lxc-busybox.in revision 7a409fd5167ecdcbf33a64f1cf9202dc051f0dcf
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek# lxc: linux Container library
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek# Daniel Lezcano <daniel.lezcano@free.fr>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek# This library is free software; you can redistribute it and/or
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek# modify it under the terms of the GNU Lesser General Public
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek# License as published by the Free Software Foundation; either
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek# version 2.1 of the License, or (at your option) any later version.
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek# This library is distributed in the hope that it will be useful,
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek# but WITHOUT ANY WARRANTY; without even the implied warranty of
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek# Lesser General Public License for more details.
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek# You should have received a copy of the GNU Lesser General Public
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek# License along with this library; if not, write to the Free Software
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek mkdir -p $tree || return 1
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek chmod 755 $tree || return 1
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek pushd $rootfs/dev > /dev/null || return 1
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekroot:x:0:0:root:/root:/bin/sh
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekroot:x:0:root
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek/bin/mount -a
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek chmod 744 $rootfs/etc/init.d/rcS || return 1
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekshm /dev/shm tmpfs defaults 0 0
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek chmod 644 $rootfs/etc/fstab || return 1
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek # launch rcS first then make a console available
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek # and propose a shell on the tty, the last one is
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek::sysinit:/etc/init.d/rcS
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozektty1::respawn:/bin/getty -L tty1 115200 vt100
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekconsole::askfirst:/bin/sh
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek chmod 644 $rootfs/etc/inittab || return 1
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek cat <<EOF >> $rootfs/usr/share/udhcpc/default.script
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekcase "\$1" in
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek ip addr flush dev \$interface
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek renew|bound)
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek # flush all the routes
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek if [ -n "\$router" ]; then
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek ip route del default 2> /dev/null
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek # check broadcast
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek if [ -n "\$broadcast" ]; then
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek broadcast="broadcast \$broadcast"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek # add a new ip address
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek ip addr add \$ip/\$mask \$broadcast dev \$interface
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek if [ -n "\$router" ]; then
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek ip route add default via \$router dev \$interface
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek [ -n "\$domain" ] && echo search \$domain > /etc/resolv.conf
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek for i in \$dns ; do
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek echo nameserver \$i >> /etc/resolv.conf
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek chmod 744 $rootfs/usr/share/udhcpc/default.script
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek if [ $? -ne 0 ]; then
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek file $(which busybox) | grep -q "statically linked"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek if [ $? -ne 0 ]; then
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek echo "warning : busybox is not statically linked."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek echo "warning : The template script may not correctly"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek echo "warning : setup the container environment."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek if [ $? -ne 0 ]; then
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek # it would be nice to just use "chroot $rootfs busybox --install -s /bin"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek # but that only works right in a chroot with busybox >= 1.19.0
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek pushd $rootfs/bin > /dev/null || return 1
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek ./busybox --help | grep 'Currently defined functions:' -A300 | \
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek grep -v 'Currently defined functions:' | tr , '\n' | \
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekecho "setting root password to \"root\""
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmount -n --bind /lib $rootfs/lib
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekif [ \$? -ne 0 ]; then
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek echo "Failed bind-mounting /lib at $rootfs/lib"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekchroot $rootfs chpasswd <<EOFF 2>/dev/null
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekif [ \$? -ne 0 ]; then
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek echo "Failed to change root password"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekumount $rootfs/lib
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek # add ssh functionality if dropbear package available on host
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek if [ $? -eq 0 ]; then
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek if [ $? -ne 0 ]; then
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek echo $utils | xargs -n1 ln -s /usr/sbin/dropbear
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key &> /dev/null
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key &> /dev/null
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekgrep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozeklxc.utsname = $name
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozeklxc.cap.drop = sys_module mac_admin mac_override sys_time
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek# When using LXC with apparmor, uncomment the next line to run unconfined:
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#lxc.aa_profile = unconfined
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek if [ -d "/$dir" ] && [ -d "$rootfs/$dir" ]; then
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >> $path/config
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek echo "lxc.mount.entry = /sys/kernel/security sys/kernel/security none ro,bind 0 0" >>$path/config
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek echo "lxc.mount.auto = proc:mixed sys" >>$path/config
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek$1 -h|--help -p|--path=<path>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekoptions=$(getopt -o hp:n: -l help,rootfs:,path:,name: -- "$@")
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek --) shift 1; break ;;
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek echo "This script should be run as 'root'"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekif [ -z "$path" ]; then
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek echo "'path' parameter is required"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek# detect rootfs
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekif [ -z "$rootfs" ]; then
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek echo "failed to install busybox's rootfs"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek echo "failed to configure busybox template"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek echo "failed to write configuration file"