rootfs=$1
tree="\
-$rootfs/var/run/sshd \
$rootfs/var/empty/sshd \
$rootfs/var/lib/empty/sshd \
$rootfs/etc/init.d \
$rootfs/etc/ssh \
$rootfs/etc/sysconfig/network-scripts \
$rootfs/dev/shm \
-$rootfs/run/shm \
+$rootfs/run/sshd \
$rootfs/proc \
$rootfs/sys \
$rootfs/bin \
return 1
fi
+ ln -s /run $rootfs/var/run
+ if [ $? -ne 0 ]; then
+ return 1
+ fi
+
return 0
}
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
-KeyRegenerationInterval 3600
-ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
-RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
-RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords yes
ChallengeResponseAuthentication no
rootfs=$2
name=$3
- grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
+ init_path=$(realpath --relative-to=/ $(readlink -f /sbin/init))
+
+ grep -q "^lxc.rootfs.path" $path/config 2>/dev/null || echo "lxc.rootfs.path = $rootfs" >> $path/config
cat <<EOF >> $path/config
-lxc.utsname = $name
-lxc.pts = 1024
+lxc.uts.name = $name
+lxc.pty.max = 1024
lxc.cap.drop = sys_module mac_admin mac_override sys_time
# When using LXC with apparmor, uncomment the next line to run unconfined:
-#lxc.aa_profile = unconfined
+#lxc.apparmor.profile = unconfined
lxc.mount.entry = /dev dev none ro,bind 0 0
lxc.mount.entry = /lib lib none ro,bind 0 0
lxc.mount.entry = /bin bin none ro,bind 0 0
lxc.mount.entry = /usr usr none ro,bind 0 0
lxc.mount.entry = /sbin sbin none ro,bind 0 0
-lxc.mount.entry = tmpfs var/run/sshd tmpfs mode=0644 0 0
-lxc.mount.entry = @LXCTEMPLATEDIR@/lxc-sshd sbin/init none ro,bind 0 0
+lxc.mount.entry = tmpfs run/sshd tmpfs mode=0644 0 0
+lxc.mount.entry = @LXCTEMPLATEDIR@/lxc-sshd $init_path none ro,bind 0 0
lxc.mount.entry = /etc/init.d etc/init.d none ro,bind 0 0
lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
fi
# if no .ipv4 section in config, then have the container run dhcp
- grep -q "^lxc.network.ipv4" $path/config || touch $rootfs/run-dhcp
+ grep -q "^lxc.net.0.ipv4.address" $path/config || touch $rootfs/run-dhcp
if [ "$(uname -m)" = "x86_64" ]; then
cat <<EOF >> $path/config
# detect rootfs
config="$path/config"
if [ -z "$rootfs" ]; then
- if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
- rootfs=$(awk -F= '/^lxc.rootfs =/{ print $2 }' $config)
+ if grep -q '^lxc.rootfs.path' $config 2>/dev/null ; then
+ rootfs=$(awk -F= '/^lxc.rootfs.path =/{ print $2 }' $config)
else
rootfs=$path/rootfs
fi