]>
Commit | Line | Data |
---|---|---|
eb960fea DL |
1 | #!/bin/bash |
2 | ||
3 | # | |
4 | # lxc: linux Container library | |
5 | ||
6 | # Authors: | |
7 | # Daniel Lezcano <daniel.lezcano@free.fr> | |
8 | ||
9 | # This library is free software; you can redistribute it and/or | |
10 | # modify it under the terms of the GNU Lesser General Public | |
11 | # License as published by the Free Software Foundation; either | |
12 | # version 2.1 of the License, or (at your option) any later version. | |
13 | ||
14 | # This library is distributed in the hope that it will be useful, | |
15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | # Lesser General Public License for more details. | |
18 | ||
19 | # You should have received a copy of the GNU Lesser General Public | |
20 | # License along with this library; if not, write to the Free Software | |
21 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
22 | ||
23 | install_busybox() | |
24 | { | |
25 | rootfs=$1 | |
26 | name=$2 | |
27 | res=0 | |
28 | tree="\ | |
32b37181 | 29 | $rootfs/selinux \ |
eb960fea DL |
30 | $rootfs/dev \ |
31 | $rootfs/home \ | |
32 | $rootfs/root \ | |
33 | $rootfs/etc \ | |
34 | $rootfs/etc/init.d \ | |
35 | $rootfs/bin \ | |
c94e60d1 | 36 | $rootfs/usr/bin \ |
eb960fea | 37 | $rootfs/sbin \ |
c94e60d1 | 38 | $rootfs/usr/sbin \ |
eb960fea DL |
39 | $rootfs/proc \ |
40 | $rootfs/mnt \ | |
41 | $rootfs/tmp \ | |
42 | $rootfs/var/log \ | |
43 | $rootfs/usr/share/udhcpc \ | |
10e657e5 | 44 | $rootfs/dev/pts \ |
bf6cc736 DL |
45 | $rootfs/dev/shm \ |
46 | $rootfs/lib \ | |
47 | $rootfs/usr/lib \ | |
48 | $rootfs/lib64 \ | |
49 | $rootfs/usr/lib64" | |
eb960fea DL |
50 | |
51 | mkdir -p $tree || return 1 | |
52 | chmod 755 $tree || return 1 | |
53 | ||
54 | pushd $rootfs/dev > /dev/null || return 1 | |
55 | ||
56 | # minimal devices needed for busybox | |
57 | mknod tty c 5 0 || res=1 | |
58 | mknod console c 5 1 || res=1 | |
59 | chmod 666 tty console || res=1 | |
60 | mknod tty0 c 4 0 || res=1 | |
61 | mknod tty1 c 4 0 || res=1 | |
62 | mknod tty5 c 4 0 || res=1 | |
63 | chmod 666 tty0 || res=1 | |
64 | mknod ram0 b 1 0 || res=1 | |
65 | chmod 600 ram0 || res=1 | |
66 | mknod null c 1 3 || res=1 | |
67 | chmod 666 null || res=1 | |
c94e60d1 PBB |
68 | mknod urandom c 1 9 || res=1 |
69 | chmod 666 urandom || res=1 | |
eb960fea DL |
70 | |
71 | popd > /dev/null | |
72 | ||
73 | # root user defined | |
74 | cat <<EOF >> $rootfs/etc/passwd | |
75 | root:x:0:0:root:/root:/bin/sh | |
76 | EOF | |
77 | ||
78 | cat <<EOF >> $rootfs/etc/group | |
79 | root:x:0:root | |
80 | EOF | |
81 | ||
eb960fea DL |
82 | # mount everything |
83 | cat <<EOF >> $rootfs/etc/init.d/rcS | |
84 | #!/bin/sh | |
b09ecaf3 DL |
85 | /bin/syslogd |
86 | /bin/mount -a | |
87 | /bin/udhcpc | |
eb960fea DL |
88 | EOF |
89 | ||
90 | # executable | |
91 | chmod 744 $rootfs/etc/init.d/rcS || return 1 | |
92 | ||
93 | # mount points | |
94 | cat <<EOF >> $rootfs/etc/fstab | |
95 | proc /proc proc defaults 0 0 | |
96 | shm /dev/shm tmpfs defaults 0 0 | |
97 | EOF | |
98 | ||
99 | # writable and readable for other | |
100 | chmod 644 $rootfs/etc/fstab || return 1 | |
101 | ||
102 | # launch rcS first then make a console available | |
103 | # and propose a shell on the tty, the last one is | |
104 | # not needed | |
105 | cat <<EOF >> $rootfs/etc/inittab | |
106 | ::sysinit:/etc/init.d/rcS | |
0016af97 DL |
107 | tty1::respawn:/bin/getty -L tty1 115200 vt100 |
108 | console::askfirst:/bin/sh | |
eb960fea DL |
109 | EOF |
110 | # writable and readable for other | |
111 | chmod 644 $rootfs/etc/inittab || return 1 | |
112 | ||
113 | cat <<EOF >> $rootfs/usr/share/udhcpc/default.script | |
114 | #!/bin/sh | |
eb960fea | 115 | case "\$1" in |
14d9c0f0 SG |
116 | deconfig) |
117 | ip addr flush dev \$interface | |
118 | ;; | |
119 | ||
120 | renew|bound) | |
121 | # flush all the routes | |
122 | if [ -n "\$router" ]; then | |
123 | ip route del default 2> /dev/null | |
124 | fi | |
125 | ||
126 | # check broadcast | |
127 | if [ -n "\$broadcast" ]; then | |
128 | broadcast="broadcast \$broadcast" | |
129 | fi | |
130 | ||
131 | # add a new ip address | |
132 | ip addr add \$ip/\$mask \$broadcast dev \$interface | |
133 | ||
134 | if [ -n "\$router" ]; then | |
135 | ip route add default via \$router dev \$interface | |
136 | fi | |
137 | ||
138 | [ -n "\$domain" ] && echo search \$domain > /etc/resolv.conf | |
139 | for i in \$dns ; do | |
140 | echo nameserver \$i >> /etc/resolv.conf | |
141 | done | |
142 | ;; | |
eb960fea DL |
143 | esac |
144 | exit 0 | |
145 | EOF | |
146 | ||
147 | chmod 744 $rootfs/usr/share/udhcpc/default.script | |
148 | ||
149 | return $res | |
150 | } | |
151 | ||
152 | configure_busybox() | |
153 | { | |
154 | rootfs=$1 | |
155 | ||
169bf5e0 | 156 | which busybox >/dev/null 2>&1 |
7674618c | 157 | |
eb960fea | 158 | if [ $? -ne 0 ]; then |
14d9c0f0 SG |
159 | echo "busybox executable is not accessible" |
160 | return 1 | |
eb960fea DL |
161 | fi |
162 | ||
32b37181 DL |
163 | file $(which busybox) | grep -q "statically linked" |
164 | if [ $? -ne 0 ]; then | |
14d9c0f0 SG |
165 | echo "warning : busybox is not statically linked." |
166 | echo "warning : The template script may not correctly" | |
167 | echo "warning : setup the container environment." | |
32b37181 DL |
168 | fi |
169 | ||
eb960fea DL |
170 | # copy busybox in the rootfs |
171 | cp $(which busybox) $rootfs/bin | |
172 | if [ $? -ne 0 ]; then | |
14d9c0f0 SG |
173 | echo "failed to copy busybox in the rootfs" |
174 | return 1 | |
eb960fea DL |
175 | fi |
176 | ||
6902a6c6 DE |
177 | # symlink busybox for the commands it supports |
178 | # it would be nice to just use "chroot $rootfs busybox --install -s /bin" | |
179 | # but that only works right in a chroot with busybox >= 1.19.0 | |
180 | pushd $rootfs/bin > /dev/null || return 1 | |
181 | ./busybox --help | grep 'Currently defined functions:' -A300 | \ | |
182 | grep -v 'Currently defined functions:' | tr , '\n' | \ | |
183 | xargs -n1 ln -s busybox | |
184 | popd > /dev/null | |
eb960fea DL |
185 | |
186 | # relink /sbin/init | |
187 | ln $rootfs/bin/busybox $rootfs/sbin/init | |
188 | ||
189 | # passwd exec must be setuid | |
190 | chmod +s $rootfs/bin/passwd | |
32b37181 | 191 | touch $rootfs/etc/shadow |
19d618b1 | 192 | |
ce4c4ca4 BP |
193 | # setting passwd for root |
194 | CHPASSWD_FILE=$rootfs/root/chpasswd.sh | |
195 | ||
196 | cat <<EOF >$CHPASSWD_FILE | |
197 | echo "setting root password to \"root\"" | |
198 | ||
199 | mount --bind /lib $rootfs/lib | |
200 | if [ \$? -ne 0 ]; then | |
201 | echo "Failed bind-mounting /lib at $rootfs/lib" | |
202 | exit 1 | |
203 | fi | |
204 | ||
205 | chroot $rootfs chpasswd <<EOFF 2>/dev/null | |
206 | root:root | |
207 | EOFF | |
208 | ||
209 | ||
210 | if [ \$? -ne 0 ]; then | |
211 | echo "Failed to change root password" | |
212 | exit 1 | |
213 | fi | |
214 | ||
215 | umount $rootfs/lib | |
216 | ||
217 | EOF | |
218 | ||
219 | lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE | |
220 | rm $CHPASSWD_FILE | |
c94e60d1 PBB |
221 | |
222 | # add ssh functionality if dropbear package available on host | |
169bf5e0 | 223 | which dropbear >/dev/null 2>&1 |
c94e60d1 PBB |
224 | if [ $? -eq 0 ]; then |
225 | # copy dropbear binary | |
226 | cp $(which dropbear) $rootfs/usr/sbin | |
227 | if [ $? -ne 0 ]; then | |
228 | echo "Failed to copy dropbear in the rootfs" | |
229 | return 1 | |
230 | fi | |
231 | ||
232 | # make symlinks to various ssh utilities | |
233 | utils="\ | |
234 | $rootfs/usr/bin/dbclient \ | |
235 | $rootfs/usr/bin/scp \ | |
236 | $rootfs/usr/bin/ssh \ | |
237 | $rootfs/usr/sbin/dropbearkey \ | |
238 | $rootfs/usr/sbin/dropbearconvert \ | |
239 | " | |
240 | echo $utils | xargs -n1 ln -s /usr/sbin/dropbear | |
241 | ||
242 | # add necessary config files | |
243 | mkdir $rootfs/etc/dropbear | |
244 | dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key &> /dev/null | |
245 | dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key &> /dev/null | |
246 | ||
247 | echo "'dropbear' ssh utility installed" | |
248 | fi | |
249 | ||
eb960fea DL |
250 | return 0 |
251 | } | |
252 | ||
253 | copy_configuration() | |
254 | { | |
255 | path=$1 | |
256 | rootfs=$2 | |
257 | name=$3 | |
258 | ||
1881820a | 259 | grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config |
eb960fea DL |
260 | cat <<EOF >> $path/config |
261 | lxc.utsname = $name | |
262 | lxc.tty = 1 | |
32b37181 | 263 | lxc.pts = 1 |
69d66f1e SG |
264 | |
265 | # When using LXC with apparmor, uncomment the next line to run unconfined: | |
266 | #lxc.aa_profile = unconfined | |
1881820a SH |
267 | EOF |
268 | ||
269 | if [ -d "$rootfs/lib" ]; then | |
270 | cat <<EOF >> $path/config | |
eba7df9e SG |
271 | lxc.mount.entry = /lib $rootfs/lib none ro,bind 0 0 |
272 | lxc.mount.entry = /usr/lib $rootfs/usr/lib none ro,bind 0 0 | |
1881820a SH |
273 | EOF |
274 | fi | |
f02ce27d | 275 | |
6bc424b5 | 276 | libdirs="\ |
5d01f616 SG |
277 | lib \ |
278 | usr/lib \ | |
279 | lib64 \ | |
280 | usr/lib64" | |
6bc424b5 SY |
281 | |
282 | for dir in $libdirs; do | |
5d01f616 | 283 | if [ -d "/$dir" ] && [ -d "$rootfs/$dir" ]; then |
eba7df9e | 284 | echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >> $path/config |
6bc424b5 SY |
285 | fi |
286 | done | |
eb960fea DL |
287 | } |
288 | ||
289 | usage() | |
290 | { | |
291 | cat <<EOF | |
292 | $1 -h|--help -p|--path=<path> | |
293 | EOF | |
294 | return 0 | |
295 | } | |
296 | ||
297 | options=$(getopt -o hp:n: -l help,path:,name: -- "$@") | |
298 | if [ $? -ne 0 ]; then | |
14d9c0f0 SG |
299 | usage $(basename $0) |
300 | exit 1 | |
eb960fea DL |
301 | fi |
302 | eval set -- "$options" | |
303 | ||
304 | while true | |
305 | do | |
306 | case "$1" in | |
307 | -h|--help) usage $0 && exit 0;; | |
308 | -p|--path) path=$2; shift 2;; | |
14d9c0f0 | 309 | -n|--name) name=$2; shift 2;; |
eb960fea DL |
310 | --) shift 1; break ;; |
311 | *) break ;; | |
312 | esac | |
313 | done | |
314 | ||
315 | if [ "$(id -u)" != "0" ]; then | |
316 | echo "This script should be run as 'root'" | |
317 | exit 1 | |
318 | fi | |
319 | ||
320 | if [ -z "$path" ]; then | |
321 | echo "'path' parameter is required" | |
322 | exit 1 | |
323 | fi | |
324 | ||
1881820a SH |
325 | # detect rootfs |
326 | config="$path/config" | |
327 | if grep -q '^lxc.rootfs' $config 2>/dev/null ; then | |
328 | rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'` | |
329 | else | |
330 | rootfs=$path/rootfs | |
331 | fi | |
eb960fea DL |
332 | |
333 | install_busybox $rootfs $name | |
334 | if [ $? -ne 0 ]; then | |
335 | echo "failed to install busybox's rootfs" | |
336 | exit 1 | |
337 | fi | |
338 | ||
339 | configure_busybox $rootfs | |
340 | if [ $? -ne 0 ]; then | |
341 | echo "failed to configure busybox template" | |
342 | exit 1 | |
343 | fi | |
344 | ||
345 | copy_configuration $path $rootfs $name | |
346 | if [ $? -ne 0 ]; then | |
347 | echo "failed to write configuration file" | |
348 | exit 1 | |
349 | fi |