This commit is contained in:
parent
da09ceb607
commit
dc2a012145
3 changed files with 343 additions and 1 deletions
271
srcpkgs/lxc/files/lxc-void
Executable file
271
srcpkgs/lxc/files/lxc-void
Executable file
|
@ -0,0 +1,271 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#
|
||||||
|
# template script for generating Void linux container for LXC
|
||||||
|
#
|
||||||
|
|
||||||
|
#
|
||||||
|
# lxc: linux Container library
|
||||||
|
|
||||||
|
# Authors:
|
||||||
|
# Juan RP <xtraeme@gmail.com>
|
||||||
|
|
||||||
|
# This library is free software; you can redistribute it and/or
|
||||||
|
# modify it under the terms of the GNU Lesser General Public
|
||||||
|
# License as published by the Free Software Foundation; either
|
||||||
|
# version 2.1 of the License, or (at your option) any later version.
|
||||||
|
|
||||||
|
# This library is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
# Lesser General Public License for more details.
|
||||||
|
|
||||||
|
# You should have received a copy of the GNU Lesser General Public
|
||||||
|
# License along with this library; if not, write to the Free Software
|
||||||
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
|
|
||||||
|
# Detect use under userns (unsupported)
|
||||||
|
for arg in "$@"; do
|
||||||
|
[ "$arg" = "--" ] && break
|
||||||
|
if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
|
||||||
|
echo "This template can't be used for unprivileged containers." 1>&2
|
||||||
|
echo "You may want to try the \"download\" template instead." 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# Make sure the usual locations are in PATH
|
||||||
|
export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
|
||||||
|
|
||||||
|
# defaults
|
||||||
|
arch=$(uname -m)
|
||||||
|
default_path="/var/lib/lxc"
|
||||||
|
LXC_TEMPLATE_CONFIG="/usr/share/lxc/config"
|
||||||
|
|
||||||
|
# Install 'base-voidstrap' by default
|
||||||
|
base_packages=('base-voidstrap')
|
||||||
|
declare -a additional_packages
|
||||||
|
|
||||||
|
# split comma-separated string into an array
|
||||||
|
# ${1} - string to split
|
||||||
|
# ${2} - separator (default is ",")
|
||||||
|
# ${result} - result value on success
|
||||||
|
split_string() {
|
||||||
|
local ifs=${IFS}
|
||||||
|
IFS="${2:-,}"
|
||||||
|
read -a result < <(echo "${1}")
|
||||||
|
IFS=${ifs}
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
# write container configuration files
|
||||||
|
copy_configuration() {
|
||||||
|
path=$1
|
||||||
|
rootfs=$2
|
||||||
|
hostname=$3
|
||||||
|
arch=$4
|
||||||
|
|
||||||
|
## Add all the includes
|
||||||
|
echo "" >> $path/config
|
||||||
|
echo "# Common configuration" >> $path/config
|
||||||
|
if [ -e "${LXC_TEMPLATE_CONFIG}/void.common.conf" ]; then
|
||||||
|
echo "lxc.include = ${LXC_TEMPLATE_CONFIG}/void.common.conf" >> $path/config
|
||||||
|
fi
|
||||||
|
|
||||||
|
## Add the container-specific config
|
||||||
|
echo "" >> $path/config
|
||||||
|
echo "# Container specific configuration" >> $path/config
|
||||||
|
grep -q "^lxc.rootfs" $path/config 2> /dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
|
||||||
|
|
||||||
|
cat <<EOF >> $path/config
|
||||||
|
lxc.utsname = $hostname
|
||||||
|
lxc.arch = $arch
|
||||||
|
EOF
|
||||||
|
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "Failed to add configuration"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
# install packages within container chroot
|
||||||
|
install_void() {
|
||||||
|
path=$1
|
||||||
|
rootfs=$2
|
||||||
|
hostname=$3
|
||||||
|
arch=$4
|
||||||
|
|
||||||
|
[ "${arch}" != "$(uname -m)" ] && different_arch=true
|
||||||
|
|
||||||
|
if [ "${different_arch}" = "true" ]; then
|
||||||
|
export XBPS_ARCH=${arch}
|
||||||
|
fi
|
||||||
|
|
||||||
|
# set the hostname
|
||||||
|
mkdir -p $rootfs/etc
|
||||||
|
echo $hostname > $rootfs/etc/hostname
|
||||||
|
|
||||||
|
# missing device nodes
|
||||||
|
mkdir -p $rootfs/dev
|
||||||
|
mknod -m 666 "$rootfs/dev/null" c 1 3
|
||||||
|
|
||||||
|
echo "Installing ${base_packages[@]}"
|
||||||
|
mkdir -p ${rootfs}/var/db/xbps/keys
|
||||||
|
|
||||||
|
# base64 encoded Void RSA public key
|
||||||
|
vkb64=$(mktemp || return 1)
|
||||||
|
cat > ${vkb64} << EOF
|
||||||
|
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCFET0NUWVBFIHBsaXN0IFBV
|
||||||
|
QkxJQyAiLS8vQXBwbGUgQ29tcHV0ZXIvL0RURCBQTElTVCAxLjAvL0VOIiAiaHR0cDovL3d3dy5h
|
||||||
|
cHBsZS5jb20vRFREcy9Qcm9wZXJ0eUxpc3QtMS4wLmR0ZCI+CjxwbGlzdCB2ZXJzaW9uPSIxLjAi
|
||||||
|
Pgo8ZGljdD4KCTxrZXk+cHVibGljLWtleTwva2V5PgoJPGRhdGE+TFMwdExTMUNSVWRKVGlCUVZV
|
||||||
|
Sk1TVU1nUzBWWkxTMHRMUzBLVFVsSlEwbHFRVTVDWjJ0eGFHdHBSemwzTUVKQlVVVkdRVUZQUTBG
|
||||||
|
bk9FRk5TVWxEUTJkTFEwRm5SVUYyY2xONlFscE5kbWQyVDBOSk0wRllZazlxWVFveWNrdFNhMHBU
|
||||||
|
VkUwell5OUZhbFJKWjBOblJGaG5kVzA1TTBKUVEzUlpPRTFqUmxadlExVTBUMmxZU0VkbVZHMXhN
|
||||||
|
emxDVms1d1RIWk1TRXc1UzJzeENuQXlOemhUUW1oWVZrOTBZa0l5UlZadFJFdHVkbVpKUkVWVWJH
|
||||||
|
Uk1SM3BsTjNKYVRsSktaSFIxVGpKdFdpOVVWbkpWUWpsVE1IbFJZeXRKZFdZMGFIWUtNeXRFT1Rk
|
||||||
|
V1NXUlVTa2hCTjBGVGNqQTBNamh3Y0VWSFNrZDNVMU5vV1RKWVNtMDVSRFZKTUVWMVIxSlhZekUw
|
||||||
|
VFVWSE4yUkpTMHBwV1dsTk1HNUZOQXAwV1c4eUwzWklORWxHVkVoa2JsWkJNMmRaYVZwNVJHNWlk
|
||||||
|
VU5CVWk4NFJWTm1WVlJWTVROVFRrTlBaR0oxWkdZelJEVkNZM2tyVldsTlJFcEpNMWxsQ2pSTlJr
|
||||||
|
dENjbFE1V21oYUswZHpXRUphV1RRNE1teHhhVnBwTmtOTU5YQjBZemxKVVVabU9DOWxTMXBoT0dw
|
||||||
|
aGRHdHBWa1pXWjNKTFpVNVNhazlVZUU0S1psZFRkVEp1YTNoSFRsZ3JZbWhZV1hSb2FVZFhiVXBG
|
||||||
|
V1RoalEwRlFlVVpPSzB4Mk5WSmxkRXN5TlRablpHTmlNbk5yYlVWeFpXWjJNbnBRUXl0M1ZncFhR
|
||||||
|
bUprU0RWaVJEUmlXbXB1TUU0MldtdzRNWEoyTlZKNlJIWnVkbVlyZGtReE5HRkdWV0phT0ZGR2NY
|
||||||
|
VTNOVkJpVERSM05tMVpUVFJzWkUwdlp6QlNDalpPV0VVNFFYbzVRbmQ0TW5SRVpsbGxTM1YxZEhj
|
||||||
|
eFJYQlFiVEpaZGtaNVZGVmlNV052ZVVGMVZFZFNlVUZoY0RGVlZFaDJaemxzYUZCSlNtMW9SbEVL
|
||||||
|
U2pWclEyY3hjVVEzUVRNeFYyd3dVbXh1WlRab1owZHZNRnBhVGtvMVkwcE5MM1l2ZWxOVVMwcGpk
|
||||||
|
VVpuZDI4M1NEQm9UMGRwYkRaRVptODRPVUkwYWdwSE9UWkJRM2xRVXl0RVZrdFFSbGhTV1hkcUww
|
||||||
|
RnJZa2h3WVZFeVpqRkdUVUZ2VTNCQ2NYVkVjVWhvTTNWcmF6Y3hTMWcyYWpFNWREQnBSamhFVVV4
|
||||||
|
eUNuWjBSbE5UWkVscVJFRXdNbXgzWlZZNVRtRlJjRmR6UTBGM1JVRkJVVDA5Q2kwdExTMHRSVTVF
|
||||||
|
SUZCVlFreEpReUJMUlZrdExTMHRMUW89PC9kYXRhPgoJPGtleT5wdWJsaWMta2V5LXNpemU8L2tl
|
||||||
|
eT4KCTxpbnRlZ2VyPjQwOTY8L2ludGVnZXI+Cgk8a2V5PnNpZ25hdHVyZS1ieTwva2V5PgoJPHN0
|
||||||
|
cmluZz5Wb2lkIExpbnV4PC9zdHJpbmc+CjwvZGljdD4KPC9wbGlzdD4K
|
||||||
|
EOF
|
||||||
|
base64 -d ${vkb64} > ${rootfs}/var/db/xbps/keys/60\:ae\:0c\:d6\:f0\:95\:17\:80\:bc\:93\:46\:7a\:89\:af\:a3\:2d.plist
|
||||||
|
rm -f ${vkb64}
|
||||||
|
|
||||||
|
mkdir -p ${rootfs}/usr/share/xbps/repo.d
|
||||||
|
echo "repository=http://repo.voidlinux.eu/current" > ${rootfs}/usr/share/xbps/repo.d/00-main.conf
|
||||||
|
|
||||||
|
if ! xbps-install ${xbps_cachedir:+ -c $xbps_cachedir} \
|
||||||
|
${xbps_config:+-C $xbps_config} -r "${rootfs}" \
|
||||||
|
-Sy ${base_packages[@]}; then
|
||||||
|
echo "Failed to install container packages"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
grep nameserver /etc/resolv.conf > "${rootfs}/etc/resolv.conf"
|
||||||
|
|
||||||
|
echo "root:root" | chroot ${rootfs} chpasswd -c SHA512
|
||||||
|
echo
|
||||||
|
echo "Root password is 'root', please change!"
|
||||||
|
echo
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
usage() {
|
||||||
|
cat <<EOF
|
||||||
|
usage:
|
||||||
|
${1} -n|--name=<container_name>
|
||||||
|
[-P|--packages=<pkg1,pkg2,...>] [-p|--path=<path>] [-h|--help]
|
||||||
|
Mandatory args:
|
||||||
|
-n,--name container name, used to as an identifier for that container from now on
|
||||||
|
Optional args:
|
||||||
|
-p,--path path to where the container rootfs will be created, defaults to ${default_path}/rootfs. The container config will go under ${default_path} in that case
|
||||||
|
-P,--packages preinstall additional packages, comma-separated list
|
||||||
|
-c,--config use specified xbps config when installing container packages
|
||||||
|
--cachedir XBPS cache directory to store downloaded packages
|
||||||
|
-a,--arch use specified architecture instead of host's architecture
|
||||||
|
-r,--root_passwd set container root password
|
||||||
|
-h,--help print this help
|
||||||
|
EOF
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
options=$(getopt -o hp:P:e:n:c:a:l:t:r: -l help,rootfs:,path:,packages:,name:,config:,cachedir:,arch:,root_passwd: -- "${@}")
|
||||||
|
if [ ${?} -ne 0 ]; then
|
||||||
|
usage $(basename ${0})
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
eval set -- "${options}"
|
||||||
|
|
||||||
|
while true
|
||||||
|
do
|
||||||
|
case "${1}" in
|
||||||
|
-h|--help) usage ${0} && exit 0;;
|
||||||
|
-p|--path) path=${2}; shift 2;;
|
||||||
|
-n|--name) name=${2}; shift 2;;
|
||||||
|
--rootfs) rootfs_path=${2}; shift 2;;
|
||||||
|
-P|--packages) additional_packages=${2}; shift 2;;
|
||||||
|
-c|--config) xbps_config=${2}; shift 2;;
|
||||||
|
--cachedir) xbps_cachedir=${2}; shift 2;;
|
||||||
|
-a|--arch) arch=${2}; shift 2;;
|
||||||
|
-r|--root_passwd) root_passwd=${2}; shift 2;;
|
||||||
|
--) shift 1; break ;;
|
||||||
|
*) break ;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ -z "${name}" ]; then
|
||||||
|
echo "missing required 'name' parameter"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
type xbps-install >/dev/null 2>&1
|
||||||
|
if [ ${?} -ne 0 ]; then
|
||||||
|
echo "'xbps-install' command is missing, download xbps from http://repo.voidlinux.eu/static/"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "${path}" ]; then
|
||||||
|
path="${default_path}/${name}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "${EUID}" != "0" ]; then
|
||||||
|
echo "This script should be run as 'root'"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "${rootfs_path}_path" ]; then
|
||||||
|
rootfs_path="${path}/rootfs"
|
||||||
|
fi
|
||||||
|
config_path="${default_path}/${name}"
|
||||||
|
|
||||||
|
revert() {
|
||||||
|
echo "Interrupted, cleaning up"
|
||||||
|
lxc-destroy -n "${name}"
|
||||||
|
rm -rf "${path}/${name}"
|
||||||
|
rm -rf "${default_path}/${name}"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
trap revert SIGHUP SIGINT SIGTERM
|
||||||
|
|
||||||
|
copy_configuration $path $rootfs_path $name $arch
|
||||||
|
if [ ${?} -ne 0 ]; then
|
||||||
|
echo "failed to write configuration file"
|
||||||
|
rm -rf "${config_path}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ${#additional_packages[@]} -gt 0 ]; then
|
||||||
|
split_string ${additional_packages}
|
||||||
|
base_packages+=(${result[@]})
|
||||||
|
fi
|
||||||
|
|
||||||
|
mkdir -p "${rootfs_path}"
|
||||||
|
install_void $path $rootfs_path $name $arch
|
||||||
|
if [ ${?} -ne 0 ]; then
|
||||||
|
echo "failed to install Void Linux"
|
||||||
|
rm -rf "${config_path}" "${path}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat << EOF
|
||||||
|
Void container ${name} is successfully created! The configuration is
|
||||||
|
stored in ${config_path}/config. Please refer to http://www.voidlinux.eu
|
||||||
|
for information about configuring your Void installation.
|
||||||
|
EOF
|
67
srcpkgs/lxc/files/void.common.conf
Normal file
67
srcpkgs/lxc/files/void.common.conf
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
# Default pivot location
|
||||||
|
#lxc.pivotdir = lxc_putold
|
||||||
|
|
||||||
|
# Default mount entries
|
||||||
|
lxc.mount.entry = run run tmpfs rw,nosuid,nodev,mode=755 0 0
|
||||||
|
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
|
||||||
|
lxc.mount.entry = sysfs sys sysfs defaults 0 0
|
||||||
|
|
||||||
|
# Default console settings
|
||||||
|
lxc.tty = 6
|
||||||
|
lxc.pts = 1024
|
||||||
|
lxc.autodev = 1
|
||||||
|
|
||||||
|
# Default capabilities
|
||||||
|
lxc.cap.drop = sys_module mac_admin mac_override sys_time
|
||||||
|
|
||||||
|
# When using LXC with apparmor, the container will be confined by default.
|
||||||
|
# If you wish for it to instead run unconfined, copy the following line
|
||||||
|
# (uncommented) to the container's configuration file.
|
||||||
|
#lxc.aa_profile = unconfined
|
||||||
|
|
||||||
|
# To support container nesting on an Ubuntu host while retaining most of
|
||||||
|
# apparmor's added security, use the following two lines instead.
|
||||||
|
#lxc.aa_profile = lxc-container-default-with-nesting
|
||||||
|
#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
|
||||||
|
|
||||||
|
# If you wish to allow mounting block filesystems, then use the following
|
||||||
|
# line instead, and make sure to grant access to the block device and/or loop
|
||||||
|
# devices below in lxc.cgroup.devices.allow.
|
||||||
|
#lxc.aa_profile = lxc-container-default-with-mounting
|
||||||
|
|
||||||
|
# Default cgroup limits
|
||||||
|
lxc.cgroup.devices.deny = a
|
||||||
|
## Allow any mknod (but not using the node)
|
||||||
|
lxc.cgroup.devices.allow = c *:* m
|
||||||
|
lxc.cgroup.devices.allow = b *:* m
|
||||||
|
## /dev/null and zero
|
||||||
|
lxc.cgroup.devices.allow = c 1:3 rwm
|
||||||
|
lxc.cgroup.devices.allow = c 1:5 rwm
|
||||||
|
## consoles
|
||||||
|
lxc.cgroup.devices.allow = c 5:0 rwm
|
||||||
|
lxc.cgroup.devices.allow = c 5:1 rwm
|
||||||
|
## /dev/{,u}random
|
||||||
|
lxc.cgroup.devices.allow = c 1:8 rwm
|
||||||
|
lxc.cgroup.devices.allow = c 1:9 rwm
|
||||||
|
## /dev/pts/*
|
||||||
|
lxc.cgroup.devices.allow = c 5:2 rwm
|
||||||
|
lxc.cgroup.devices.allow = c 136:* rwm
|
||||||
|
## rtc
|
||||||
|
lxc.cgroup.devices.allow = c 254:0 rm
|
||||||
|
## fuse
|
||||||
|
lxc.cgroup.devices.allow = c 10:229 rwm
|
||||||
|
## tun
|
||||||
|
lxc.cgroup.devices.allow = c 10:200 rwm
|
||||||
|
## full
|
||||||
|
lxc.cgroup.devices.allow = c 1:7 rwm
|
||||||
|
## hpet
|
||||||
|
lxc.cgroup.devices.allow = c 10:228 rwm
|
||||||
|
## kvm
|
||||||
|
lxc.cgroup.devices.allow = c 10:232 rwm
|
||||||
|
## To use loop devices, copy the following line to the container's
|
||||||
|
## configuration file (uncommented).
|
||||||
|
#lxc.cgroup.devices.allow = b 7:* rwm
|
||||||
|
|
||||||
|
# Blacklist some syscalls which are not safe in privileged
|
||||||
|
# containers
|
||||||
|
lxc.seccomp = /usr/share/lxc/config/common.seccomp
|
|
@ -3,7 +3,7 @@ _desc="Linux Containers"
|
||||||
|
|
||||||
pkgname=lxc
|
pkgname=lxc
|
||||||
version=1.0.5
|
version=1.0.5
|
||||||
revision=2
|
revision=3
|
||||||
build_style=gnu-configure
|
build_style=gnu-configure
|
||||||
configure_args="--enable-doc --enable-seccomp --disable-apparmor --with-distro=none
|
configure_args="--enable-doc --enable-seccomp --disable-apparmor --with-distro=none
|
||||||
--with-rootfs-path=/var/lxc/containers --with-log-path=/var/lxc/log"
|
--with-rootfs-path=/var/lxc/containers --with-log-path=/var/lxc/log"
|
||||||
|
@ -30,6 +30,10 @@ post_install() {
|
||||||
vinstall ${FILESDIR}/service 644 usr/lib/systemd/system lxc@.service
|
vinstall ${FILESDIR}/service 644 usr/lib/systemd/system lxc@.service
|
||||||
vmkdir usr/share/bash-completion/completions
|
vmkdir usr/share/bash-completion/completions
|
||||||
mv ${DESTDIR}/etc/bash_completion.d/* ${DESTDIR}/usr/share/bash-completion/completions/
|
mv ${DESTDIR}/etc/bash_completion.d/* ${DESTDIR}/usr/share/bash-completion/completions/
|
||||||
|
# Install void lxc config/template.
|
||||||
|
vinstall ${FILESDIR}/void.common.conf 644 usr/share/lxc/config
|
||||||
|
vinstall ${FILESDIR}/lxc-void 755 usr/share/lxc/templates
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
liblxc_package() {
|
liblxc_package() {
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue