do not set insecure passwords Signed-off-by: Evgeni Golov <evgeni@debian.org>

lxc-busybox: Remove warning for dynamically linked Busybox The warning has been present since commit 32b37181ea (with no purpose stated). Support for dynamically linked Busybox has been added since commit bf6cc73696. Haven't encountered any issues with dynamically linked Busybox in my last 2 years' testing. Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-busybox: Touch /etc/fstab in the container rootfs Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>

lxc-busybox: Prevent copying binaries from /usr/local to container On certain systems, some binaries needed by the container features (dropbear, openssh), may be placed in non-standard (aka non-distribution-managed locations), such as /usr/local/*, /opt/local/*, etc. Don't copy the respective binaries in the container and return a clear error why. The user should only use these binaries if they are installed at system-wide locations on the host, such as /{s,}bin or /usr/{s,}bin. v2: - check that binary paths adhere to /{,usr/}{,s}bin only Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxc-busybox: make some OpenSSH tools optional Currently, when installing OpenSSH in a Busybox container, the template searches for all the OpenSSH client binaries available in the Debian distro package. The included tools might differ from distro to distro, so make part of the tools optional. The mandatory tools, without which installing OpenSSH fails, are "sshd" for the server and "ssh" and "scp" for the client. Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxc-busybox: add OpenSSH support Add an additional template parameter for SSH support in the container. Currently this can be implemented using the Dropbear or OpenSSH utility. The respective tool needs to be available on the host Linux. If the parameter is omitted, the template will look for the Dropbear utility on the host and install it if it is available (legacy behavior). Adding OpenSSH support has been done following the model in the lxc-sshd template. Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-busybox: use lxc.rebootsignal = SIGTERM Otherwise lxc-stop -r has no effect on the container. Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Use consistent /proc, /sys and /sys/fs/cgroup (v2) - Implements mixed mode for /sys where it's mounted read-only but with /sys/devices/virtual/net/ writable. - Sets lxc.mount.auto to "cgroup:mixed proc:mixed sys:mixed" for all templates. - Drop any template-specific mount for /proc, /sys or /sys/fs/cgroup. - Get rid of the fstab file by default, using lxc.mount.entry instead. - Set sys:mixed as the default for "sys". sys:mixed is slightly more permissive than sys:ro so this shouldn't be a problem. The read-only bind mount of /sys on top of itself is there so that mountall and other init systems don't attempt to remount /sys read-write. v2 changes: - Fix the mount list, don't specify a source for the remount. - Update the documentation. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

fix busybox unpriv 1. tty5 is not needed 2. the devices should be optional in case they didn't exist in the host / parent-container 3. switch from 'touch $rootfs/dev/$dev' to using create=file in the mount entry. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

busybox template: mount fstab when available When running unprivileged, lxc-create will touch a fstab file, with bind-mounts for the ttys and other devices. Add this entry in the container config. Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

busybox template: support for unprivileged containers Apply the changes found in templates/lxc-download to the busybox template as well. Change ownership of the config and fstab files to the unprivileged user, and the ownership of the rootfs to root in the new user namespace. Eliminate the "unsupported for userns" flag. Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxc-busybox: follow symlinks when inspecting busybox binary Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

templates: Fix bashisms in common code Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

templates: Make sure usual locations are in PATH Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

templates: improve refusing to run unprivileged For all templates except lxc-ubuntu-cloud and lxc-download, detect not only --mapped-uid but also --mapped-gid and error out. Detecting will not be done after -- parameter because of non-option parameters. Also, change the mode of lxc-archlinux.in 100755 to 100644. Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

templates: Refuse to run unprivileged Only the download and ubuntu-cloud templates work with unprivileged containers, for all others, detect --mapped-uid and error out as early as possible, recommending the use of the download template. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>

handle simple bashisms: - [[ ]] -> [ ] - == -> = - source -> . - redirect of fd 200 is error in mksh, use fd 9 - &> /dev/null -> > /dev/null 2>&1 - useless function keyword - echo -e -> printf still left bash shebang which did not validate with checkbashism, mostly due 'type' being reported as bashism Signed-Off-By: Elan Ruusamäe <glen@delfi.ee> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

add lxc.haltsignal for soft shutdown - use this in the busybox template since busybox's init expects to receive SIGUSR1 to halt - fix lxc.stopsignal to be output by write_config so lxcapi_clone() and lxcapi_save_config() will output it Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-busybox: make securityfs bind-mount optional Prevent container start from failing when running Busybox containers on hosts without securityfs support. Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

busybox template: set mode when creating device nodes Ensure mode 666 is set for tty1 and tty5 Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

use awk, instead of 'grep | awk' Signed-off-by: Elan Ruusamäe <glen@delfi.ee> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-busybox: if in userns, don't try to mknod Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-busybox: don't copy temp mounts into mtab Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

fix busybox template for use with AppArmor Ensure /proc and /sys are mounted in the container, otherwise apparmor_enabled() will fail to find /sys/module/apparmor/parameters/enabled Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

licensing: Add missing headers and FSF address Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Move container creation fully into the api 1. implement bdev->create: python and lua: send NULL for bdevtype and bdevspecs. They'll want to be updated to pass those in in a way that makes sense, but I can't think about that right now. 2. templates: pass --rootfs If the container is backed by a device which must be mounted (i.e. lvm) then pass the actual rootfs mount destination to the templates. Note that the lxc.rootfs can be a mounted block device. The template should actually be installing the rootfs under the path where the lxc.rootfs is *mounted*. Still, some people like to run templates by hand and assume purely directory backed containers, so continue to support that use case (i.e. if no --rootfs is listed). Make sure the templates don't re-write lxc.rootfs if it is already in the config. (Most were already checking for that) 3. Replace lxc-create script with lxc_create.c program. Changelog: May 24: when creating a container, create $lxcpath/$name/partial, and flock it. When done, close that file and unlink it. In lxc_container_new() and lxcapi_start(), check for this file. If it is locked, create is ongoing. If it exists but is not locked, create() was killed - remove the container. May 24: dont disk-lock during lxcapi_create. The partial lock is sufficient. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

lxc-busybox: check when bind-mounting host libdirs The patch removes the behavior of automatically mounting /lib and /usr/lib, since this is duplicated a few lines below. It will also remove the risk of failing when one of these entries are not present on the host - e.g. on a 64bit machine. Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

templates: deny writes to host's clock (v2) Don't allow write to /dev/rtc0, and remove sys_time. Thanks, Christoph. v2: drop sys_time, sys_module, mac_admin and mac_override in all templates. Reported-by: Christoph Mitasch <cmitasch@thomas-krenn.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

lxc-template: enable chroot + chpasswd functionality for Busybox hosts This patch supports the scenario where a user wants to install a busybox container on a busybox host. When running the template, in order to change the root password, the template needs to do the chroot. On busybox-powered hosts, chroot is not part of the coreutils package - it's part of busybox. And the busybox implementation or chroot only works if it has /lib in the new root populated with the right binaries (or at least that's the solution I found to make it work). The temporarily bind-mounts /lib in the NEWROOT, chroots there, changes the password, goes back and unmounts. This set of operations is contained in a new MOUNT namespace, using the lxc-unshare call. Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

use which instead of type This is for consistency with the rest of lxc, and also because type checks for shell builtins, a behavior that we do not want in these cases. Ensure stderr for which is redirected to /dev/null also. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Add Dropbear SSH support for lxc-busybox template Dropbear implements lightweight SSH2 server and client functionality and is likely to be included in embedded Linux distros. Signed-off-by: Purcareata Bogdan <B43198@freescale.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Update for consistent indent This commit updates all scripts using mixed indent to a consistent 4 spaces indent. In the past quite a few of those scripts used tabs to instead of 8 spaces or instead of 4 spaces, sometimes mixing those in the same line and sometimes changing the tab width within the same file. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

templates: Make generated config consistent This updates all the templates and the configuration files to consistently use "key = value" everywhere. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Create busybox commands as symlinks instead of hardlinks I was getting a "Too many links" error when creating a busybox container on a btrfs file system. This change has the template create the links as symlinks instead. It also generates the list of commands to be symlinked from busybox itself instead of a hardcoded list in the template. Also set the root password to root, to match what other templates do. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Fix busybox template to not have extra aa_profile hunk Both 69d66f1e and f02ce27d added the aa_profile = unconfined hunk, but only the first was needed, maybe a merge error? The second one causes the template to get an error on the EOF line. This essentially reverts f02ce27d. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Add lxc.aa_profile example to all templates LXC has optional apparmor support, default profile is lxc-container-default. This change adds a commented "lxc.aa_profile = default" line to all templates, uncommenting this will bypass apparmor for the container. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-create: Make location of container rootfs configurable Make 'dir' an explicit backing store type, which accepts '--dir rootfs' as an option to specify a custom location for the container rootfs. Also update lxc-destroy to now remove the rootfs separately, as removing @LXCPATH@/$name may not hit it. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

lxc-busybox: Use relative mounts in lxc.mount.entry To make it easier to clone/rename the container, replace hardcoded entries (with rootfs in the destination path) by rootfs-relative entries. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

busybox: for all lib dirs create mounts only if directories exist Signed-off-by: Stuart Yoder <stuart.yoder@freescale.com>

Add lxc.aa_profile example to all templates LXC has optional apparmor support, default profile is lxc-container-default. This change adds a commented "lxc.aa_profile = default" line to all templates, uncommenting this will bypass apparmor for the container. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-busybox.in: check separately that /usr/lib64 exists It's possible for only one of /lib64 and /usr/lib64 to exist, so adding both fstab entries can cause the busybox container to fail to start. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Fix paths in the lxc-busybox template Author of the patch : Jonathan Liu <???> posted as a bug fix on the lxc sourceforge website. OS: Arch Linux 32-bit /etc/init.d/rcS do not use full path to syslogd, mount and udhcpc executables. As busybox requires /proc mounted if CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe" to run these commands without full path, the full path should be used in the startup script as /proc is mounted later in the script. It also fails to start the machine if /lib64 does not exist on the host system as there is a mount entry for /lib64 in the config. The attached patch changes commands in /etc/init.d/rcS to use full path and adds a check for /lib64 on host before adding lib64 mount entries to config. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

fix busybox inittab template The inittab file format is wrong regarding how behaves busybox with this syntax. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

move script templates to an adequate place At present the lxc-{template} scripts are installed in the $bindir. This is not the right place as specified by the FHS, so they go to $libdir/lxc/templates. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>