[templates] archlinux: noneed default_timezone variable Signed-off-by: otofune <otofune@gmail.com>

[templates] archlinux: resolve conflicting files - already found /etc/localtime - duplicate creation /etc/resolv.conf Signed-off-by: otofune <otofune@gmail.com>

archlinux: Fix resolving Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

archlinux: Do DHCP on eth0 Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Fix typo in lxc-archlinux.in Thank you vim! Signed-off-by: Nicolas Porcel <nicolasporcel06@gmail.com>

arch template: Fix systemd-sysctl service The systemd-sysctl service includes condition that /proc/sys/ has to be read-write. In lxc only /proc/sys/net/ is read-write which causes the condition to fail and service not to run. This patch changes the check to /proc/sys/net/ and makes the service apply only rules that are in net tree. Signed-off-by: Jakub Sztandera <kubuxu@gmail.com>

lxc-archlinux: Properly set default locale in /etc/locale.conf Signed-off-by: Bill Kolokithas <kolokithas.b@gmail.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-archlinux.in: update securetty when lxc.devttydir is set Update container's /etc/securetty to allow console logins when lxc.devttydir is not empty. Also use config entries provided by shared and common configuration files. Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov@gmail.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-archlinux.in: Add pacman keyring initialization back Shuffle around usage text a bit and add missing -d while there. Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov@gmail.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Update Arch Linux template and add common configuration files Move common container configuration entries into template config. Remove unnecessary service symlinking and configuration entries, as well as guest configs and other redundant configuration, fix minor script bugs. Clean up template command line, add -d option to allow disabling services. Also enable getty's on all configured ttys to allow logins via lxc-console, set lxc.tty value corresponding to default Arch /etc/securetty configuration. This patch simplifies Arch Linux template a bit, while fixing some longstanding issues. It also provides common configuration based on files provided for Fedora templates. Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov@gmail.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

archlinux template: fix lxc.root for btrfs backend when using btrfs backend lxc-create first creates rootfs in /usr/lib/lxc/rootfs directory before moving it to /var/lib/lxc or other directory supplied by the command line. Archlinux template relied in $rootfs_path which made containers created with btrfs backend have lxc.rootfs set to /usr/lib/lxc/rootfs. By using $path instead of $rootfs_path we make sure that lxc.rootfs is always correct. Signed-off-by: Edvinas Klovas <edvinas@pnd.io> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

archlinux template: added sigpwr handling to systemd (lxc-stop) archlinux is using systemd and systemd's configuration does not have any services setup to handle sigpwr hook which is sent by lxc-stop command. By enabling sigpwr service we make sure that lxc-stop will work. Signed-off-by: Edvinas Klovas <edvinas@pnd.io> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

archlinux: add debugging info for missing network link Signed-off-by: Ryan Mulligan <ryan@ryantm.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

archlinux: Code cleanups (v2) Cleanups: 1. Do not modify container's /etc/hosts (archlinux uses /etc/nsswitch.conf) 2. Remove duplicate lines from config 3. Print a nicer final message 4. Get rid of some grep's Signed-off-by: Leonid Isaev <lisaev@umail.iu.edu> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Revert "archlinux: Code cleanups" This reverts commit 34fd08f87bc2f9340c760721f5e5f728b49297a9.

archlinux: Code cleanups Cleanups: 1. Do not modify container's /etc/hosts (archlinux uses /etc/nsswitch.conf) 2. Remove duplicate lines from config 3. Print a nicer final message 4. Get rid of some grep's in favor of bash regex Signed-off-by: Leonid Isaev <lisaev@umail.iu.edu> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

archlinux: Create per-container pacman host key Do not copy the pacman master key from the host, as this opens it to attacks; generate a new secret hostkey. Signed-off-by: Leonid Isaev <lisaev@umail.iu.edu> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

archlinux: Fix default package selection Do not cherry-pick packages for the default install to avoid dependency issues. Instead, install the base group modulo blacklisted packages. Signed-off-by: Leonid Isaev <lisaev@umail.iu.edu> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

templates: Fix bashisms in common code Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

templates: Make sure usual locations are in PATH Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

templates: improve refusing to run unprivileged For all templates except lxc-ubuntu-cloud and lxc-download, detect not only --mapped-uid but also --mapped-gid and error out. Detecting will not be done after -- parameter because of non-option parameters. Also, change the mode of lxc-archlinux.in 100755 to 100644. Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

templates: Refuse to run unprivileged Only the download and ubuntu-cloud templates work with unprivileged containers, for all others, detect --mapped-uid and error out as early as possible, recommending the use of the download template. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Trailing whitespace Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-archlinux: Cleanup fstab It's been brought to my attention that the read-only mount of /proc/sys is causing problems to archlinux users, so instead just have LXC mount proc and sysfs normally (read-write). Reported-by: John Lane <john@lane.uk.net> Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-archlinux: optional --root_passwd argument Signed-off-by: John Lane <john@lane.uk.net> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-archlinux: support enabling systemd units Signed-off-by: John Lane <john@lane.uk.net> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-archlinux: support different architectures Signed-off-by: John Lane <john@lane.uk.net> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-archlinux: don't drop mknod capability Signed-off-by: John Lane <john@lane.uk.net> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

handle simple bashisms: - [[ ]] -> [ ] - == -> = - source -> . - redirect of fd 200 is error in mksh, use fd 9 - &> /dev/null -> > /dev/null 2>&1 - useless function keyword - echo -e -> printf still left bash shebang which did not validate with checkbashism, mostly due 'type' being reported as bashism Signed-Off-By: Elan Ruusamäe <glen@delfi.ee> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

licensing: Add missing headers and FSF address Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Move container creation fully into the api 1. implement bdev->create: python and lua: send NULL for bdevtype and bdevspecs. They'll want to be updated to pass those in in a way that makes sense, but I can't think about that right now. 2. templates: pass --rootfs If the container is backed by a device which must be mounted (i.e. lvm) then pass the actual rootfs mount destination to the templates. Note that the lxc.rootfs can be a mounted block device. The template should actually be installing the rootfs under the path where the lxc.rootfs is *mounted*. Still, some people like to run templates by hand and assume purely directory backed containers, so continue to support that use case (i.e. if no --rootfs is listed). Make sure the templates don't re-write lxc.rootfs if it is already in the config. (Most were already checking for that) 3. Replace lxc-create script with lxc_create.c program. Changelog: May 24: when creating a container, create $lxcpath/$name/partial, and flock it. When done, close that file and unlink it. In lxc_container_new() and lxcapi_start(), check for this file. If it is locked, create is ongoing. If it exists but is not locked, create() was killed - remove the container. May 24: dont disk-lock during lxcapi_create. The partial lock is sufficient. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

templates: deny writes to host's clock (v2) Don't allow write to /dev/rtc0, and remove sys_time. Thanks, Christoph. v2: drop sys_time, sys_module, mac_admin and mac_override in all templates. Reported-by: Christoph Mitasch <cmitasch@thomas-krenn.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Update lxc-archlinux template default config to use new options Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov@gmail.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Update lxc-archlinux template. Add mknod to lxc.cap.drop since udev is conditioned on CAP_MKNOD capability. Update base package list. Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov@gmail.com> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Add 'config' option to lxc-archlinux template and fix getopt string This option allows user to control installation repository and options using alternative pacman configuration file. Also remove unnecessary sed invocation during container configuration. Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov@gmail.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Update lxc-archlinux template to work with systemd Use arch-install-scripts for installation. Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov@gmail.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-archlinux: Don't hardcode /var/lib/lxc in help Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

templates: Make generated config consistent This updates all the templates and the configuration files to consistently use "key = value" everywhere. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxc-archlinux.in: Apply same LXCPATH/LOCALSTATEDIR lxc-archlinux was apparently left out of the last change, apply the same modification as the other templates. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-create: Make location of container rootfs configurable Make 'dir' an explicit backing store type, which accepts '--dir rootfs' as an option to specify a custom location for the container rootfs. Also update lxc-destroy to now remove the rootfs separately, as removing @LXCPATH@/$name may not hit it. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Add lxc.aa_profile example to all templates LXC has optional apparmor support, default profile is lxc-container-default. This change adds a commented "lxc.aa_profile = default" line to all templates, uncommenting this will bypass apparmor for the container. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

add lxc-archlinux template Hi, here's the patch which adds Arch linux container template Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>