[mirror_lxc.git] / templates / lxc-busybox.in

#!/bin/bash

#
# lxc: linux Container library

# Authors:
# Daniel Lezcano <daniel.lezcano@free.fr>

# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.

# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.

# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

install_busybox()
{
    rootfs=$1
    name=$2
    res=0
    tree="\
$rootfs/selinux \
$rootfs/dev \
$rootfs/home \
$rootfs/root \
$rootfs/etc \
$rootfs/etc/init.d \
$rootfs/bin \
$rootfs/usr/bin \
$rootfs/sbin \
$rootfs/usr/sbin \
$rootfs/proc \
$rootfs/mnt \
$rootfs/tmp \
$rootfs/var/log \
$rootfs/usr/share/udhcpc \
$rootfs/dev/pts \
$rootfs/dev/shm \
$rootfs/lib \
$rootfs/usr/lib \
$rootfs/lib64 \
$rootfs/usr/lib64"

    mkdir -p $tree || return 1
    chmod 755 $tree || return 1

    pushd $rootfs/dev > /dev/null || return 1

    # minimal devices needed for busybox
    mknod tty c 5 0       || res=1
    mknod console c 5 1   || res=1
    chmod 666 tty console || res=1
    mknod tty0 c 4 0      || res=1
    mknod tty1 c 4 0      || res=1
    mknod tty5 c 4 0      || res=1
    chmod 666 tty0        || res=1
    mknod ram0 b 1 0      || res=1
    chmod 600 ram0        || res=1
    mknod null c 1 3      || res=1
    chmod 666 null        || res=1
    mknod urandom c 1 9   || res=1
    chmod 666 urandom     || res=1

    popd > /dev/null

    # root user defined
    cat <<EOF >> $rootfs/etc/passwd
root:x:0:0:root:/root:/bin/sh
EOF

    cat <<EOF >> $rootfs/etc/group
root:x:0:root
EOF

    # mount everything
    cat <<EOF >> $rootfs/etc/init.d/rcS
#!/bin/sh
/bin/syslogd
/bin/mount -a
/bin/udhcpc
EOF

    # executable
    chmod 744 $rootfs/etc/init.d/rcS || return 1

    # mount points
    cat <<EOF >> $rootfs/etc/fstab
proc  /proc      proc    defaults     0      0
shm   /dev/shm   tmpfs   defaults     0      0
EOF

    # writable and readable for other
    chmod 644 $rootfs/etc/fstab || return 1

    # launch rcS first then make a console available
    # and propose a shell on the tty, the last one is
    # not needed
    cat <<EOF >> $rootfs/etc/inittab
::sysinit:/etc/init.d/rcS
tty1::respawn:/bin/getty -L tty1 115200 vt100
console::askfirst:/bin/sh
EOF
    # writable and readable for other
    chmod 644 $rootfs/etc/inittab || return 1

    cat <<EOF >> $rootfs/usr/share/udhcpc/default.script
#!/bin/sh
case "\$1" in
    deconfig)
        ip addr flush dev \$interface
        ;;

    renew|bound)
        # flush all the routes
        if [ -n "\$router" ]; then
            ip route del default 2> /dev/null
        fi

        # check broadcast
        if [ -n "\$broadcast" ]; then
            broadcast="broadcast \$broadcast"
        fi

        # add a new ip address
        ip addr add \$ip/\$mask \$broadcast dev \$interface

        if [ -n "\$router" ]; then
            ip route add default via \$router dev \$interface
        fi

        [ -n "\$domain" ] && echo search \$domain > /etc/resolv.conf
        for i in \$dns ; do
            echo nameserver \$i >> /etc/resolv.conf
        done
        ;;
esac
exit 0
EOF

    chmod 744 $rootfs/usr/share/udhcpc/default.script

    return $res
}

configure_busybox()
{
    rootfs=$1

    which busybox >/dev/null 2>&1

    if [ $? -ne 0 ]; then
        echo "busybox executable is not accessible"
        return 1
    fi

    file $(which busybox) | grep -q "statically linked"
    if [ $? -ne 0 ]; then
        echo "warning : busybox is not statically linked."
        echo "warning : The template script may not correctly"
        echo "warning : setup the container environment."
    fi

    # copy busybox in the rootfs
    cp $(which busybox) $rootfs/bin
    if [ $? -ne 0 ]; then
        echo "failed to copy busybox in the rootfs"
        return 1
    fi

    # symlink busybox for the commands it supports
    # it would be nice to just use "chroot $rootfs busybox --install -s /bin"
    # but that only works right in a chroot with busybox >= 1.19.0
    pushd $rootfs/bin > /dev/null || return 1
    ./busybox --help | grep 'Currently defined functions:' -A300 | \
      grep -v 'Currently defined functions:' | tr , '\n' | \
      xargs -n1 ln -s busybox
    popd > /dev/null

    # relink /sbin/init
    ln $rootfs/bin/busybox $rootfs/sbin/init

    # passwd exec must be setuid
    chmod +s $rootfs/bin/passwd
    touch $rootfs/etc/shadow

    # setting passwd for root
    CHPASSWD_FILE=$rootfs/root/chpasswd.sh

    cat <<EOF >$CHPASSWD_FILE
echo "setting root password to \"root\""

mount --bind /lib $rootfs/lib
if [ \$? -ne 0 ]; then
    echo "Failed bind-mounting /lib at $rootfs/lib"
    exit 1
fi

chroot $rootfs chpasswd <<EOFF 2>/dev/null
root:root
EOFF


if [ \$? -ne 0 ]; then
    echo "Failed to change root password"
    exit 1
fi

umount $rootfs/lib

EOF

    lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE
    rm $CHPASSWD_FILE

    # add ssh functionality if dropbear package available on host
    which dropbear >/dev/null 2>&1
    if [ $? -eq 0 ]; then
        # copy dropbear binary
        cp $(which dropbear) $rootfs/usr/sbin
        if [ $? -ne 0 ]; then
            echo "Failed to copy dropbear in the rootfs"
            return 1
        fi

        # make symlinks to various ssh utilities
        utils="\
            $rootfs/usr/bin/dbclient \
            $rootfs/usr/bin/scp \
            $rootfs/usr/bin/ssh \
            $rootfs/usr/sbin/dropbearkey \
            $rootfs/usr/sbin/dropbearconvert \
        "
        echo $utils | xargs -n1 ln -s /usr/sbin/dropbear

        # add necessary config files
        mkdir $rootfs/etc/dropbear
        dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key &> /dev/null
        dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key &> /dev/null

        echo "'dropbear' ssh utility installed"
    fi

    return 0
}

copy_configuration()
{
    path=$1
    rootfs=$2
    name=$3

grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
cat <<EOF >> $path/config
lxc.utsname = $name
lxc.tty = 1
lxc.pts = 1

# When using LXC with apparmor, uncomment the next line to run unconfined:
#lxc.aa_profile = unconfined
EOF

if [ -d "$rootfs/lib" ]; then
cat <<EOF >> $path/config
lxc.mount.entry = /lib $rootfs/lib none ro,bind 0 0
lxc.mount.entry = /usr/lib $rootfs/usr/lib none ro,bind 0 0
EOF
fi

    libdirs="\
        lib \
        usr/lib \
        lib64 \
        usr/lib64"

    for dir in $libdirs; do
        if [ -d "/$dir" ] && [ -d "$rootfs/$dir" ]; then
            echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >> $path/config
        fi
    done
}

usage()
{
    cat <<EOF
$1 -h|--help -p|--path=<path>
EOF
    return 0
}

options=$(getopt -o hp:n: -l help,path:,name: -- "$@")
if [ $? -ne 0 ]; then
    usage $(basename $0)
    exit 1
fi
eval set -- "$options"

while true
do
    case "$1" in
        -h|--help)      usage $0 && exit 0;;
        -p|--path)      path=$2; shift 2;;
        -n|--name)      name=$2; shift 2;;
        --)             shift 1; break ;;
        *)              break ;;
    esac
done

if [ "$(id -u)" != "0" ]; then
    echo "This script should be run as 'root'"
    exit 1
fi

if [ -z "$path" ]; then
    echo "'path' parameter is required"
    exit 1
fi

# detect rootfs
config="$path/config"
if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
    rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
else
    rootfs=$path/rootfs
fi

install_busybox $rootfs $name
if [ $? -ne 0 ]; then
    echo "failed to install busybox's rootfs"
    exit 1
fi

configure_busybox $rootfs
if [ $? -ne 0 ]; then
    echo "failed to configure busybox template"
    exit 1
fi

copy_configuration $path $rootfs $name
if [ $? -ne 0 ]; then
    echo "failed to write configuration file"
    exit 1
fi
Commit	Line	Data
eb960fea DL	1	#!/bin/bash
	2
	3	#
	4	# lxc: linux Container library
	5
	6	# Authors:
	7	# Daniel Lezcano <daniel.lezcano@free.fr>
	8
	9	# This library is free software; you can redistribute it and/or
	10	# modify it under the terms of the GNU Lesser General Public
	11	# License as published by the Free Software Foundation; either
	12	# version 2.1 of the License, or (at your option) any later version.
	13
	14	# This library is distributed in the hope that it will be useful,
	15	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	17	# Lesser General Public License for more details.
	18
	19	# You should have received a copy of the GNU Lesser General Public
	20	# License along with this library; if not, write to the Free Software
	21	# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	22
	23	install_busybox()
	24	{
	25	rootfs=$1
	26	name=$2
	27	res=0
	28	tree="\
32b37181	29	$rootfs/selinux \
eb960fea DL	30	$rootfs/dev \
	31	$rootfs/home \
	32	$rootfs/root \
	33	$rootfs/etc \
	34	$rootfs/etc/init.d \
	35	$rootfs/bin \
c94e60d1	36	$rootfs/usr/bin \
eb960fea	37	$rootfs/sbin \
c94e60d1	38	$rootfs/usr/sbin \
eb960fea DL	39	$rootfs/proc \
	40	$rootfs/mnt \
	41	$rootfs/tmp \
	42	$rootfs/var/log \
	43	$rootfs/usr/share/udhcpc \
10e657e5	44	$rootfs/dev/pts \
bf6cc736 DL	45	$rootfs/dev/shm \
	46	$rootfs/lib \
	47	$rootfs/usr/lib \
	48	$rootfs/lib64 \
	49	$rootfs/usr/lib64"
eb960fea DL	50
	51	mkdir -p $tree \|\| return 1
	52	chmod 755 $tree \|\| return 1
	53
	54	pushd $rootfs/dev > /dev/null \|\| return 1
	55
	56	# minimal devices needed for busybox
	57	mknod tty c 5 0 \|\| res=1
	58	mknod console c 5 1 \|\| res=1
	59	chmod 666 tty console \|\| res=1
	60	mknod tty0 c 4 0 \|\| res=1
	61	mknod tty1 c 4 0 \|\| res=1
	62	mknod tty5 c 4 0 \|\| res=1
	63	chmod 666 tty0 \|\| res=1
	64	mknod ram0 b 1 0 \|\| res=1
	65	chmod 600 ram0 \|\| res=1
	66	mknod null c 1 3 \|\| res=1
	67	chmod 666 null \|\| res=1
c94e60d1 PBB	68	mknod urandom c 1 9 \|\| res=1
c94e60d1 PBB	69	chmod 666 urandom \|\| res=1
eb960fea DL	70
	71	popd > /dev/null
	72
	73	# root user defined
	74	cat <<EOF >> $rootfs/etc/passwd
	75	root:x:0:0:root:/root:/bin/sh
	76	EOF
	77
	78	cat <<EOF >> $rootfs/etc/group
	79	root:x:0:root
	80	EOF
	81
eb960fea DL	82	# mount everything
	83	cat <<EOF >> $rootfs/etc/init.d/rcS
	84	#!/bin/sh
b09ecaf3 DL	85	/bin/syslogd
	86	/bin/mount -a
	87	/bin/udhcpc
eb960fea DL	88	EOF
	89
	90	# executable
	91	chmod 744 $rootfs/etc/init.d/rcS \|\| return 1
	92
	93	# mount points
	94	cat <<EOF >> $rootfs/etc/fstab
	95	proc /proc proc defaults 0 0
	96	shm /dev/shm tmpfs defaults 0 0
	97	EOF
	98
	99	# writable and readable for other
	100	chmod 644 $rootfs/etc/fstab \|\| return 1
	101
	102	# launch rcS first then make a console available
	103	# and propose a shell on the tty, the last one is
	104	# not needed
	105	cat <<EOF >> $rootfs/etc/inittab
	106	::sysinit:/etc/init.d/rcS
0016af97 DL	107	tty1::respawn:/bin/getty -L tty1 115200 vt100
0016af97 DL	108	console::askfirst:/bin/sh
eb960fea DL	109	EOF
	110	# writable and readable for other
	111	chmod 644 $rootfs/etc/inittab \|\| return 1
	112
	113	cat <<EOF >> $rootfs/usr/share/udhcpc/default.script
	114	#!/bin/sh
eb960fea	115	case "\$1" in
14d9c0f0 SG	116	deconfig)
	117	ip addr flush dev \$interface
	118	;;
	119
	120	renew\|bound)
	121	# flush all the routes
	122	if [ -n "\$router" ]; then
	123	ip route del default 2> /dev/null
	124	fi
	125
	126	# check broadcast
	127	if [ -n "\$broadcast" ]; then
	128	broadcast="broadcast \$broadcast"
	129	fi
	130
	131	# add a new ip address
	132	ip addr add \$ip/\$mask \$broadcast dev \$interface
	133
	134	if [ -n "\$router" ]; then
	135	ip route add default via \$router dev \$interface
	136	fi
	137
	138	[ -n "\$domain" ] && echo search \$domain > /etc/resolv.conf
	139	for i in \$dns ; do
	140	echo nameserver \$i >> /etc/resolv.conf
	141	done
	142	;;
eb960fea DL	143	esac
	144	exit 0
	145	EOF
	146
	147	chmod 744 $rootfs/usr/share/udhcpc/default.script
	148
	149	return $res
	150	}
	151
	152	configure_busybox()
	153	{
	154	rootfs=$1
	155
169bf5e0	156	which busybox >/dev/null 2>&1
7674618c	157
eb960fea	158	if [ $? -ne 0 ]; then
14d9c0f0 SG	159	echo "busybox executable is not accessible"
14d9c0f0 SG	160	return 1
eb960fea DL	161	fi
eb960fea DL	162
32b37181 DL	163	file $(which busybox) \| grep -q "statically linked"
32b37181 DL	164	if [ $? -ne 0 ]; then
14d9c0f0 SG	165	echo "warning : busybox is not statically linked."
	166	echo "warning : The template script may not correctly"
	167	echo "warning : setup the container environment."
32b37181 DL	168	fi
32b37181 DL	169
eb960fea DL	170	# copy busybox in the rootfs
	171	cp $(which busybox) $rootfs/bin
	172	if [ $? -ne 0 ]; then
14d9c0f0 SG	173	echo "failed to copy busybox in the rootfs"
14d9c0f0 SG	174	return 1
eb960fea DL	175	fi
eb960fea DL	176
6902a6c6 DE	177	# symlink busybox for the commands it supports
	178	# it would be nice to just use "chroot $rootfs busybox --install -s /bin"
	179	# but that only works right in a chroot with busybox >= 1.19.0
	180	pushd $rootfs/bin > /dev/null \|\| return 1
	181	./busybox --help \| grep 'Currently defined functions:' -A300 \| \
	182	grep -v 'Currently defined functions:' \| tr , '\n' \| \
	183	xargs -n1 ln -s busybox
	184	popd > /dev/null
eb960fea DL	185
	186	# relink /sbin/init
	187	ln $rootfs/bin/busybox $rootfs/sbin/init
	188
	189	# passwd exec must be setuid
	190	chmod +s $rootfs/bin/passwd
32b37181	191	touch $rootfs/etc/shadow
19d618b1	192
ce4c4ca4 BP	193	# setting passwd for root
	194	CHPASSWD_FILE=$rootfs/root/chpasswd.sh
	195
	196	cat <<EOF >$CHPASSWD_FILE
	197	echo "setting root password to \"root\""
	198
	199	mount --bind /lib $rootfs/lib
	200	if [ \$? -ne 0 ]; then
	201	echo "Failed bind-mounting /lib at $rootfs/lib"
	202	exit 1
	203	fi
	204
	205	chroot $rootfs chpasswd <<EOFF 2>/dev/null
	206	root:root
	207	EOFF
	208
	209
	210	if [ \$? -ne 0 ]; then
	211	echo "Failed to change root password"
	212	exit 1
	213	fi
	214
	215	umount $rootfs/lib
	216
	217	EOF
	218
	219	lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE
	220	rm $CHPASSWD_FILE
c94e60d1 PBB	221
c94e60d1 PBB	222	# add ssh functionality if dropbear package available on host
169bf5e0	223	which dropbear >/dev/null 2>&1
c94e60d1 PBB	224	if [ $? -eq 0 ]; then
	225	# copy dropbear binary
	226	cp $(which dropbear) $rootfs/usr/sbin
	227	if [ $? -ne 0 ]; then
	228	echo "Failed to copy dropbear in the rootfs"
	229	return 1
	230	fi
	231
	232	# make symlinks to various ssh utilities
	233	utils="\
	234	$rootfs/usr/bin/dbclient \
	235	$rootfs/usr/bin/scp \
	236	$rootfs/usr/bin/ssh \
	237	$rootfs/usr/sbin/dropbearkey \
	238	$rootfs/usr/sbin/dropbearconvert \
	239	"
	240	echo $utils \| xargs -n1 ln -s /usr/sbin/dropbear
	241
	242	# add necessary config files
	243	mkdir $rootfs/etc/dropbear
	244	dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key &> /dev/null
	245	dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key &> /dev/null
	246
	247	echo "'dropbear' ssh utility installed"
	248	fi
	249
eb960fea DL	250	return 0
	251	}
	252
	253	copy_configuration()
	254	{
	255	path=$1
	256	rootfs=$2
	257	name=$3
	258
1881820a	259	grep -q "^lxc.rootfs" $path/config 2>/dev/null \|\| echo "lxc.rootfs = $rootfs" >> $path/config
eb960fea DL	260	cat <<EOF >> $path/config
	261	lxc.utsname = $name
	262	lxc.tty = 1
32b37181	263	lxc.pts = 1
69d66f1e SG	264
	265	# When using LXC with apparmor, uncomment the next line to run unconfined:
	266	#lxc.aa_profile = unconfined
1881820a SH	267	EOF
	268
	269	if [ -d "$rootfs/lib" ]; then
	270	cat <<EOF >> $path/config
eba7df9e SG	271	lxc.mount.entry = /lib $rootfs/lib none ro,bind 0 0
eba7df9e SG	272	lxc.mount.entry = /usr/lib $rootfs/usr/lib none ro,bind 0 0
1881820a SH	273	EOF
1881820a SH	274	fi
f02ce27d	275
6bc424b5	276	libdirs="\
5d01f616 SG	277	lib \
	278	usr/lib \
	279	lib64 \
	280	usr/lib64"
6bc424b5 SY	281
6bc424b5 SY	282	for dir in $libdirs; do
5d01f616	283	if [ -d "/$dir" ] && [ -d "$rootfs/$dir" ]; then
eba7df9e	284	echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >> $path/config
6bc424b5 SY	285	fi
6bc424b5 SY	286	done
eb960fea DL	287	}
	288
	289	usage()
	290	{
	291	cat <<EOF
	292	$1 -h\|--help -p\|--path=<path>
	293	EOF
	294	return 0
	295	}
	296
	297	options=$(getopt -o hp:n: -l help,path:,name: -- "$@")
	298	if [ $? -ne 0 ]; then
14d9c0f0 SG	299	usage $(basename $0)
14d9c0f0 SG	300	exit 1
eb960fea DL	301	fi
	302	eval set -- "$options"
	303
	304	while true
	305	do
	306	case "$1" in
	307	-h\|--help) usage $0 && exit 0;;
	308	-p\|--path) path=$2; shift 2;;
14d9c0f0	309	-n\|--name) name=$2; shift 2;;
eb960fea DL	310	--) shift 1; break ;;
	311	*) break ;;
	312	esac
	313	done
	314
	315	if [ "$(id -u)" != "0" ]; then
	316	echo "This script should be run as 'root'"
	317	exit 1
	318	fi
	319
	320	if [ -z "$path" ]; then
	321	echo "'path' parameter is required"
	322	exit 1
	323	fi
	324
1881820a SH	325	# detect rootfs
	326	config="$path/config"
	327	if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
	328	rootfs=`grep 'lxc.rootfs =' $config \| awk -F= '{ print $2 }'`
	329	else
	330	rootfs=$path/rootfs
	331	fi
eb960fea DL	332
	333	install_busybox $rootfs $name
	334	if [ $? -ne 0 ]; then
	335	echo "failed to install busybox's rootfs"
	336	exit 1
	337	fi
	338
	339	configure_busybox $rootfs
	340	if [ $? -ne 0 ]; then
	341	echo "failed to configure busybox template"
	342	exit 1
	343	fi
	344
	345	copy_configuration $path $rootfs $name
	346	if [ $? -ne 0 ]; then
	347	echo "failed to write configuration file"
	348	exit 1
	349	fi