4 # lxc: linux Container library
7 # Daniel Lezcano <daniel.lezcano@free.fr>
9 # Template for slackware by Matteo Bernardini <ponce@slackbuilds.org>
10 # some parts are taken from the debian one (used as model)
12 # This library is free software; you can redistribute it and/or
13 # modify it under the terms of the GNU Lesser General Public
14 # License as published by the Free Software Foundation; either
15 # version 2.1 of the License, or (at your option) any later version.
17 # This library is distributed in the hope that it will be useful,
18 # but WITHOUT ANY WARRANTY; without even the implied warranty of
19 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 # Lesser General Public License for more details.
22 # You should have received a copy of the GNU Lesser General Public
23 # License along with this library; if not, write to the Free Software
24 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 # Detect use under userns (unsupported)
28 [ "$arg" = "--" ] && break
29 if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
30 echo "This template can't be used for unprivileged containers." 1>&2
31 echo "You may want to try the \"download\" template instead." 1>&2
36 # Add some directories to PATH in case we create containers with sudo
37 export PATH
=/sbin
:/usr
/sbin
:$PATH
39 cache
=${cache:-/var/cache/lxc/slackware}
41 # Use the primary Slackware site by default, but please consider changing
42 # this to a closer mirror site.
43 MIRROR
=${MIRROR:-http://ftp.slackware.com/pub/slackware}
45 if [ -z "$arch" ]; then
46 case "$( uname -m )" in
49 *) arch
=$
( uname
-m ) ;;
53 LXC_TEMPLATE_CONFIG
="@LXCTEMPLATECONFIG@"
60 echo "Configuring..." ; echo
62 # The next part contains excerpts taken from SeTconfig (written by
63 # Patrick Volkerding) from the slackware setup disk.
64 # But before pasting them just set a variable to use them as they are
67 ( cd $T_PX ; chmod 755 .
/ )
68 ( cd $T_PX ; chmod 755 .
/var
)
69 if [ -d $T_PX/usr
/src
/linux
]; then
70 chmod 755 $T_PX/usr
/src
/linux
72 if [ ! -d $T_PX/proc
]; then
74 chown root.root
$T_PX/proc
76 if [ ! -d $T_PX/sys
]; then
78 chown root.root
$T_PX/sys
81 if [ ! -d $T_PX/var
/spool
/mail ]; then
82 mkdir
-p $T_PX/var
/spool
/mail
83 chmod 755 $T_PX/var
/spool
84 chown root.
mail $T_PX/var
/spool
/mail
85 chmod 1777 $T_PX/var
/spool
/mail
88 echo "#!/bin/sh" > $T_PX/etc
/rc.d
/rc.keymap
89 echo "# Load the keyboard map. More maps are in /usr/share/kbd/keymaps." \
90 >> $T_PX/etc
/rc.d
/rc.keymap
91 echo "if [ -x /usr/bin/loadkeys ]; then" >> $T_PX/etc
/rc.d
/rc.keymap
92 echo " /usr/bin/loadkeys us" >> $T_PX/etc
/rc.d
/rc.keymap
93 echo "fi" >> $T_PX/etc
/rc.d
/rc.keymap
94 chmod 755 $T_PX/etc
/rc.d
/rc.keymap
96 # Network configuration is left to the user, that have to edit
97 # /etc/rc.d/rc.inet1.conf and /etc/resolv.conf of the container
98 # just set the hostname
99 cat <<EOF > $rootfs/etc/HOSTNAME
100 $hostname.example.net
102 cp $rootfs/etc
/HOSTNAME
$rootfs/etc
/hostname
104 # make needed devices, from Chris Willing's MAKEDEV.sh
105 # http://www.vislab.uq.edu.au/howto/lxc/MAKEDEV.sh
108 mknod
-m 666 ${DEV}/null c
1 3
109 mknod
-m 666 ${DEV}/zero c
1 5
110 mknod
-m 666 ${DEV}/random c
1 8
111 mknod
-m 666 ${DEV}/urandom c
1 9
112 mkdir
-m 755 ${DEV}/pts
113 mkdir
-m 1777 ${DEV}/shm
114 mknod
-m 666 ${DEV}/tty c
5 0
115 mknod
-m 600 ${DEV}/console c
5 1
116 mknod
-m 666 ${DEV}/tty0 c
4 0
117 mknod
-m 666 ${DEV}/tty1 c
4 1
118 mknod
-m 666 ${DEV}/tty2 c
4 2
119 mknod
-m 666 ${DEV}/tty3 c
4 3
120 mknod
-m 666 ${DEV}/tty4 c
4 4
121 mknod
-m 666 ${DEV}/tty5 c
4 5
122 mknod
-m 666 ${DEV}/full c
1 7
123 mknod
-m 600 ${DEV}/initctl p
124 mknod
-m 660 ${DEV}/loop0 b
7 0
125 mknod
-m 660 ${DEV}/loop1 b
7 1
126 ln -s pts
/ptmx
${DEV}/ptmx
127 ln -s /proc
/self
/fd
${DEV}/fd
129 echo "Adding an etc/fstab"
130 cat >$rootfs/etc
/fstab
<<EOF
131 none /run tmpfs defaults,mode=0755 0 0
134 # simplify rc.6 and rc.S, http://www.vislab.uq.edu.au/howto/lxc/create_container.html
135 # and some other small fixes for a clean boot
136 cat >$rootfs/tmp
/rcs.
patch <<'EOF'
137 --- ./etc/rc.orig/rc.6 2012-08-15 01:03:12.000000000 +0200
138 +++ ./etc/rc.d/rc.6 2013-02-17 10:26:30.888839354 +0100
140 # Author: Miquel van Smoorenburg <miquels@drinkel.nl.mugnet.org>
141 # Modified by: Patrick J. Volkerding, <volkerdi@slackware.com>
143 +# minor tweaks for an lxc container
144 +# by Matteo Bernardini <ponce@slackbuilds.org>,
145 +# based also on Chris Willing's modifications
146 +# http://www.vislab.uq.edu.au/howto/lxc/rc.6
147 +# a check for a container variable is made to jump sections
151 PATH=/sbin:/etc:/bin:/usr/bin
156 +# lxc container check
157 +if [ ! $container = "lxc" ]; then
159 # Save the system time to the hardware clock using hwclock --systohc.
160 if [ -x /sbin/hwclock ]; then
161 # Check for a broken motherboard RTC clock (where ioports for rtc are
166 +fi # end container check
168 # Run any local shutdown scripts:
169 if [ -x /etc/rc.d/rc.local_shutdown ]; then
170 /etc/rc.d/rc.local_shutdown stop
175 +# lxc container check
176 +if [ ! $container = "lxc" ]; then
178 # Shut down PCMCIA devices:
179 if [ -x /etc/rc.d/rc.pcmcia ]; then
180 . /etc/rc.d/rc.pcmcia stop
181 @@ -155,11 +169,16 @@
185 +fi # end container check
187 # Turn off process accounting:
188 if [ -x /sbin/accton -a -r /var/log/pacct ]; then
192 +# lxc container check
193 +if [ ! $container = "lxc" ]; then
195 # Terminate acpid before syslog:
196 if [ -x /etc/rc.d/rc.acpid -a -r /var/run/acpid.pid ]; then # quit
197 . /etc/rc.d/rc.acpid stop
199 sh /etc/rc.d/rc.udev force-stop
202 +fi # end container check
204 # Kill all remaining processes.
205 if [ ! "$1" = "fast" ]; then
206 echo "Sending all processes the SIGTERM signal."
211 +# lxc container check
212 +if [ ! $container = "lxc" ]; then
214 # Try to turn off quota.
215 if /bin/grep -q quota /etc/fstab ; then
216 if [ -x /sbin/quotaoff ]; then
221 +fi # end container check
223 # Carry a random seed between reboots.
224 echo "Saving random seed from /dev/urandom in /etc/random-seed."
225 # Use the pool size from /proc, or 512 bytes:
227 rm -f /var/lock/subsys/*
230 +# lxc container check
231 +if [ ! $container = "lxc" ]; then
234 echo "Turning off swap."
237 echo "Remounting root filesystem read-only."
238 /bin/mount -v -n -o remount,ro /
240 +fi # end container check
245 @@ -240,12 +271,17 @@
249 +# lxc container check
250 +if [ ! $container = "lxc" ]; then
252 # Deactivate LVM volume groups:
253 if [ -r /etc/lvmtab -o -d /etc/lvm/backup ]; then
254 echo "Deactivating LVM volume groups:"
255 /sbin/vgchange -an --ignorelockingfailure
258 +fi # end container check
260 # This never hurts again (especially since root-on-LVM always fails
261 # to deactivate the / logical volume... but at least it was
262 # remounted as read-only first)
264 # This is to ensure all processes have completed on SMP machines:
267 +# lxc container check
268 +if [ ! $container = "lxc" ]; then
270 if [ -x /sbin/genpowerd ]; then
271 # See if this is a powerfail situation:
272 if /bin/egrep -q "FAIL|SCRAM" /etc/upsstatus 2> /dev/null ; then
279 +# confirm successful shutdown of the container
280 +echo ; echo "* container stopped. *" ; echo
282 +fi # end container check
284 # Now halt (poweroff with APM or ACPI enabled kernels) or reboot.
285 if [ "$command" = "reboot" ]; then
287 --- ./etc/rc.orig/rc.S 2012-09-13 21:38:34.000000000 +0200
288 +++ ./etc/rc.d/rc.S 2013-02-17 09:39:41.579799641 +0100
291 # Mostly written by: Patrick J. Volkerding, <volkerdi@slackware.com>
293 +# minor tweaks for an lxc container
294 +# by Matteo Bernardini <ponce@slackbuilds.org>,
295 +# based also on Chris Willing's modifications
296 +# http://www.vislab.uq.edu.au/howto/lxc/rc.S
297 +# a check for a container variable is made to jump sections
300 PATH=/sbin:/usr/sbin:/bin:/usr/bin
302 +# lxc container check
303 +if [ ! $container = "lxc" ]; then
305 # Try to mount /proc:
306 /sbin/mount -v proc /proc -n -t proc 2> /dev/null
308 @@ -254,10 +263,27 @@
310 fi # Done checking root filesystem
313 + # We really don't want to start udev in the container
314 + if [ -f /etc/rc.d/rc.udev ]; then
315 + chmod -x /etc/rc.d/rc.udev
318 + if [ -f /etc/rc.d/rc.alsa ]; then
319 + chmod -x /etc/rc.d/rc.alsa
322 + if [ -f /etc/rc.d/rc.loop ]; then
323 + chmod -x /etc/rc.d/rc.loop
325 +fi # end container check
327 # Any /etc/mtab that exists here is old, so we start with a new one:
328 /bin/rm -f /etc/mtab{,~,.tmp} && /bin/touch /etc/mtab
330 +# lxc container check
331 +if [ ! $container = "lxc" ]; then
333 # Add entry for / to /etc/mtab:
337 # mounted read-write.
338 /sbin/swapon -a 2> /dev/null
340 +fi # end container check
342 # Clean up some temporary files:
343 rm -f /var/run/* /var/run/*/* /var/run/*/*/* /etc/nologin \
344 /etc/dhcpc/*.pid /etc/forcefsck /etc/fastboot \
346 # if the first line of that file begins with the word 'Linux'.
347 # You are free to modify the rest of the file as you see fit.
348 if [ -x /bin/sed ]; then
349 - /bin/sed -i "{1s/^Linux.*/$(/bin/uname -sr)\./}" /etc/motd
350 + /bin/sed -i "{1s/^Linux.*/$(/bin/uname -sr) lxc container\./}" /etc/motd
353 # If there are SystemV init scripts for this runlevel, run them.
355 . /etc/rc.d/rc.sysvinit
358 +# lxc container check
359 +if [ ! $container = "lxc" ]; then
361 # Run serial port setup script:
362 # CAREFUL! This can make some systems hang if the rc.serial script isn't
363 # set up correctly. If this happens, you may have to edit the file from a
365 sh /etc/rc.d/rc.serial start
368 +fi # end container check
370 # Carry an entropy pool between reboots to improve randomness.
371 if [ -f /etc/random-seed ]; then
372 echo "Using /etc/random-seed to initialize /dev/urandom."
373 --- ./etc/rc.orig/rc.M 2012-09-25 19:47:07.000000000 +0200
374 +++ ./etc/rc.d/rc.M 2013-02-17 09:39:41.579799641 +0100
376 # Author: Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org>
377 # Heavily modified by Patrick Volkerding <volkerdi@slackware.com>
379 +# minor tweaks for an lxc container
380 +# by Matteo Bernardini <ponce@slackbuilds.org>:
381 +# a check for a container variable is made to jump sections
384 # Tell the viewers what's going to happen.
385 echo "Going multiuser..."
390 +# lxc container check
391 +if [ ! $container = "lxc" ]; then
393 # Screen blanks after 15 minutes idle time, and powers down in one hour
394 # if the kernel supports APM or ACPI power management:
395 /bin/setterm -blank 15 -powersave powerdown -powerdown 60
397 /bin/hostname darkstar
400 +fi # end container check
402 # Set the permissions on /var/log/dmesg according to whether the kernel
403 # permits non-root users to access kernel dmesg information:
404 if [ -r /proc/sys/kernel/dmesg_restrict ]; then
406 chmod 755 / 2> /dev/null
407 chmod 1777 /tmp /var/tmp
409 +# lxc container check
410 +if [ ! $container = "lxc" ]; then
412 # Start APM or ACPI daemon.
413 # If APM is enabled in the kernel, start apmd:
414 if [ -e /proc/apm ]; then
416 . /etc/rc.d/rc.acpid start
419 +fi # end container check
421 # Update any existing icon cache files:
422 if find /usr/share/icons 2> /dev/null | grep -q icon-theme.cache ; then
423 for theme_dir in /usr/share/icons/* ; do
424 --- ./etc/rc.orig/rc.inet1 2012-08-05 19:13:27.000000000 +0200
425 +++ ./etc/rc.d/rc.inet1 2013-02-17 09:39:41.579799641 +0100
427 # This script is used to bring up the various network interfaces.
429 # @(#)/etc/rc.d/rc.inet1 10.2 Sun Jul 24 12:45:56 PDT 2005 (pjv)
431 +# minor tweaks for an lxc container
432 +# by Matteo Bernardini <ponce@slackbuilds.org>:
433 +# a check for a container variable is made to jump sections
436 ############################
437 # READ NETWORK CONFIG FILE #
439 [ "${IFNAME[$i]}" = "${1}" ] && break
443 + # lxc container check
444 + if [ ! $container = "lxc" ]; then
446 # If the interface is a bridge, then create it first:
447 [ -n "${BRNICS[$i]}" ] && br_open $i
448 # If the interface isn't in the kernel yet (but there's an alias for it in
454 + fi # end container check
456 if grep `echo ${1}: | cut -f 1 -d :`: /proc/net/dev 1> /dev/null ; then # interface exists
457 if ! /sbin/ifconfig | grep -w "${1}" 1>/dev/null || \
458 ! /sbin/ifconfig ${1} | grep -w inet 1> /dev/null ; then # interface not up or not configured
460 ( cd $rootfs ; patch -p1 < tmp
/rcs.
patch ; rm tmp
/rcs.
patch )
462 # restart rc.inet1 to have routing for the loop device
463 echo "/etc/rc.d/rc.inet1 restart" >> $rootfs/etc
/rc.d
/rc.
local
465 # reduce the number of local consoles: two should be enough
466 sed -i '/^c3\|^c4\|^c5\|^c6/s/^/# /' $rootfs/etc
/inittab
468 # better not use this in a container
469 sed -i 's/.*genpowerfail.*//' $rootfs/etc
/inittab
471 # add a message to rc.local that confirms successful container startup
472 echo "echo ; echo \"* container $name started. *\" ; echo" >> $rootfs/etc
/rc.d
/rc.
local
474 # borrow the time configuration from the local machine
475 cp -a /etc
/localtime
$rootfs/etc
/localtime
484 # make a local copy of the installed filesystem
485 echo -n "Copying rootfs to $rootfs..."
487 cp -a $cache/rootfs-
$release-$arch/* $rootfs/ ||
exit 1
489 # fix fstab with the actual path
490 sed -i "s|$cache/rootfs-$release-$arch|$rootfs|" $rootfs/etc
/fstab
498 mkdir
-p /var
/lock
/subsys
/
501 if [ $?
-ne 0 ]; then
502 echo "Cache repository is busy."
506 if [ "$arch" == "x86_64" ]; then
508 elif [ "$arch" == "arm" ]; then
514 export CONF
=$cache/slackpkg-conf
515 export ROOT
=$cache/rootfs-
$release-$arch
517 mkdir
-p $cache/cache-
$release-$arch $cache/rootfs-
$release-$arch \
518 $cache/slackpkg-
$release-$arch $CONF/templates
520 echo "$MIRROR/$PKGMAIN-$release/" > $CONF/mirrors
521 touch $CONF/blacklist
523 cat <<EOF > $CONF/slackpkg.conf
526 TEMP=$cache/cache-$release-$arch
527 WORKDIR=$cache/slackpkg-$release-$arch
532 PRIORITY=( patches %PKGMAIN extra pasture testing )
544 # thanks to Vincent Batts for this list of packages
545 # (that I modified a little :P)
546 # http://connie.slackware.com/~vbatts/minimal/
547 cat <<EOF > $CONF/templates/minimal-lxc.template
593 TEMPLATE
=${TEMPLATE:-minimal-lxc}
594 if [ ! "$TEMPLATE" = "minimal-lxc" ]; then
595 if [ -f /etc
/slackpkg
/templates
/$TEMPLATE.template
]; then
596 cat /etc
/slackpkg
/templates
/$TEMPLATE.template \
597 > $CONF/templates
/$TEMPLATE.template
599 TEMPLATE
="minimal-lxc"
603 # clean previous installs
606 slackpkg
-default_answer=n update
607 slackpkg install-template
$TEMPLATE
609 # add a slackpkg default mirror
610 echo "$MIRROR/$PKGMAIN-$release/" >> $ROOT/etc
/slackpkg
/mirrors
612 # blacklist the devs package (we have to use our premade devices).
613 # do the same with the kernel packages (we use the host's one),
614 # but leave available headers and sources
615 echo "devs" >> $ROOT/etc
/slackpkg
/blacklist
617 -e "s|^#kernel-|kernel-|" \
618 -e "s|^kernel-headers|#kernel-headers|" \
619 -e "s|^kernel-source|#kernel-source|" \
620 $ROOT/etc
/slackpkg
/blacklist
622 # force klog to use the system call interface to the kernel message
623 # buffers - needed for unprivileged containers
624 sed -i 's|3\ \-x|3 -x -s|' $ROOT/etc
/rc.d
/rc.syslog || true
628 ) 9>/var
/lock
/subsys
/lxc
639 cat <<EOF >> $path/config
644 lxc.mount = $rootfs/etc/fstab
646 lxc.include = ${LXC_TEMPLATE_CONFIG}/slackware.common.conf
649 if [ $?
-ne 0 ]; then
650 echo "Failed to add configuration."
659 if [ ! -e $cache ]; then
663 # lock, so we won't purge while someone is creating a repository
667 echo "Cache repository is busy."
671 echo -n "Purging the download cache..."
672 rm --preserve-root --one-file-system -rf $cache && echo "Done." ||
exit 1
675 ) 9>/var
/lock
/subsys
/lxc
681 $1 -h|--help -p|--path=<path> --clean
686 options
=$
(getopt
-o hp
:n
:a
:r
:c
-l help,rootfs
:,path
:,name
:,arch
:,release
:,clean
-- "$@")
687 if [ $?
-ne 0 ]; then
691 eval set -- "$options"
696 -h|
--help) usage
$0 && exit 0;;
697 -p|
--path) path
=$2; shift 2;;
698 --rootfs) rootfs
=$2; shift 2;;
699 -a|
--arch) arch
=$2; shift 2;;
700 -r|
--release) release
=$2; shift 2;;
701 -n|
--name) name
=$2; shift 2;;
702 -c|
--clean) clean
=$2; shift 2;;
703 --) shift 1; break ;;
708 if [ ! -z "$clean" -a -z "$path" ]; then
714 if [ $?
-ne 0 ]; then
715 echo "'installpkg' command is missing."
720 if [ $?
-ne 0 ]; then
721 echo "'slackpkg' command is missing."
725 if [ -z "$path" ]; then
726 echo "'path' parameter is required."
730 if [ "$(id -u)" != "0" ]; then
731 echo "This script should be run as 'root'."
735 # If no release version was specified, use current
736 release
=${release:-current}
738 if [ -z "$name" ]; then
739 # no name given? set a default one
740 name
=slackwarecontainer
744 config
="$path/config"
745 if [ -z "$rootfs" ]; then
746 if grep -q '^lxc.rootfs.path' $config 2>/dev
/null
; then
747 rootfs
=$
(awk -F= '/^lxc.rootfs.path =/{ print $2 }' $config)
757 install_slackware
$rootfs
758 if [ $?
-ne 0 ]; then
759 echo "Failed to install slackware."
765 configure_slackware
$cache/rootfs-
$release-$arch $name
766 if [ $?
-ne 0 ]; then
767 echo "Failed to configure slackware for a container."
774 copy_slackware
$rootfs
775 if [ $?
-ne 0 ]; then
776 echo "Failed to copy rootfs."
782 copy_configuration
$path $rootfs $name
783 if [ $?
-ne 0 ]; then
784 echo "Failed to write configuration file."
788 if [ ! -z $clean ]; then