--- /dev/null
+# This derives from the global common config
+lxc.include = @LXCTEMPLATECONFIG@/common.conf
+
+# Allow for 6 tty devices by default
+lxc.tty = 6
+
+# Set $VIRTUALIZATION so runit doesn't try to mount filesystems or start udevd
+lxc.environment=VIRTUALIZATION=lxc
+
+# Set the halt/stop signals
+lxc.haltsignal=SIGCONT
+
+
+# Uncomment to disable creating tty devices subdirectory in /dev
+# lxc.devttydir =
+
+# Capabilities
+# Uncomment these if you don't run anything that needs the capability, and
+# would like the container to run with less privilege.
+#
+# Dropping sys_admin disables container root from doing a lot of things
+# that could be bad like re-mounting lxc fstab entries rw for example,
+# but also disables some useful things like being able to nfs mount, and
+# things that are already namespaced with ns_capable() kernel checks, like
+# hostname(1).
+# lxc.cap.drop = sys_admin
+# lxc.cap.drop = net_raw # breaks dhcp/ping
+# lxc.cap.drop = setgid # breaks login (initgroups/setgroups)
+# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd)
+# lxc.cap.drop = setuid # breaks sshd,nfs statd
+# lxc.cap.drop = audit_control # breaks sshd (set_loginuid failed)
+# lxc.cap.drop = audit_write
+# lxc.cap.drop = setpcap # big big login delays in Fedora 20 systemd
+#
+lxc.cap.drop = setfcap sys_nice sys_pacct sys_rawio
--- /dev/null
+#!/usr/bin/bash
+
+#
+# template script for generating Void Linux container for LXC
+#
+
+#
+# lxc: linux Container library
+
+# Authors:
+# Gregor Reitzenstein <dean4devil@paranoidlabs.org>
+
+# Based on lxc-archlinux template by:
+# Alexander Vladimirov <alexander.idkfa.vladimirov@gmail.com>
+# John Lane <lxc@jelmail.com>
+
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+# Utility functions
+
+# Check if array $2 contains item $1
+containsElement() {
+ local e
+ for e in "${@:2}"; do [[ "$1" == "$e" ]] && return 0; done
+ return 1
+}
+
+# split comma-separated string into an array
+# ${1} - string to split
+# ${2} - separator (default is ",")
+# ${result} - result value on success
+split_string() {
+ local ifs=${IFS}
+ IFS="${2:-,}"
+ read -ra result < <(echo "${1}")
+ IFS=${ifs}
+ return 0
+}
+
+# Make sure the usual locations are in PATH
+export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
+
+# defaults
+default_path="/var/lib/lxc"
+default_path="@LXCPATH@"
+shared_config="@LXCTEMPLATECONFIG@/voidlinux.common.conf"
+userns_config="@LXCTEMPLATECONFIG@/voidlinux.userns.conf"
+
+pkg_blacklist=("linux>=0" "e2fsprogs>=0" "btrfs-progs>=0" "xfsprogs>=0" "f2fs-tools>=0" "dosfstools>=0")
+base_packages=()
+for pkg in $(xbps-query -Mv --repository="http://repo2.voidlinux.eu/current/" -x base-system); do
+ containsElement "$pkg" "${pkg_blacklist[@]}" || base_packages+=($pkg)
+done
+declare -a additional_packages
+
+copy_configuration() {
+ mkdir -p "${config_path}"
+ local config="${config_path}/config"
+ echo "lxc.utsname = ${name}" >> "${config}"
+ grep -q "^lxc.rootfs" "${config}" 2>/dev/null \
+ || echo "lxc.rootfs = ${rootfs_path}" >> "${config}"
+
+ # Detect if were in a UserNS and include the right config
+ if [ -z "${LXC_MAPPED_GID+x}" ] || [ -z "${LXC_MAPPED_UID+x}" ]; then
+ echo "lxc.include = ${userns_config}" >> "${config}"
+ else
+ echo "lxc.include = ${shared_config}" >> "${config}"
+ fi
+
+ if [ $? -ne 0 ]; then
+ echo "Failed to configure container"
+ return 1
+ fi
+ return 0
+}
+
+install_void() {
+ if ! yes | xbps-install -Sy -R http://repo2.voidlinux.eu/current -r "${rootfs_path}" "${base_packages[@]}"
+ then
+ echo "Failed to install container packages"
+ return 1
+ fi
+}
+
+usage() {
+ cat <<EOF
+usage:
+ ${1} -n|--name=<container_name> [-p|--path=<path>] [-a|--arch=<arch of the container>]
+ [-r|--root_password=<root password>] [-P|--packages=<pkg1,pkg2,...>] [-h|--help]
+
+Mandatory args:
+ -n,--name container name, used to as an identifier for that container from now on
+Optional args:
+ -p,--path path to where the container rootfs will be created (${default_path})
+ --rootfs path for actual container rootfs, (${default_path}/rootfs)
+ -P,--packages preinstall additional packages, comma-separated list
+ -c,--config use specified pacman config when installing container packages
+ -a,--arch use specified architecture instead of host's architecture
+ -r,--root_password set container root password
+ -h,--help print this help
+EOF
+ return 0
+}
+
+options=$(getopt -o hp:P:n:c:r: -l help,rootfs:,path:,packages:,name:,config:,root_password:,mapped-uid:,mapped-gid: -- "${@}")
+if [ ${?} -ne 0 ]; then
+ usage "$(basename "${0}")"
+ exit 1
+fi
+eval set -- "${options}"
+
+while true
+do
+ case "${1}" in
+ -h|--help) usage "${0}" && exit 0;;
+ -p|--path) path=${2}; shift 2;;
+ -n|--name) name=${2}; shift 2;;
+ -c|--config) config_path=${2}; shift 2;;
+ --rootfs) rootfs_path=${2}; shift 2;;
+ -P|--packages) additional_packages=${2}; shift 2;;
+ -r|--root_password) root_passwd=${2}; shift 2;;
+ --mapped-uid) LXC_MAPPED_UID=$2; shift 2;;
+ --mapped-gid) LXC_MAPPED_GID=$2; shift 2;;
+ --) shift 1; break ;;
+ *) break ;;
+ esac
+done
+
+if [ -z "${name}" ]; then
+ echo "missing required 'name' parameter"
+ exit 1
+fi
+
+type xbps-install >/dev/null 2>&1
+if [ ${?} -ne 0 ]; then
+ echo "'xbps-install' command is missing."
+fi
+type xbps-query >/dev/null 2>&1
+if [ ${?} -ne 0 ]; then
+ echo "'xbps-query' command is missing."
+fi
+
+if [ -z "${rootfs_path}" ]; then
+ rootfs_path="${path}/rootfs"
+fi
+config_path="${path}"
+
+revert() {
+ echo "Interrupted, cleaning up"
+ lxc-destroy -n "${name}"
+ rm -rf "${path:?}/${name}"
+ rm -rf "${default_path:?}/${name}"
+ exit 1
+}
+trap revert SIGHUP SIGINT SIGTERM
+
+copy_configuration
+if [ $? -ne 0 ]; then
+ echo "Failed to write configuration file"
+ rm -rf "${config_path}"
+ exit 1
+fi
+
+if [ ${#additional_packages[@]} -gt 0 ]; then
+ split_string "${additional_packages}"
+ base_packages+=(${result[@]})
+fi
+
+mkdir -p "${rootfs_path}"
+install_void
+if [ ${?} -ne 0 ]; then
+ echo "Failed to install Void Linux"
+ rm -rf "${config_path}" "${path}"
+ exit 1
+fi
+
+
+
+if [ -n "${root_passwd}" ]; then
+ echo "root:${root_passwd}" | chroot "${rootfs_path}" chpasswd
+fi
+
+cat << EOF
+Void Linux Container ${name} has been successfully created. The configuration is
+stored in ${config_path}/config. Please refer to https://wiki.voidlinux.eu for
+information regarding Void Linux.
+EOF
projects / thirdparty / lxc.git / commitdiff
