src/lxc/lxc-netstat
src/lxc/lxc-ps
src/lxc/lxc-restart
-src/lxc/lxc-setcap
-src/lxc/lxc-setuid
src/lxc/lxc-shutdown
src/lxc/lxc-start
src/lxc/lxc-start-ephemeral
For detailed build instruction refer to INSTALL and man lxc man page
but a short command line should work:
- ./autogen.sh && ./configure && make && sudo make install && sudo lxc-setcap
+ ./autogen.sh && ./configure && make && sudo make install
preceded by ./autogen.sh if configure do not exist yet.
Getting help:
src/lxc/lxc-ps
src/lxc/lxc-netstat
src/lxc/lxc-checkconfig
- src/lxc/lxc-setcap
- src/lxc/lxc-setuid
src/lxc/lxc-version
src/lxc/lxc-create
src/lxc/lxc-clone
])
AC_CONFIG_COMMANDS([default],[[]],[[]])
AC_OUTPUT
-
-
-# Detect missing setcap binary
-AC_CHECK_PROG(SETCAP, setcap, yes, no, $PATH$PATH_SEPARATOR/sbin)
-if test "x$SETCAP" = "xno"; then
- AC_MSG_NOTICE([
-
-Warning:
---------
-
-The setcap binary was not found. This means the tools to set the
-privilege for the lxc commands are not available, that's ok, but you
-will need to run these commands as root or install libcap-2.
-
-])
-
-else
-
- AC_MSG_NOTICE([
-
-Advice:
--------
-
-If you wish to have a non root user to use the lxc tools,
-you can add the needed capabilities to the tools by invoking
-the 'lxc-setcap' script. To remove the capabilities, use
-'lxc-setcap -d'.
-])
-fi
lxc-ps \
lxc-netstat \
lxc-checkconfig \
- lxc-setcap \
- lxc-setuid \
lxc-version \
lxc-create \
lxc-clone \
+++ /dev/null
-#!/bin/sh
-
-#
-# lxc: linux Container library
-
-# Authors:
-# Daniel Lezcano <daniel.lezcano@free.fr>
-
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-#
-# This script allows to set or remove the capabilities on the lxc tools.
-# When the capabilities are set, a non root user can manage the containers.
-#
-
-. @DATADIR@/lxc/lxc.functions
-
-LXC_ATTACH_CAPS="cap_sys_admin,cap_dac_override"
-LXC_CREATE_CAPS="cap_sys_admin"
-LXC_NETSTAT_CAPS="cap_sys_admin"
-LXC_INIT_CAPS="cap_sys_admin,cap_dac_override"
-LXC_COMMON_CAPS="cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override"
-LXC_UNSHARE_CAPS=$LXC_COMMON_CAPS
-LXC_START_CAPS="$LXC_COMMON_CAPS,cap_fowner,cap_sys_chroot,cap_setpcap"
-LXC_EXECUTE_CAPS=$LXC_START_CAPS
-LXC_RESTART_CAPS="$LXC_START_CAPS,cap_mknod"
-LXC_CHECKPOINT_CAPS="$LXC_COMMON_CAPS,cap_sys_ptrace,cap_mknod"
-LXC_DROP_CAPS=""
-
-usage() {
- echo "usage: $(basename $0) [-d]" >&2
-}
-
-help() {
- usage
- echo >&2
- echo "Set or drop file capabilities on the lxc tools." >&2
- echo >&2
- echo "Options:" >&2
- echo " -d drop file capabilities" >&2
-}
-
-lxc_setcaps()
-{
- setcap $LXC_ATTACH_CAPS=ep @BINDIR@/lxc-attach
- setcap $LXC_CREATE_CAPS=ep @BINDIR@/lxc-create
- setcap $LXC_EXECUTE_CAPS=ep @BINDIR@/lxc-execute
- setcap $LXC_START_CAPS=ep @BINDIR@/lxc-start
- setcap $LXC_RESTART_CAPS=ep @BINDIR@/lxc-restart
- setcap $LXC_UNSHARE_CAPS=ep @BINDIR@/lxc-unshare
- setcap $LXC_NETSTAT_CAPS=ep @BINDIR@/lxc-netstat
- setcap $LXC_CHECKPOINT_CAPS=ep @BINDIR@/lxc-checkpoint
- setcap $LXC_INIT_CAPS=ep @LXCINITDIR@/lxc/lxc-init
-
- test -e $lxc_path || mkdir -p $lxc_path
- chmod 0777 $lxc_path
-}
-
-lxc_dropcaps()
-{
- setcap -r $bindir/lxc-attach
- setcap -r $bindir/lxc-create
- setcap -r $bindir/lxc-execute
- setcap -r $bindir/lxc-start
- setcap -r $bindir/lxc-restart
- setcap -r $bindir/lxc-unshare
- setcap -r $bindir/lxc-netstat
- setcap -r $bindir/lxc-checkpoint
- setcap -r $lxcinitdir/lxc/lxc-init
-
- chmod 0755 $lxc_path
-}
-
-usage_err() {
- [ -n "$1" ] && echo "$1" >&2
- usage
- exit 1
-}
-
-optarg_check() {
- if [ -z "$2" ]; then
- usage_err "option '$1' requires an argument"
- fi
-}
-
-while [ $# -gt 0 ]; do
- opt="$1"
- shift
- case "$opt" in
- -d)
- LXC_DROP_CAPS="yes"
- ;;
- -h|--help)
- help
- exit 0
- ;;
- --)
- break
- ;;
- -?)
- usage_err "unknown option '$opt'"
- ;;
- -*)
- # split opts -abc into -a -b -c
- set -- $(echo "${opt#-}" | sed 's/\(.\)/ -\1/g') "$@"
- ;;
- *)
- usage
- exit 1
- ;;
- esac
-done;
-
-if [ "$(id -u)" != "0" ]; then
- echo "$(basename $0): must be run as root" >&2
- exit 1
-fi
-
-if [ -z "$LXC_DROP_CAPS" ]; then
- lxc_setcaps
-else
- lxc_dropcaps
-fi
+++ /dev/null
-#!/bin/sh
-
-#
-# lxc: linux Container library
-
-# Authors:
-# Daniel Lezcano <daniel.lezcano@free.fr>
-
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-#
-# This script allows to set or remove the setuid execution bit on the lxc tools.
-# When the capabilities are set, a non root user can manage the containers.
-#
-
-. @DATADIR@/lxc/lxc.functions
-
-usage() {
- echo "usage: $(basename $0) [-d]" >&2
-}
-
-help() {
- usage
- echo >&2
- echo "Set or drop the setuid attribute on the lxc tools." >&2
- echo >&2
- echo "Options:" >&2
- echo " -d drop the setuid attribute" >&2
-}
-
-setuid()
-{
- if [ "$1" = "-r" ]; then
- chmod -s $2
- else
- chmod +s $1
- fi
-}
-
-lxc_setuid()
-{
- setuid $bindir/lxc-attach
- setuid $bindir/lxc-create
- setuid $bindir/lxc-execute
- setuid $bindir/lxc-start
- setuid $bindir/lxc-restart
- setuid $bindir/lxc-unshare
- setuid $bindir/lxc-netstat
- setuid $bindir/lxc-checkpoint
- setuid $lxcinitdir/lxc-init
-
- test -e $lxc_path || mkdir -p $lxc_path
- chmod 0777 $lxc_path
-}
-
-lxc_dropuid()
-{
- setuid -r $bindir/lxc-attach
- setuid -r $bindir/lxc-create
- setuid -r $bindir/lxc-execute
- setuid -r $bindir/lxc-start
- setuid -r $bindir/lxc-restart
- setuid -r $bindir/lxc-unshare
- setuid -r $bindir/lxc-netstat
- setuid -r $bindir/lxc-checkpoint
- setuid -r $lxcinitdir/lxc-init
-
- chmod 0755 $lxc_path
-}
-
-usage_err() {
- [ -n "$1" ] && echo "$1" >&2
- usage
- exit 1
-}
-
-optarg_check() {
- if [ -z "$2" ]; then
- usage_err "option '$1' requires an argument"
- fi
-}
-
-while [ $# -gt 0 ]; do
- opt="$1"
- shift
- case "$opt" in
- -d)
- LXC_DROP_CAPS="yes"
- ;;
- -h|--help)
- help
- exit 0
- ;;
- --)
- break
- ;;
- -?)
- usage_err "unknown option '$opt'"
- ;;
- -*)
- # split opts -abc into -a -b -c
- set -- $(echo "${opt#-}" | sed 's/\(.\)/ -\1/g') "$@"
- ;;
- *)
- usage
- exit 1
- ;;
- esac
-done;
-
-if [ "$(id -u)" != "0" ]; then
- echo "$(basename $0): must be run as root" >&2
- exit 1
-fi
-
-if [ -z "$LXC_DROP_CAPS" ]; then
- lxc_setuid
-else
- lxc_dropuid
-fi
projects / thirdparty / lxc.git / commitdiff
