templates/lxc-busybox.in

   1 #!/bin/bash
   2
   3 #
   4 # lxc: linux Container library
   5
   6 # Authors:
   7 # Daniel Lezcano <daniel.lezcano@free.fr>
   8
   9 # This library is free software; you can redistribute it and/or
  10 # modify it under the terms of the GNU Lesser General Public
  11 # License as published by the Free Software Foundation; either
  12 # version 2.1 of the License, or (at your option) any later version.
  13
  14 # This library is distributed in the hope that it will be useful,
  15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17 # Lesser General Public License for more details.
  18
  19 # You should have received a copy of the GNU Lesser General Public
  20 # License along with this library; if not, write to the Free Software
  21 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  22
  23 install_busybox()
  24 {
  25     rootfs=$1
  26     name=$2
  27     res=0
  28     tree="\
  29 $rootfs/selinux \
  30 $rootfs/dev \
  31 $rootfs/home \
  32 $rootfs/root \
  33 $rootfs/etc \
  34 $rootfs/etc/init.d \
  35 $rootfs/bin \
  36 $rootfs/usr/bin \
  37 $rootfs/sbin \
  38 $rootfs/usr/sbin \
  39 $rootfs/proc \
  40 $rootfs/mnt \
  41 $rootfs/tmp \
  42 $rootfs/var/log \
  43 $rootfs/usr/share/udhcpc \
  44 $rootfs/dev/pts \
  45 $rootfs/dev/shm \
  46 $rootfs/lib \
  47 $rootfs/usr/lib \
  48 $rootfs/lib64 \
  49 $rootfs/usr/lib64"
  50
  51     mkdir -p $tree || return 1
  52     chmod 755 $tree || return 1
  53
  54     pushd $rootfs/dev > /dev/null || return 1
  55
  56     # minimal devices needed for busybox
  57     mknod tty c 5 0       || res=1
  58     mknod console c 5 1   || res=1
  59     chmod 666 tty console || res=1
  60     mknod tty0 c 4 0      || res=1
  61     mknod tty1 c 4 0      || res=1
  62     mknod tty5 c 4 0      || res=1
  63     chmod 666 tty0        || res=1
  64     mknod ram0 b 1 0      || res=1
  65     chmod 600 ram0        || res=1
  66     mknod null c 1 3      || res=1
  67     chmod 666 null        || res=1
  68     mknod urandom c 1 9   || res=1
  69     chmod 666 urandom     || res=1
  70
  71     popd > /dev/null
  72
  73     # root user defined
  74     cat <<EOF >> $rootfs/etc/passwd
  75 root:x:0:0:root:/root:/bin/sh
  76 EOF
  77
  78     cat <<EOF >> $rootfs/etc/group
  79 root:x:0:root
  80 EOF
  81
  82     # mount everything
  83     cat <<EOF >> $rootfs/etc/init.d/rcS
  84 #!/bin/sh
  85 /bin/syslogd
  86 /bin/mount -a
  87 /bin/udhcpc
  88 EOF
  89
  90     # executable
  91     chmod 744 $rootfs/etc/init.d/rcS || return 1
  92
  93     # mount points
  94     cat <<EOF >> $rootfs/etc/fstab
  95 proc  /proc      proc    defaults     0      0
  96 shm   /dev/shm   tmpfs   defaults     0      0
  97 EOF
  98
  99     # writable and readable for other
 100     chmod 644 $rootfs/etc/fstab || return 1
 101
 102     # launch rcS first then make a console available
 103     # and propose a shell on the tty, the last one is
 104     # not needed
 105     cat <<EOF >> $rootfs/etc/inittab
 106 ::sysinit:/etc/init.d/rcS
 107 tty1::respawn:/bin/getty -L tty1 115200 vt100
 108 console::askfirst:/bin/sh
 109 EOF
 110     # writable and readable for other
 111     chmod 644 $rootfs/etc/inittab || return 1
 112
 113     cat <<EOF >> $rootfs/usr/share/udhcpc/default.script
 114 #!/bin/sh
 115 case "\$1" in
 116     deconfig)
 117         ip addr flush dev \$interface
 118         ;;
 119
 120     renew|bound)
 121         # flush all the routes
 122         if [ -n "\$router" ]; then
 123             ip route del default 2> /dev/null
 124         fi
 125
 126         # check broadcast
 127         if [ -n "\$broadcast" ]; then
 128             broadcast="broadcast \$broadcast"
 129         fi
 130
 131         # add a new ip address
 132         ip addr add \$ip/\$mask \$broadcast dev \$interface
 133
 134         if [ -n "\$router" ]; then
 135             ip route add default via \$router dev \$interface
 136         fi
 137
 138         [ -n "\$domain" ] && echo search \$domain > /etc/resolv.conf
 139         for i in \$dns ; do
 140             echo nameserver \$i >> /etc/resolv.conf
 141         done
 142         ;;
 143 esac
 144 exit 0
 145 EOF
 146
 147     chmod 744 $rootfs/usr/share/udhcpc/default.script
 148
 149     return $res
 150 }
 151
 152 configure_busybox()
 153 {
 154     rootfs=$1
 155
 156     which busybox >/dev/null 2>&1
 157
 158     if [ $? -ne 0 ]; then
 159         echo "busybox executable is not accessible"
 160         return 1
 161     fi
 162
 163     file $(which busybox) | grep -q "statically linked"
 164     if [ $? -ne 0 ]; then
 165         echo "warning : busybox is not statically linked."
 166         echo "warning : The template script may not correctly"
 167         echo "warning : setup the container environment."
 168     fi
 169
 170     # copy busybox in the rootfs
 171     cp $(which busybox) $rootfs/bin
 172     if [ $? -ne 0 ]; then
 173         echo "failed to copy busybox in the rootfs"
 174         return 1
 175     fi
 176
 177     # symlink busybox for the commands it supports
 178     # it would be nice to just use "chroot $rootfs busybox --install -s /bin"
 179     # but that only works right in a chroot with busybox >= 1.19.0
 180     pushd $rootfs/bin > /dev/null || return 1
 181     ./busybox --help | grep 'Currently defined functions:' -A300 | \
 182       grep -v 'Currently defined functions:' | tr , '\n' | \
 183       xargs -n1 ln -s busybox
 184     popd > /dev/null
 185
 186     # relink /sbin/init
 187     ln $rootfs/bin/busybox $rootfs/sbin/init
 188
 189     # passwd exec must be setuid
 190     chmod +s $rootfs/bin/passwd
 191     touch $rootfs/etc/shadow
 192
 193     # setting passwd for root
 194     CHPASSWD_FILE=$rootfs/root/chpasswd.sh
 195
 196     cat <<EOF >$CHPASSWD_FILE
 197 echo "setting root password to \"root\""
 198
 199 mount --bind /lib $rootfs/lib
 200 if [ \$? -ne 0 ]; then
 201     echo "Failed bind-mounting /lib at $rootfs/lib"
 202     exit 1
 203 fi
 204
 205 chroot $rootfs chpasswd <<EOFF 2>/dev/null
 206 root:root
 207 EOFF
 208
 209
 210 if [ \$? -ne 0 ]; then
 211     echo "Failed to change root password"
 212     exit 1
 213 fi
 214
 215 umount $rootfs/lib
 216
 217 EOF
 218
 219     lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE
 220     rm $CHPASSWD_FILE
 221
 222     # add ssh functionality if dropbear package available on host
 223     which dropbear >/dev/null 2>&1
 224     if [ $? -eq 0 ]; then
 225         # copy dropbear binary
 226         cp $(which dropbear) $rootfs/usr/sbin
 227         if [ $? -ne 0 ]; then
 228             echo "Failed to copy dropbear in the rootfs"
 229             return 1
 230         fi
 231
 232         # make symlinks to various ssh utilities
 233         utils="\
 234             $rootfs/usr/bin/dbclient \
 235             $rootfs/usr/bin/scp \
 236             $rootfs/usr/bin/ssh \
 237             $rootfs/usr/sbin/dropbearkey \
 238             $rootfs/usr/sbin/dropbearconvert \
 239         "
 240         echo $utils | xargs -n1 ln -s /usr/sbin/dropbear
 241
 242         # add necessary config files
 243         mkdir $rootfs/etc/dropbear
 244         dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key &> /dev/null
 245         dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key &> /dev/null
 246
 247         echo "'dropbear' ssh utility installed"
 248     fi
 249
 250     return 0
 251 }
 252
 253 copy_configuration()
 254 {
 255     path=$1
 256     rootfs=$2
 257     name=$3
 258
 259 grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
 260 cat <<EOF >> $path/config
 261 lxc.utsname = $name
 262 lxc.tty = 1
 263 lxc.pts = 1
 264 lxc.cap.drop = sys_module mac_admin mac_override sys_time
 265
 266 # When using LXC with apparmor, uncomment the next line to run unconfined:
 267 #lxc.aa_profile = unconfined
 268 EOF
 269
 270     libdirs="\
 271         lib \
 272         usr/lib \
 273         lib64 \
 274         usr/lib64"
 275
 276     for dir in $libdirs; do
 277         if [ -d "/$dir" ] && [ -d "$rootfs/$dir" ]; then
 278             echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >> $path/config
 279         fi
 280     done
 281 }
 282
 283 usage()
 284 {
 285     cat <<EOF
 286 $1 -h|--help -p|--path=<path>
 287 EOF
 288     return 0
 289 }
 290
 291 options=$(getopt -o hp:n: -l help,rootfs:,path:,name: -- "$@")
 292 if [ $? -ne 0 ]; then
 293     usage $(basename $0)
 294     exit 1
 295 fi
 296 eval set -- "$options"
 297
 298 while true
 299 do
 300     case "$1" in
 301         -h|--help)      usage $0 && exit 0;;
 302         -p|--path)      path=$2; shift 2;;
 303         --rootfs)       rootfs=$2; shift 2;;
 304         -n|--name)      name=$2; shift 2;;
 305         --)             shift 1; break ;;
 306         *)              break ;;
 307     esac
 308 done
 309
 310 if [ "$(id -u)" != "0" ]; then
 311     echo "This script should be run as 'root'"
 312     exit 1
 313 fi
 314
 315 if [ -z "$path" ]; then
 316     echo "'path' parameter is required"
 317     exit 1
 318 fi
 319
 320 # detect rootfs
 321 config="$path/config"
 322 if [ -z "$rootfs" ]; then
 323     if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
 324         rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
 325     else
 326         rootfs=$path/rootfs
 327     fi
 328 fi
 329
 330 install_busybox $rootfs $name
 331 if [ $? -ne 0 ]; then
 332     echo "failed to install busybox's rootfs"
 333     exit 1
 334 fi
 335
 336 configure_busybox $rootfs
 337 if [ $? -ne 0 ]; then
 338     echo "failed to configure busybox template"
 339     exit 1
 340 fi
 341
 342 copy_configuration $path $rootfs $name
 343 if [ $? -ne 0 ]; then
 344     echo "failed to write configuration file"
 345     exit 1
 346 fi