[mirror_lxc.git] / templates / lxc-busybox.in

#!/bin/bash

#
# lxc: linux Container library

# Authors:
# Daniel Lezcano <daniel.lezcano@free.fr>

# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.

# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.

# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

install_busybox()
{
    rootfs=$1
    name=$2
    res=0
    tree="\
$rootfs/selinux \
$rootfs/dev \
$rootfs/home \
$rootfs/root \
$rootfs/etc \
$rootfs/etc/init.d \
$rootfs/bin \
$rootfs/sbin \
$rootfs/proc \
$rootfs/mnt \
$rootfs/tmp \
$rootfs/var/log \
$rootfs/usr/share/udhcpc \
$rootfs/dev/pts \
$rootfs/dev/shm \
$rootfs/lib \
$rootfs/usr/lib \
$rootfs/lib64 \
$rootfs/usr/lib64"

    mkdir -p $tree || return 1
    chmod 755 $tree || return 1

    pushd $rootfs/dev > /dev/null || return 1

    # minimal devices needed for busybox
    mknod tty c 5 0       || res=1
    mknod console c 5 1   || res=1
    chmod 666 tty console || res=1
    mknod tty0 c 4 0      || res=1
    mknod tty1 c 4 0      || res=1
    mknod tty5 c 4 0      || res=1
    chmod 666 tty0        || res=1
    mknod ram0 b 1 0      || res=1
    chmod 600 ram0        || res=1
    mknod null c 1 3      || res=1
    chmod 666 null        || res=1

    popd > /dev/null

    # root user defined
    cat <<EOF >> $rootfs/etc/passwd
root:x:0:0:root:/root:/bin/sh
EOF

    cat <<EOF >> $rootfs/etc/group
root:x:0:root
EOF

    # mount everything
    cat <<EOF >> $rootfs/etc/init.d/rcS
#!/bin/sh
/bin/syslogd
/bin/mount -a
/bin/udhcpc
EOF

    # executable
    chmod 744 $rootfs/etc/init.d/rcS || return 1

    # mount points
    cat <<EOF >> $rootfs/etc/fstab
proc  /proc      proc    defaults     0      0
shm   /dev/shm   tmpfs   defaults     0      0
EOF

    # writable and readable for other
    chmod 644 $rootfs/etc/fstab || return 1

    # launch rcS first then make a console available
    # and propose a shell on the tty, the last one is
    # not needed
    cat <<EOF >> $rootfs/etc/inittab
::sysinit:/etc/init.d/rcS
tty1::respawn:/bin/getty -L tty1 115200 vt100
console::askfirst:/bin/sh
EOF
    # writable and readable for other
    chmod 644 $rootfs/etc/inittab || return 1

    cat <<EOF >> $rootfs/usr/share/udhcpc/default.script
#!/bin/sh
case "\$1" in
    deconfig)
        ip addr flush dev \$interface
        ;;

    renew|bound)
        # flush all the routes
        if [ -n "\$router" ]; then
            ip route del default 2> /dev/null
        fi

        # check broadcast
        if [ -n "\$broadcast" ]; then
            broadcast="broadcast \$broadcast"
        fi

        # add a new ip address
        ip addr add \$ip/\$mask \$broadcast dev \$interface

        if [ -n "\$router" ]; then
            ip route add default via \$router dev \$interface
        fi

        [ -n "\$domain" ] && echo search \$domain > /etc/resolv.conf
        for i in \$dns ; do
            echo nameserver \$i >> /etc/resolv.conf
        done
        ;;
esac
exit 0
EOF

    chmod 744 $rootfs/usr/share/udhcpc/default.script

    return $res
}

configure_busybox()
{
    rootfs=$1

    type busybox >/dev/null

    if [ $? -ne 0 ]; then
        echo "busybox executable is not accessible"
        return 1
    fi

    file $(which busybox) | grep -q "statically linked"
    if [ $? -ne 0 ]; then
        echo "warning : busybox is not statically linked."
        echo "warning : The template script may not correctly"
        echo "warning : setup the container environment."
    fi

    # copy busybox in the rootfs
    cp $(which busybox) $rootfs/bin
    if [ $? -ne 0 ]; then
        echo "failed to copy busybox in the rootfs"
        return 1
    fi

    # symlink busybox for the commands it supports
    # it would be nice to just use "chroot $rootfs busybox --install -s /bin"
    # but that only works right in a chroot with busybox >= 1.19.0
    pushd $rootfs/bin > /dev/null || return 1
    ./busybox --help | grep 'Currently defined functions:' -A300 | \
      grep -v 'Currently defined functions:' | tr , '\n' | \
      xargs -n1 ln -s busybox
    popd > /dev/null

    # relink /sbin/init
    ln $rootfs/bin/busybox $rootfs/sbin/init

    # passwd exec must be setuid
    chmod +s $rootfs/bin/passwd
    touch $rootfs/etc/shadow
    echo "setting root passwd to root"
    echo "root:root" | chroot $rootfs chpasswd

    return 0
}

copy_configuration()
{
    path=$1
    rootfs=$2
    name=$3

grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
cat <<EOF >> $path/config
lxc.utsname = $name
lxc.tty = 1
lxc.pts = 1

# When using LXC with apparmor, uncomment the next line to run unconfined:
#lxc.aa_profile = unconfined
EOF

if [ -d "$rootfs/lib" ]; then
cat <<EOF >> $path/config
lxc.mount.entry = /lib $rootfs/lib none ro,bind 0 0
lxc.mount.entry = /usr/lib $rootfs/usr/lib none ro,bind 0 0
EOF
fi

    libdirs="\
        lib \
        usr/lib \
        lib64 \
        usr/lib64"

    for dir in $libdirs; do
        if [ -d "/$dir" ] && [ -d "$rootfs/$dir" ]; then
            echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >> $path/config
        fi
    done
}

usage()
{
    cat <<EOF
$1 -h|--help -p|--path=<path>
EOF
    return 0
}

options=$(getopt -o hp:n: -l help,path:,name: -- "$@")
if [ $? -ne 0 ]; then
    usage $(basename $0)
    exit 1
fi
eval set -- "$options"

while true
do
    case "$1" in
        -h|--help)      usage $0 && exit 0;;
        -p|--path)      path=$2; shift 2;;
        -n|--name)      name=$2; shift 2;;
        --)             shift 1; break ;;
        *)              break ;;
    esac
done

if [ "$(id -u)" != "0" ]; then
    echo "This script should be run as 'root'"
    exit 1
fi

if [ -z "$path" ]; then
    echo "'path' parameter is required"
    exit 1
fi

# detect rootfs
config="$path/config"
if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
    rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
else
    rootfs=$path/rootfs
fi

install_busybox $rootfs $name
if [ $? -ne 0 ]; then
    echo "failed to install busybox's rootfs"
    exit 1
fi

configure_busybox $rootfs
if [ $? -ne 0 ]; then
    echo "failed to configure busybox template"
    exit 1
fi

copy_configuration $path $rootfs $name
if [ $? -ne 0 ]; then
    echo "failed to write configuration file"
    exit 1
fi
Commit	Line	Data
eb960fea DL	1	#!/bin/bash
	2
	3	#
	4	# lxc: linux Container library
	5
	6	# Authors:
	7	# Daniel Lezcano <daniel.lezcano@free.fr>
	8
	9	# This library is free software; you can redistribute it and/or
	10	# modify it under the terms of the GNU Lesser General Public
	11	# License as published by the Free Software Foundation; either
	12	# version 2.1 of the License, or (at your option) any later version.
	13
	14	# This library is distributed in the hope that it will be useful,
	15	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	17	# Lesser General Public License for more details.
	18
	19	# You should have received a copy of the GNU Lesser General Public
	20	# License along with this library; if not, write to the Free Software
	21	# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	22
	23	install_busybox()
	24	{
	25	rootfs=$1
	26	name=$2
	27	res=0
	28	tree="\
32b37181	29	$rootfs/selinux \
eb960fea DL	30	$rootfs/dev \
	31	$rootfs/home \
	32	$rootfs/root \
	33	$rootfs/etc \
	34	$rootfs/etc/init.d \
	35	$rootfs/bin \
	36	$rootfs/sbin \
	37	$rootfs/proc \
	38	$rootfs/mnt \
	39	$rootfs/tmp \
	40	$rootfs/var/log \
	41	$rootfs/usr/share/udhcpc \
10e657e5	42	$rootfs/dev/pts \
bf6cc736 DL	43	$rootfs/dev/shm \
	44	$rootfs/lib \
	45	$rootfs/usr/lib \
	46	$rootfs/lib64 \
	47	$rootfs/usr/lib64"
eb960fea DL	48
	49	mkdir -p $tree \|\| return 1
	50	chmod 755 $tree \|\| return 1
	51
	52	pushd $rootfs/dev > /dev/null \|\| return 1
	53
	54	# minimal devices needed for busybox
	55	mknod tty c 5 0 \|\| res=1
	56	mknod console c 5 1 \|\| res=1
	57	chmod 666 tty console \|\| res=1
	58	mknod tty0 c 4 0 \|\| res=1
	59	mknod tty1 c 4 0 \|\| res=1
	60	mknod tty5 c 4 0 \|\| res=1
	61	chmod 666 tty0 \|\| res=1
	62	mknod ram0 b 1 0 \|\| res=1
	63	chmod 600 ram0 \|\| res=1
	64	mknod null c 1 3 \|\| res=1
	65	chmod 666 null \|\| res=1
	66
	67	popd > /dev/null
	68
	69	# root user defined
	70	cat <<EOF >> $rootfs/etc/passwd
	71	root:x:0:0:root:/root:/bin/sh
	72	EOF
	73
	74	cat <<EOF >> $rootfs/etc/group
	75	root:x:0:root
	76	EOF
	77
eb960fea DL	78	# mount everything
	79	cat <<EOF >> $rootfs/etc/init.d/rcS
	80	#!/bin/sh
b09ecaf3 DL	81	/bin/syslogd
	82	/bin/mount -a
	83	/bin/udhcpc
eb960fea DL	84	EOF
	85
	86	# executable
	87	chmod 744 $rootfs/etc/init.d/rcS \|\| return 1
	88
	89	# mount points
	90	cat <<EOF >> $rootfs/etc/fstab
	91	proc /proc proc defaults 0 0
	92	shm /dev/shm tmpfs defaults 0 0
	93	EOF
	94
	95	# writable and readable for other
	96	chmod 644 $rootfs/etc/fstab \|\| return 1
	97
	98	# launch rcS first then make a console available
	99	# and propose a shell on the tty, the last one is
	100	# not needed
	101	cat <<EOF >> $rootfs/etc/inittab
	102	::sysinit:/etc/init.d/rcS
0016af97 DL	103	tty1::respawn:/bin/getty -L tty1 115200 vt100
0016af97 DL	104	console::askfirst:/bin/sh
eb960fea DL	105	EOF
	106	# writable and readable for other
	107	chmod 644 $rootfs/etc/inittab \|\| return 1
	108
	109	cat <<EOF >> $rootfs/usr/share/udhcpc/default.script
	110	#!/bin/sh
eb960fea	111	case "\$1" in
14d9c0f0 SG	112	deconfig)
	113	ip addr flush dev \$interface
	114	;;
	115
	116	renew\|bound)
	117	# flush all the routes
	118	if [ -n "\$router" ]; then
	119	ip route del default 2> /dev/null
	120	fi
	121
	122	# check broadcast
	123	if [ -n "\$broadcast" ]; then
	124	broadcast="broadcast \$broadcast"
	125	fi
	126
	127	# add a new ip address
	128	ip addr add \$ip/\$mask \$broadcast dev \$interface
	129
	130	if [ -n "\$router" ]; then
	131	ip route add default via \$router dev \$interface
	132	fi
	133
	134	[ -n "\$domain" ] && echo search \$domain > /etc/resolv.conf
	135	for i in \$dns ; do
	136	echo nameserver \$i >> /etc/resolv.conf
	137	done
	138	;;
eb960fea DL	139	esac
	140	exit 0
	141	EOF
	142
	143	chmod 744 $rootfs/usr/share/udhcpc/default.script
	144
	145	return $res
	146	}
	147
	148	configure_busybox()
	149	{
	150	rootfs=$1
	151
3bc15639	152	type busybox >/dev/null
7674618c	153
eb960fea	154	if [ $? -ne 0 ]; then
14d9c0f0 SG	155	echo "busybox executable is not accessible"
14d9c0f0 SG	156	return 1
eb960fea DL	157	fi
eb960fea DL	158
32b37181 DL	159	file $(which busybox) \| grep -q "statically linked"
32b37181 DL	160	if [ $? -ne 0 ]; then
14d9c0f0 SG	161	echo "warning : busybox is not statically linked."
	162	echo "warning : The template script may not correctly"
	163	echo "warning : setup the container environment."
32b37181 DL	164	fi
32b37181 DL	165
eb960fea DL	166	# copy busybox in the rootfs
	167	cp $(which busybox) $rootfs/bin
	168	if [ $? -ne 0 ]; then
14d9c0f0 SG	169	echo "failed to copy busybox in the rootfs"
14d9c0f0 SG	170	return 1
eb960fea DL	171	fi
eb960fea DL	172
6902a6c6 DE	173	# symlink busybox for the commands it supports
	174	# it would be nice to just use "chroot $rootfs busybox --install -s /bin"
	175	# but that only works right in a chroot with busybox >= 1.19.0
	176	pushd $rootfs/bin > /dev/null \|\| return 1
	177	./busybox --help \| grep 'Currently defined functions:' -A300 \| \
	178	grep -v 'Currently defined functions:' \| tr , '\n' \| \
	179	xargs -n1 ln -s busybox
	180	popd > /dev/null
eb960fea DL	181
	182	# relink /sbin/init
	183	ln $rootfs/bin/busybox $rootfs/sbin/init
	184
	185	# passwd exec must be setuid
	186	chmod +s $rootfs/bin/passwd
32b37181	187	touch $rootfs/etc/shadow
6902a6c6 DE	188	echo "setting root passwd to root"
6902a6c6 DE	189	echo "root:root" \| chroot $rootfs chpasswd
19d618b1	190
eb960fea DL	191	return 0
	192	}
	193
	194	copy_configuration()
	195	{
	196	path=$1
	197	rootfs=$2
	198	name=$3
	199
1881820a	200	grep -q "^lxc.rootfs" $path/config 2>/dev/null \|\| echo "lxc.rootfs = $rootfs" >> $path/config
eb960fea DL	201	cat <<EOF >> $path/config
	202	lxc.utsname = $name
	203	lxc.tty = 1
32b37181	204	lxc.pts = 1
69d66f1e SG	205
	206	# When using LXC with apparmor, uncomment the next line to run unconfined:
	207	#lxc.aa_profile = unconfined
1881820a SH	208	EOF
	209
	210	if [ -d "$rootfs/lib" ]; then
	211	cat <<EOF >> $path/config
eba7df9e SG	212	lxc.mount.entry = /lib $rootfs/lib none ro,bind 0 0
eba7df9e SG	213	lxc.mount.entry = /usr/lib $rootfs/usr/lib none ro,bind 0 0
1881820a SH	214	EOF
1881820a SH	215	fi
f02ce27d	216
6bc424b5	217	libdirs="\
5d01f616 SG	218	lib \
	219	usr/lib \
	220	lib64 \
	221	usr/lib64"
6bc424b5 SY	222
6bc424b5 SY	223	for dir in $libdirs; do
5d01f616	224	if [ -d "/$dir" ] && [ -d "$rootfs/$dir" ]; then
eba7df9e	225	echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >> $path/config
6bc424b5 SY	226	fi
6bc424b5 SY	227	done
eb960fea DL	228	}
	229
	230	usage()
	231	{
	232	cat <<EOF
	233	$1 -h\|--help -p\|--path=<path>
	234	EOF
	235	return 0
	236	}
	237
	238	options=$(getopt -o hp:n: -l help,path:,name: -- "$@")
	239	if [ $? -ne 0 ]; then
14d9c0f0 SG	240	usage $(basename $0)
14d9c0f0 SG	241	exit 1
eb960fea DL	242	fi
	243	eval set -- "$options"
	244
	245	while true
	246	do
	247	case "$1" in
	248	-h\|--help) usage $0 && exit 0;;
	249	-p\|--path) path=$2; shift 2;;
14d9c0f0	250	-n\|--name) name=$2; shift 2;;
eb960fea DL	251	--) shift 1; break ;;
	252	*) break ;;
	253	esac
	254	done
	255
	256	if [ "$(id -u)" != "0" ]; then
	257	echo "This script should be run as 'root'"
	258	exit 1
	259	fi
	260
	261	if [ -z "$path" ]; then
	262	echo "'path' parameter is required"
	263	exit 1
	264	fi
	265
1881820a SH	266	# detect rootfs
	267	config="$path/config"
	268	if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
	269	rootfs=`grep 'lxc.rootfs =' $config \| awk -F= '{ print $2 }'`
	270	else
	271	rootfs=$path/rootfs
	272	fi
eb960fea DL	273
	274	install_busybox $rootfs $name
	275	if [ $? -ne 0 ]; then
	276	echo "failed to install busybox's rootfs"
	277	exit 1
	278	fi
	279
	280	configure_busybox $rootfs
	281	if [ $? -ne 0 ]; then
	282	echo "failed to configure busybox template"
	283	exit 1
	284	fi
	285
	286	copy_configuration $path $rootfs $name
	287	if [ $? -ne 0 ]; then
	288	echo "failed to write configuration file"
	289	exit 1
	290	fi