[mirror_lxc.git] / templates / lxc-busybox.in

#!/bin/bash

#
# lxc: linux Container library

# Authors:
# Daniel Lezcano <daniel.lezcano@free.fr>

# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.

# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.

# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

LXC_MAPPED_UID=
LXC_MAPPED_GID=

# Make sure the usual locations are in PATH
export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin

am_in_userns() {
    [ -e /proc/self/uid_map ] || { echo no; return; }
    [ "$(wc -l /proc/self/uid_map | awk '{ print $1 }')" -eq 1 ] || { echo yes; return; }
    line=$(awk '{ print $1 " " $2 " " $3 }' /proc/self/uid_map)
    [ "$line" = "0 0 4294967295" ] && { echo no; return; }
    echo yes
}

in_userns=0
[ $(am_in_userns) = "yes" ] && in_userns=1

install_busybox()
{
    rootfs=$1
    name=$2
    res=0
    tree="\
$rootfs/selinux \
$rootfs/dev \
$rootfs/home \
$rootfs/root \
$rootfs/etc \
$rootfs/etc/init.d \
$rootfs/bin \
$rootfs/usr/bin \
$rootfs/sbin \
$rootfs/usr/sbin \
$rootfs/proc \
$rootfs/sys \
$rootfs/mnt \
$rootfs/tmp \
$rootfs/var/log \
$rootfs/usr/share/udhcpc \
$rootfs/dev/pts \
$rootfs/dev/shm \
$rootfs/lib \
$rootfs/usr/lib \
$rootfs/lib64 \
$rootfs/usr/lib64"

    mkdir -p $tree || return 1
    chmod 755 $tree || return 1

    pushd $rootfs/dev > /dev/null || return 1

    # minimal devices needed for busybox
    if [ $in_userns -eq 1 ]; then
        for dev in tty console tty0 tty1 ram0 null urandom; do
            echo "lxc.mount.entry = /dev/$dev dev/$dev    none bind,optional,create=file 0 0" >> $path/config
        done
    else
        mknod -m 666 tty c 5 0       || res=1
        mknod -m 666 console c 5 1   || res=1
        mknod -m 666 tty0 c 4 0      || res=1
        mknod -m 666 tty1 c 4 0      || res=1
        mknod -m 666 tty5 c 4 0      || res=1
        mknod -m 600 ram0 b 1 0      || res=1
        mknod -m 666 null c 1 3      || res=1
        mknod -m 666 zero c 1 5      || res=1
        mknod -m 666 urandom c 1 9   || res=1
    fi

    popd > /dev/null

    # root user defined
    cat <<EOF >> $rootfs/etc/passwd
root:x:0:0:root:/root:/bin/sh
EOF

    cat <<EOF >> $rootfs/etc/group
root:x:0:root
EOF

    # mount everything
    cat <<EOF >> $rootfs/etc/init.d/rcS
#!/bin/sh
/bin/syslogd
/bin/mount -a
/bin/udhcpc
EOF

    # executable
    chmod 744 $rootfs/etc/init.d/rcS || return 1

    # launch rcS first then make a console available
    # and propose a shell on the tty, the last one is
    # not needed
    cat <<EOF >> $rootfs/etc/inittab
::sysinit:/etc/init.d/rcS
tty1::respawn:/bin/getty -L tty1 115200 vt100
console::askfirst:/bin/sh
EOF
    # writable and readable for other
    chmod 644 $rootfs/etc/inittab || return 1

    cat <<EOF >> $rootfs/usr/share/udhcpc/default.script
#!/bin/sh
case "\$1" in
    deconfig)
        ip addr flush dev \$interface
        ;;

    renew|bound)
        # flush all the routes
        if [ -n "\$router" ]; then
            ip route del default 2> /dev/null
        fi

        # check broadcast
        if [ -n "\$broadcast" ]; then
            broadcast="broadcast \$broadcast"
        fi

        # add a new ip address
        ip addr add \$ip/\$mask \$broadcast dev \$interface

        if [ -n "\$router" ]; then
            ip route add default via \$router dev \$interface
        fi

        [ -n "\$domain" ] && echo search \$domain > /etc/resolv.conf
        for i in \$dns ; do
            echo nameserver \$i >> /etc/resolv.conf
        done
        ;;
esac
exit 0
EOF

    chmod 744 $rootfs/usr/share/udhcpc/default.script

    return $res
}

configure_busybox()
{
    rootfs=$1

    which busybox >/dev/null 2>&1

    if [ $? -ne 0 ]; then
        echo "busybox executable is not accessible"
        return 1
    fi

    file -L $(which busybox) | grep -q "statically linked"
    if [ $? -ne 0 ]; then
        echo "warning : busybox is not statically linked."
        echo "warning : The template script may not correctly"
        echo "warning : setup the container environment."
    fi

    # copy busybox in the rootfs
    cp $(which busybox) $rootfs/bin
    if [ $? -ne 0 ]; then
        echo "failed to copy busybox in the rootfs"
        return 1
    fi

    # symlink busybox for the commands it supports
    # it would be nice to just use "chroot $rootfs busybox --install -s /bin"
    # but that only works right in a chroot with busybox >= 1.19.0
    pushd $rootfs/bin > /dev/null || return 1
    ./busybox --help | grep 'Currently defined functions:' -A300 | \
      grep -v 'Currently defined functions:' | tr , '\n' | \
      xargs -n1 ln -s busybox
    popd > /dev/null

    # relink /sbin/init
    ln $rootfs/bin/busybox $rootfs/sbin/init

    # passwd exec must be setuid
    chmod +s $rootfs/bin/passwd
    touch $rootfs/etc/shadow

    # setting passwd for root
    CHPASSWD_FILE=$rootfs/root/chpasswd.sh

    cat <<EOF >$CHPASSWD_FILE
echo "setting root password to \"root\""

mount -n --bind /lib $rootfs/lib
if [ \$? -ne 0 ]; then
    echo "Failed bind-mounting /lib at $rootfs/lib"
    exit 1
fi

chroot $rootfs chpasswd <<EOFF 2>/dev/null
root:root
EOFF


if [ \$? -ne 0 ]; then
    echo "Failed to change root password"
    exit 1
fi

umount $rootfs/lib

EOF

    lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE
    rm $CHPASSWD_FILE

    # add ssh functionality if dropbear package available on host
    which dropbear >/dev/null 2>&1
    if [ $? -eq 0 ]; then
        # copy dropbear binary
        cp $(which dropbear) $rootfs/usr/sbin
        if [ $? -ne 0 ]; then
            echo "Failed to copy dropbear in the rootfs"
            return 1
        fi

        # make symlinks to various ssh utilities
        utils="\
            $rootfs/usr/bin/dbclient \
            $rootfs/usr/bin/scp \
            $rootfs/usr/bin/ssh \
            $rootfs/usr/sbin/dropbearkey \
            $rootfs/usr/sbin/dropbearconvert \
        "
        echo $utils | xargs -n1 ln -s /usr/sbin/dropbear

        # add necessary config files
        mkdir $rootfs/etc/dropbear
        dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key > /dev/null 2>&1
        dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key > /dev/null 2>&1

        echo "'dropbear' ssh utility installed"
    fi

    return 0
}

copy_configuration()
{
    path=$1
    rootfs=$2
    name=$3

grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
cat <<EOF >> $path/config
lxc.haltsignal = SIGUSR1
lxc.rebootsignal = SIGTERM
lxc.utsname = $name
lxc.tty = 1
lxc.pts = 1
lxc.cap.drop = sys_module mac_admin mac_override sys_time

# When using LXC with apparmor, uncomment the next line to run unconfined:
#lxc.aa_profile = unconfined

lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
lxc.mount.entry = shm /dev/shm tmpfs defaults 0 0
EOF

    libdirs="\
        lib \
        usr/lib \
        lib64 \
        usr/lib64"

    for dir in $libdirs; do
        if [ -d "/$dir" ] && [ -d "$rootfs/$dir" ]; then
            echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >> $path/config
        fi
    done
    echo "lxc.mount.entry = /sys/kernel/security sys/kernel/security none ro,bind,optional 0 0" >>$path/config
}

remap_userns()
{
    path=$1

    if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
        chown $LXC_MAPPED_UID $path/config >/dev/null 2>&1
        chown -R root $path/rootfs >/dev/null 2>&1
    fi

    if [ -n "$LXC_MAPPED_GID" ] && [ "$LXC_MAPPED_GID" != "-1" ]; then
        chgrp $LXC_MAPPED_GID $path/config >/dev/null 2>&1
        chgrp -R root $path/rootfs >/dev/null 2>&1
    fi
}

usage()
{
    cat <<EOF
$1 -h|--help -p|--path=<path>
EOF
    return 0
}

options=$(getopt -o hp:n: -l help,rootfs:,path:,name:,mapped-uid:,mapped-gid: -- "$@")
if [ $? -ne 0 ]; then
    usage $(basename $0)
    exit 1
fi
eval set -- "$options"

while true
do
    case "$1" in
        -h|--help)      usage $0 && exit 0;;
        -p|--path)      path=$2; shift 2;;
        --rootfs)       rootfs=$2; shift 2;;
        -n|--name)      name=$2; shift 2;;
        --mapped-uid)   LXC_MAPPED_UID=$2; shift 2;;
        --mapped-gid)   LXC_MAPPED_GID=$2; shift 2;;
        --)             shift 1; break ;;
        *)              break ;;
    esac
done

if [ "$(id -u)" != "0" ]; then
    echo "This script should be run as 'root'"
    exit 1
fi

if [ -z "$path" ]; then
    echo "'path' parameter is required"
    exit 1
fi

# detect rootfs
config="$path/config"
if [ -z "$rootfs" ]; then
    if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
        rootfs=$(awk -F= '/^lxc.rootfs =/{ print $2 }' $config)
    else
        rootfs=$path/rootfs
    fi
fi

install_busybox $rootfs $name
if [ $? -ne 0 ]; then
    echo "failed to install busybox's rootfs"
    exit 1
fi

configure_busybox $rootfs
if [ $? -ne 0 ]; then
    echo "failed to configure busybox template"
    exit 1
fi

copy_configuration $path $rootfs $name
if [ $? -ne 0 ]; then
    echo "failed to write configuration file"
    exit 1
fi

remap_userns $path
if [ $? -ne 0 ]; then
    echo "failed to remap files to user"
    exit 1
fi
Commit	Line	Data
eb960fea DL	1	#!/bin/bash
	2
	3	#
	4	# lxc: linux Container library
	5
	6	# Authors:
	7	# Daniel Lezcano <daniel.lezcano@free.fr>
	8
	9	# This library is free software; you can redistribute it and/or
	10	# modify it under the terms of the GNU Lesser General Public
	11	# License as published by the Free Software Foundation; either
	12	# version 2.1 of the License, or (at your option) any later version.
	13
	14	# This library is distributed in the hope that it will be useful,
	15	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	17	# Lesser General Public License for more details.
	18
	19	# You should have received a copy of the GNU Lesser General Public
	20	# License along with this library; if not, write to the Free Software
250b1eec	21	# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
eb960fea	22
a542dd3c BP	23	LXC_MAPPED_UID=
a542dd3c BP	24	LXC_MAPPED_GID=
8ec981fc	25
207bf0e4 SG	26	# Make sure the usual locations are in PATH
	27	export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
	28
9e214906 SH	29	am_in_userns() {
	30	[ -e /proc/self/uid_map ] \|\| { echo no; return; }
	31	[ "$(wc -l /proc/self/uid_map \| awk '{ print $1 }')" -eq 1 ] \|\| { echo yes; return; }
	32	line=$(awk '{ print $1 " " $2 " " $3 }' /proc/self/uid_map)
	33	[ "$line" = "0 0 4294967295" ] && { echo no; return; }
	34	echo yes
	35	}
	36
	37	in_userns=0
	38	[ $(am_in_userns) = "yes" ] && in_userns=1
	39
eb960fea DL	40	install_busybox()
	41	{
	42	rootfs=$1
	43	name=$2
	44	res=0
	45	tree="\
32b37181	46	$rootfs/selinux \
eb960fea DL	47	$rootfs/dev \
	48	$rootfs/home \
	49	$rootfs/root \
	50	$rootfs/etc \
	51	$rootfs/etc/init.d \
	52	$rootfs/bin \
c94e60d1	53	$rootfs/usr/bin \
eb960fea	54	$rootfs/sbin \
c94e60d1	55	$rootfs/usr/sbin \
eb960fea	56	$rootfs/proc \
fefddf9f	57	$rootfs/sys \
eb960fea DL	58	$rootfs/mnt \
	59	$rootfs/tmp \
	60	$rootfs/var/log \
	61	$rootfs/usr/share/udhcpc \
10e657e5	62	$rootfs/dev/pts \
bf6cc736 DL	63	$rootfs/dev/shm \
	64	$rootfs/lib \
	65	$rootfs/usr/lib \
	66	$rootfs/lib64 \
	67	$rootfs/usr/lib64"
eb960fea DL	68
	69	mkdir -p $tree \|\| return 1
	70	chmod 755 $tree \|\| return 1
	71
	72	pushd $rootfs/dev > /dev/null \|\| return 1
	73
	74	# minimal devices needed for busybox
9e214906	75	if [ $in_userns -eq 1 ]; then
cfe615f0	76	for dev in tty console tty0 tty1 ram0 null urandom; do
f24a52d5	77	echo "lxc.mount.entry = /dev/$dev dev/$dev none bind,optional,create=file 0 0" >> $path/config
9e214906 SH	78	done
9e214906 SH	79	else
fbbc1539 DE	80	mknod -m 666 tty c 5 0 \|\| res=1
	81	mknod -m 666 console c 5 1 \|\| res=1
	82	mknod -m 666 tty0 c 4 0 \|\| res=1
	83	mknod -m 666 tty1 c 4 0 \|\| res=1
	84	mknod -m 666 tty5 c 4 0 \|\| res=1
	85	mknod -m 600 ram0 b 1 0 \|\| res=1
	86	mknod -m 666 null c 1 3 \|\| res=1
	87	mknod -m 666 zero c 1 5 \|\| res=1
	88	mknod -m 666 urandom c 1 9 \|\| res=1
9e214906	89	fi
eb960fea DL	90
	91	popd > /dev/null
	92
	93	# root user defined
	94	cat <<EOF >> $rootfs/etc/passwd
	95	root:x:0:0:root:/root:/bin/sh
	96	EOF
	97
	98	cat <<EOF >> $rootfs/etc/group
	99	root:x:0:root
	100	EOF
	101
eb960fea DL	102	# mount everything
	103	cat <<EOF >> $rootfs/etc/init.d/rcS
	104	#!/bin/sh
b09ecaf3 DL	105	/bin/syslogd
	106	/bin/mount -a
	107	/bin/udhcpc
eb960fea DL	108	EOF
	109
	110	# executable
	111	chmod 744 $rootfs/etc/init.d/rcS \|\| return 1
	112
eb960fea DL	113	# launch rcS first then make a console available
	114	# and propose a shell on the tty, the last one is
	115	# not needed
	116	cat <<EOF >> $rootfs/etc/inittab
	117	::sysinit:/etc/init.d/rcS
0016af97 DL	118	tty1::respawn:/bin/getty -L tty1 115200 vt100
0016af97 DL	119	console::askfirst:/bin/sh
eb960fea DL	120	EOF
	121	# writable and readable for other
	122	chmod 644 $rootfs/etc/inittab \|\| return 1
	123
	124	cat <<EOF >> $rootfs/usr/share/udhcpc/default.script
	125	#!/bin/sh
eb960fea	126	case "\$1" in
14d9c0f0 SG	127	deconfig)
	128	ip addr flush dev \$interface
	129	;;
	130
	131	renew\|bound)
	132	# flush all the routes
	133	if [ -n "\$router" ]; then
	134	ip route del default 2> /dev/null
	135	fi
	136
	137	# check broadcast
	138	if [ -n "\$broadcast" ]; then
	139	broadcast="broadcast \$broadcast"
	140	fi
	141
	142	# add a new ip address
	143	ip addr add \$ip/\$mask \$broadcast dev \$interface
	144
	145	if [ -n "\$router" ]; then
	146	ip route add default via \$router dev \$interface
	147	fi
	148
	149	[ -n "\$domain" ] && echo search \$domain > /etc/resolv.conf
	150	for i in \$dns ; do
	151	echo nameserver \$i >> /etc/resolv.conf
	152	done
	153	;;
eb960fea DL	154	esac
	155	exit 0
	156	EOF
	157
	158	chmod 744 $rootfs/usr/share/udhcpc/default.script
	159
	160	return $res
	161	}
	162
	163	configure_busybox()
	164	{
	165	rootfs=$1
	166
169bf5e0	167	which busybox >/dev/null 2>&1
7674618c	168
eb960fea	169	if [ $? -ne 0 ]; then
14d9c0f0 SG	170	echo "busybox executable is not accessible"
14d9c0f0 SG	171	return 1
eb960fea DL	172	fi
eb960fea DL	173
50dbb820	174	file -L $(which busybox) \| grep -q "statically linked"
32b37181	175	if [ $? -ne 0 ]; then
14d9c0f0 SG	176	echo "warning : busybox is not statically linked."
	177	echo "warning : The template script may not correctly"
	178	echo "warning : setup the container environment."
32b37181 DL	179	fi
32b37181 DL	180
eb960fea DL	181	# copy busybox in the rootfs
	182	cp $(which busybox) $rootfs/bin
	183	if [ $? -ne 0 ]; then
14d9c0f0 SG	184	echo "failed to copy busybox in the rootfs"
14d9c0f0 SG	185	return 1
eb960fea DL	186	fi
eb960fea DL	187
6902a6c6 DE	188	# symlink busybox for the commands it supports
	189	# it would be nice to just use "chroot $rootfs busybox --install -s /bin"
	190	# but that only works right in a chroot with busybox >= 1.19.0
	191	pushd $rootfs/bin > /dev/null \|\| return 1
	192	./busybox --help \| grep 'Currently defined functions:' -A300 \| \
	193	grep -v 'Currently defined functions:' \| tr , '\n' \| \
	194	xargs -n1 ln -s busybox
	195	popd > /dev/null
eb960fea DL	196
	197	# relink /sbin/init
	198	ln $rootfs/bin/busybox $rootfs/sbin/init
	199
	200	# passwd exec must be setuid
	201	chmod +s $rootfs/bin/passwd
32b37181	202	touch $rootfs/etc/shadow
19d618b1	203
ce4c4ca4 BP	204	# setting passwd for root
	205	CHPASSWD_FILE=$rootfs/root/chpasswd.sh
	206
	207	cat <<EOF >$CHPASSWD_FILE
	208	echo "setting root password to \"root\""
	209
7a409fd5	210	mount -n --bind /lib $rootfs/lib
ce4c4ca4 BP	211	if [ \$? -ne 0 ]; then
	212	echo "Failed bind-mounting /lib at $rootfs/lib"
	213	exit 1
	214	fi
	215
	216	chroot $rootfs chpasswd <<EOFF 2>/dev/null
	217	root:root
	218	EOFF
	219
	220
	221	if [ \$? -ne 0 ]; then
	222	echo "Failed to change root password"
	223	exit 1
	224	fi
	225
	226	umount $rootfs/lib
	227
	228	EOF
	229
	230	lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE
	231	rm $CHPASSWD_FILE
c94e60d1 PBB	232
c94e60d1 PBB	233	# add ssh functionality if dropbear package available on host
169bf5e0	234	which dropbear >/dev/null 2>&1
c94e60d1 PBB	235	if [ $? -eq 0 ]; then
	236	# copy dropbear binary
	237	cp $(which dropbear) $rootfs/usr/sbin
	238	if [ $? -ne 0 ]; then
	239	echo "Failed to copy dropbear in the rootfs"
	240	return 1
	241	fi
	242
	243	# make symlinks to various ssh utilities
	244	utils="\
	245	$rootfs/usr/bin/dbclient \
	246	$rootfs/usr/bin/scp \
	247	$rootfs/usr/bin/ssh \
	248	$rootfs/usr/sbin/dropbearkey \
	249	$rootfs/usr/sbin/dropbearconvert \
	250	"
	251	echo $utils \| xargs -n1 ln -s /usr/sbin/dropbear
	252
	253	# add necessary config files
	254	mkdir $rootfs/etc/dropbear
17abf278 ER	255	dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key > /dev/null 2>&1
17abf278 ER	256	dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key > /dev/null 2>&1
c94e60d1 PBB	257
	258	echo "'dropbear' ssh utility installed"
	259	fi
	260
eb960fea DL	261	return 0
	262	}
	263
	264	copy_configuration()
	265	{
	266	path=$1
	267	rootfs=$2
	268	name=$3
	269
1881820a	270	grep -q "^lxc.rootfs" $path/config 2>/dev/null \|\| echo "lxc.rootfs = $rootfs" >> $path/config
eb960fea	271	cat <<EOF >> $path/config
f0f1d8c0	272	lxc.haltsignal = SIGUSR1
22fb28a9	273	lxc.rebootsignal = SIGTERM
eb960fea DL	274	lxc.utsname = $name
eb960fea DL	275	lxc.tty = 1
32b37181	276	lxc.pts = 1
eee3ba81	277	lxc.cap.drop = sys_module mac_admin mac_override sys_time
69d66f1e SG	278
	279	# When using LXC with apparmor, uncomment the next line to run unconfined:
	280	#lxc.aa_profile = unconfined
f24a52d5 SG	281
	282	lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
	283	lxc.mount.entry = shm /dev/shm tmpfs defaults 0 0
1881820a SH	284	EOF
1881820a SH	285
6bc424b5	286	libdirs="\
5d01f616 SG	287	lib \
	288	usr/lib \
	289	lib64 \
	290	usr/lib64"
6bc424b5 SY	291
6bc424b5 SY	292	for dir in $libdirs; do
5d01f616	293	if [ -d "/$dir" ] && [ -d "$rootfs/$dir" ]; then
eba7df9e	294	echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >> $path/config
6bc424b5 SY	295	fi
6bc424b5 SY	296	done
7f1dea04	297	echo "lxc.mount.entry = /sys/kernel/security sys/kernel/security none ro,bind,optional 0 0" >>$path/config
eb960fea DL	298	}
eb960fea DL	299
a542dd3c BP	300	remap_userns()
	301	{
	302	path=$1
	303
	304	if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
f24a52d5	305	chown $LXC_MAPPED_UID $path/config >/dev/null 2>&1
a542dd3c BP	306	chown -R root $path/rootfs >/dev/null 2>&1
	307	fi
	308
	309	if [ -n "$LXC_MAPPED_GID" ] && [ "$LXC_MAPPED_GID" != "-1" ]; then
f24a52d5	310	chgrp $LXC_MAPPED_GID $path/config >/dev/null 2>&1
a542dd3c BP	311	chgrp -R root $path/rootfs >/dev/null 2>&1
	312	fi
	313	}
	314
eb960fea DL	315	usage()
	316	{
	317	cat <<EOF
	318	$1 -h\|--help -p\|--path=<path>
	319	EOF
	320	return 0
	321	}
	322
a542dd3c	323	options=$(getopt -o hp:n: -l help,rootfs:,path:,name:,mapped-uid:,mapped-gid: -- "$@")
eb960fea	324	if [ $? -ne 0 ]; then
14d9c0f0 SG	325	usage $(basename $0)
14d9c0f0 SG	326	exit 1
eb960fea DL	327	fi
	328	eval set -- "$options"
	329
	330	while true
	331	do
	332	case "$1" in
	333	-h\|--help) usage $0 && exit 0;;
	334	-p\|--path) path=$2; shift 2;;
1897e3bc	335	--rootfs) rootfs=$2; shift 2;;
14d9c0f0	336	-n\|--name) name=$2; shift 2;;
a542dd3c BP	337	--mapped-uid) LXC_MAPPED_UID=$2; shift 2;;
a542dd3c BP	338	--mapped-gid) LXC_MAPPED_GID=$2; shift 2;;
eb960fea DL	339	--) shift 1; break ;;
	340	*) break ;;
	341	esac
	342	done
	343
	344	if [ "$(id -u)" != "0" ]; then
	345	echo "This script should be run as 'root'"
	346	exit 1
	347	fi
	348
	349	if [ -z "$path" ]; then
	350	echo "'path' parameter is required"
	351	exit 1
	352	fi
	353
1881820a SH	354	# detect rootfs
1881820a SH	355	config="$path/config"
1897e3bc SH	356	if [ -z "$rootfs" ]; then
1897e3bc SH	357	if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
853d58fd	358	rootfs=$(awk -F= '/^lxc.rootfs =/{ print $2 }' $config)
1897e3bc SH	359	else
	360	rootfs=$path/rootfs
	361	fi
1881820a	362	fi
eb960fea DL	363
	364	install_busybox $rootfs $name
	365	if [ $? -ne 0 ]; then
	366	echo "failed to install busybox's rootfs"
	367	exit 1
	368	fi
	369
	370	configure_busybox $rootfs
	371	if [ $? -ne 0 ]; then
	372	echo "failed to configure busybox template"
	373	exit 1
	374	fi
	375
	376	copy_configuration $path $rootfs $name
	377	if [ $? -ne 0 ]; then
	378	echo "failed to write configuration file"
	379	exit 1
	380	fi
a542dd3c BP	381
	382	remap_userns $path
	383	if [ $? -ne 0 ]; then
	384	echo "failed to remap files to user"
	385	exit 1
	386	fi