lxc-archlinux.in: update securetty when lxc.devttydir is set

Update container's /etc/securetty to allow console logins when lxc.devttydir is not empty.
Also use config entries provided by shared and common configuration files.

Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

diff --git a/config/templates/archlinux.common.conf.in b/config/templates/archlinux.common.conf.in
index 7c950e7a148e2f7f9e0e1e3c861c6cb1c8689edd..0be195886ff3335ad7b9da5ffa8dfe73b6ab1949 100644 (file)
--- a/config/templates/archlinux.common.conf.in
+++ b/config/templates/archlinux.common.conf.in
@@ -17,6 +17,9 @@ lxc.stopsignal=SIGRTMIN+14
 # Mount entries
 lxc.mount.auto = proc:mixed sys:ro
 
+# Uncomment to disable creating tty devices subdirectory in /dev
+# lxc.devttydir =
+
 # Capabilities
 # Uncomment these if you don't run anything that needs the capability, and
 # would like the container to run with less privilege.

diff --git a/templates/lxc-archlinux.in b/templates/lxc-archlinux.in
index a95564b16b81378596249867c98afe54b5bd0cc8..ceaff90b7f1f77eb0b7d5c73d00d1528efd5747c 100644 (file)
--- a/templates/lxc-archlinux.in
+++ b/templates/lxc-archlinux.in
@@ -44,6 +44,7 @@ default_path="@LXCPATH@"
 default_locale="en-US.UTF-8"
 default_timezone="UTC"
 pacman_config="/etc/pacman.conf"
+common_config="@LXCTEMPLATECONFIG@/common.conf"
 shared_config="@LXCTEMPLATECONFIG@/archlinux.common.conf"
 
 # by default, install 'base' except the kernel
@@ -107,11 +108,23 @@ pacman-key --init
 pacman-key --populate archlinux
 EOF
     # enable getty on active ttys
-    nttys=$(grep lxc.tty ${config_path}/config | cut -d= -f 2 | tr -d "[:blank:]")
+    local nttys=$(cat "${config_path}/config" ${shared_config} ${common_config} | grep "^lxc.tty" | head -n1 | cut -d= -f2 | tr -d "[:blank:]")
+    local devttydir=$(cat "${config_path}/config" ${shared_config} ${common_config} | grep "^lxc.devttydir" | head -n1 | cut -d= -f2 | tr -d "[:blank:]")
+    local devtty=""
+    # bind getty instances to /dev/<devttydir>/tty* if lxc.devttydir is set
+    [ -n "${devttydir}" ] && devtty="${devttydir}-"
     if [ ${nttys:-0} -gt 1 ]; then
-      ( cd ${rootfs_path}/etc/systemd/system/getty.target.wants
-        for i in $(seq 1 $nttys); do ln -sf ../getty\@.service getty@tty${i}.service; done )
+      ( cd "${rootfs_path}/etc/systemd/system/getty.target.wants"
+        for i in $(seq 1 $nttys); do ln -sf "../getty@.service" "getty@${devtty}tty${i}.service"; done )
     fi
+    # update securetty to allow console login if devttydir is set
+    if [ -n "${devttydir}" ]; then
+        for i in $(seq 1 ${nttys:-1}); do
+            echo "${devttydir}/tty${i}" >> "${rootfs_path}/etc/securetty"
+        done
+    fi
+    [ -n "${devttydir}" ] && echo "${devttydir}/console" >> "${rootfs_path}/etc/securetty"
+    # Arch default configuration allows only tty1-6 for login
     [ ${nttys:-0} -gt 6 ] && echo \
       "You may want to modify container's /etc/securetty \
       file to allow root logins on tty7 and higher"