-configdir = $(sysconfdir)/lxc
-config_DATA = default.conf
-distroconf = @LXC_DISTRO_CONF@
-
-EXTRA_DIST = default.conf.ubuntu default.conf.libvirt default.conf.unknown
-
-default.conf:
- cp $(distroconf) $@
-
-clean-local:
- @$(RM) -f default.conf
-
-distclean-local:
- @$(RM) -f default.conf
- @$(RM) -f compile config.guess config.sub depcomp install-sh ltmain.sh missing Makefile.in Makefile
+SUBDIRS = etc templates
--- /dev/null
+configdir = $(sysconfdir)/lxc
+config_DATA = default.conf
+distroconf = @LXC_DISTRO_CONF@
+
+EXTRA_DIST = default.conf.ubuntu default.conf.libvirt default.conf.unknown
+
+default.conf:
+ cp $(distroconf) $@
+
+clean-local:
+ @$(RM) -f default.conf
+
+distclean-local:
+ @$(RM) -f default.conf
+ @$(RM) -f compile config.guess config.sub depcomp install-sh ltmain.sh missing Makefile.in Makefile
--- /dev/null
+templatesconfigdir=@LXCTEMPLATECONFIG@
+
+templatesconfig_DATA = \
+ ubuntu-cloud.common.conf \
+ ubuntu-cloud.lucid.conf \
+ ubuntu-cloud.userns.conf \
+ ubuntu.common.conf \
+ ubuntu.lucid.conf
--- /dev/null
+# This derives from the main Ubuntu config
+lxc.include = @LXCTEMPLATECONFIG@/ubuntu.common.conf
+
+lxc.hook.clone = @LXCHOOKDIR@/ubuntu-cloud-prep
--- /dev/null
+# This derives from the main Ubuntu lucid config
+lxc.include = @LXCTEMPLATECONFIG@/ubuntu.lucid.conf
--- /dev/null
+# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices
+lxc.cgroup.devices.deny =
+lxc.cgroup.devices.allow =
+
+# We can't move bind-mounts, so don't use /dev/lxc/
+lxc.devttydir =
+
+# Extra bind-mounts for userns
+lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
+lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
+lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
+lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
+
+# Extra fstab entries as mountall can't mount those by itself
+lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0
+lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none bind,optional 0 0
--- /dev/null
+# Default pivot location
+lxc.pivotdir = lxc_putold
+
+# Default mount entries
+lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
+lxc.mount.entry = sysfs sys sysfs defaults 0 0
+lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
+lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0
+lxc.mount.entry = /sys/kernel/security sys/kernel/security none bind,optional 0 0
+lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0
+
+# Default console settings
+lxc.devttydir = lxc
+lxc.tty = 4
+lxc.pts = 1024
+
+# Default capabilities
+lxc.cap.drop = sys_module mac_admin mac_override sys_time
+
+# Default cgroup limits
+lxc.cgroup.devices.deny = a
+## Allow any mknod (but not using the node)
+lxc.cgroup.devices.allow = c *:* m
+lxc.cgroup.devices.allow = b *:* m
+## /dev/null and zero
+lxc.cgroup.devices.allow = c 1:3 rwm
+lxc.cgroup.devices.allow = c 1:5 rwm
+## consoles
+lxc.cgroup.devices.allow = c 5:0 rwm
+lxc.cgroup.devices.allow = c 5:1 rwm
+## /dev/{,u}random
+lxc.cgroup.devices.allow = c 1:8 rwm
+lxc.cgroup.devices.allow = c 1:9 rwm
+## /dev/pts/*
+lxc.cgroup.devices.allow = c 5:2 rwm
+lxc.cgroup.devices.allow = c 136:* rwm
+## rtc
+lxc.cgroup.devices.allow = c 254:0 rm
+## fuse
+lxc.cgroup.devices.allow = c 10:229 rwm
+## tun
+lxc.cgroup.devices.allow = c 10:200 rwm
+## full
+lxc.cgroup.devices.allow = c 1:7 rwm
+## hpet
+lxc.cgroup.devices.allow = c 10:228 rwm
+## kvm
+lxc.cgroup.devices.allow = c 10:232 rwm
--- /dev/null
+# Ubuntu 10.04 LTS doesn't have /dev/lxc/
+lxc.devttydir =
AS_AC_EXPAND(LXC_USERNIC_DB, "$with_usernic_db")
AS_AC_EXPAND(LXCROOTFSMOUNT, "$with_rootfs_path")
AS_AC_EXPAND(LXCTEMPLATEDIR, "$datadir/lxc/templates")
+AS_AC_EXPAND(LXCTEMPLATECONFIG, "$datadir/lxc/config")
AS_AC_EXPAND(LXCHOOKDIR, "$datadir/lxc/hooks")
AS_AC_EXPAND(LXCINITDIR, "$libexecdir")
AS_AC_EXPAND(LOGPATH, "$with_log_path")
Makefile
lxc.pc
lxc.spec
+
config/Makefile
+ config/etc/Makefile
+ config/templates/Makefile
+ config/templates/ubuntu-cloud.common.conf
+ config/templates/ubuntu-cloud.lucid.conf
+ config/templates/ubuntu-cloud.userns.conf
+ config/templates/ubuntu.common.conf
+ config/templates/ubuntu.lucid.conf
doc/Makefile
doc/api/Makefile
fprintf(f, "%02x", md_value[i]);
fprintf(f, "\n");
#endif
+ fprintf(f, "# For additional config options, please look at lxc.conf(5)\n");
if (fwrite(contents, 1, flen, f) != flen) {
SYSERROR("Writing original contents");
free(contents);
STATE_DIR="@LOCALSTATEDIR@"
HOOK_DIR="@LXCHOOKDIR@"
CLONE_HOOK_FN="$HOOK_DIR/ubuntu-cloud-prep"
+LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"
if [ -r /etc/default/lxc ]; then
. /etc/default/lxc
grep -q "^lxc.network.hwaddr" $path/config || sed -i -e "/^lxc\.network\.type[ \t]*=[ \t]*veth/a lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" $path/config
fi
- grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
- cat <<EOF >> $path/config
-lxc.mount = $path/fstab
-lxc.pivotdir = lxc_putold
-
-lxc.devttydir =$ttydir
-lxc.tty = 4
-lxc.pts = 1024
-
-lxc.utsname = $name
-lxc.arch = $arch
-lxc.cap.drop = sys_module mac_admin mac_override sys_time
+ # Generate the configuration file
+ ## Create the fstab (empty by default)
+ touch $path/fstab
-# When using LXC with apparmor, uncomment the next line to run unconfined:
-#lxc.aa_profile = unconfined
+ ## Relocate all the network config entries
+ sed -i -e "/lxc.network/{w ${path}/config-network" -e "d}" $path/config
-# To support container nesting on an Ubuntu host, uncomment next two lines:
-#lxc.aa_profile = lxc-container-default-with-nesting
-#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
+ ## Relocate any other config entries
+ sed -i -e "/lxc./{w ${path}/config-auto" -e "d}" $path/config
-lxc.hook.clone = ${CLONE_HOOK_FN}
-EOF
-
- # can't write to devices.deny without CAP_SYS_ADMIN in init-user-ns
- if [ $in_userns -ne 1 ]; then
- cat <<EOF >> $path/config
-lxc.cgroup.devices.deny = a
-# Allow any mknod (but not using the node)
-lxc.cgroup.devices.allow = c *:* m
-lxc.cgroup.devices.allow = b *:* m
-# /dev/null and zero
-lxc.cgroup.devices.allow = c 1:3 rwm
-lxc.cgroup.devices.allow = c 1:5 rwm
-# consoles
-lxc.cgroup.devices.allow = c 5:1 rwm
-lxc.cgroup.devices.allow = c 5:0 rwm
-# /dev/{,u}random
-lxc.cgroup.devices.allow = c 1:9 rwm
-lxc.cgroup.devices.allow = c 1:8 rwm
-lxc.cgroup.devices.allow = c 136:* rwm
-lxc.cgroup.devices.allow = c 5:2 rwm
-# rtc
-lxc.cgroup.devices.allow = c 254:0 rm
-# fuse
-lxc.cgroup.devices.allow = c 10:229 rwm
-# tun
-lxc.cgroup.devices.allow = c 10:200 rwm
-# full
-lxc.cgroup.devices.allow = c 1:7 rwm
-# hpet
-lxc.cgroup.devices.allow = c 10:228 rwm
-# kvm
-lxc.cgroup.devices.allow = c 10:232 rwm
-EOF
+ ## Add all the includes
+ echo "" >> $path/config
+ echo "# Common configuration" >> $path/config
+ if [ -e "${LXC_TEMPLATE_CONFIG}/ubuntu-cloud.common.conf" ]; then
+ echo "lxc.include = ${LXC_TEMPLATE_CONFIG}/ubuntu-cloud.common.conf" >> $path/config
+ fi
+ if [ -e "${LXC_TEMPLATE_CONFIG}/ubuntu-cloud.${release}.conf" ]; then
+ echo "lxc.include = ${LXC_TEMPLATE_CONFIG}/ubuntu-cloud.${release}.conf" >> $path/config
+ fi
+ if [ $in_userns -eq 1 ] && [ -e "${LXC_TEMPLATE_CONFIG}/ubuntu-cloud.userns.conf" ]; then
+ echo "lxc.include = ${LXC_TEMPLATE_CONFIG}/ubuntu-cloud.userns.conf" >> $path/config
fi
- cat <<EOF > $path/fstab
-proc proc proc nodev,noexec,nosuid 0 0
-sysfs sys sysfs defaults 0 0
-/sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
-/sys/kernel/debug sys/kernel/debug none bind,optional 0 0
-/sys/kernel/security sys/kernel/security none bind,optional 0 0
-/sys/fs/pstore sys/fs/pstore none bind,optional 0 0
+ ## Add the container-specific config
+ echo "" >> $path/config
+ echo "# Container specific configuration" >> $path/config
+ [ -e "$path/config-auto" ] && cat $path/config-auto >> $path/config && rm $path/config-auto
+ grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
+ cat <<EOF >> $path/config
+lxc.mount = $path/fstab
+lxc.utsname = $name
+lxc.arch = $arch
EOF
- # unprivileged user can't mknod these. One day we may allow
- # that in the kernel, but not right now. So let's just bind
- # mount the files from the host.
- if [ $in_userns -eq 1 ]; then
- mkdir -p $rootfs/dev/pts
- for dev in null tty urandom console; do
- touch $rootfs/dev/$dev
- echo "/dev/$dev dev/$dev none bind 0 0" >> $path/fstab
- done
- fi
+ ## Re-add the previously removed network config
+ echo "" >> $path/config
+ echo "# Network configuration" >> $path/config
+ cat $path/config-network >> $path/config
+ rm $path/config-network
# Set initial timezone as on host
if [ -f /etc/timezone ]; then
cd $rootfs
if [ $in_userns -eq 1 ]; then
tar --anchored --exclude="dev/*" --numeric-owner -xpzf "$cache/$filename"
+ mkdir -p $cache/$filename/dev/pts/
else
tar --numeric-owner -xpzf "$cache/$filename"
fi
set -e
-LOCALSTATEDIR=@LOCALSTATEDIR@
+LOCALSTATEDIR="@LOCALSTATEDIR@"
+LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"
if [ -r /etc/default/lxc ]; then
. /etc/default/lxc
arch="i686"
fi
- ttydir=""
- if [ -f $rootfs/etc/init/container-detect.conf ]; then
- ttydir=" lxc"
- fi
-
# if there is exactly one veth network entry, make sure it has an
# associated hwaddr.
nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
grep -q "^lxc.network.hwaddr" $path/config || sed -i -e "/^lxc\.network\.type[ \t]*=[ \t]*veth/a lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" $path/config
fi
+ # Generate the configuration file
+ ## Create the fstab (empty by default)
+ touch $path/fstab
+
+ ## Relocate all the network config entries
+ sed -i -e "/lxc.network/{w ${path}/config-network" -e "d}" $path/config
+
+ ## Relocate any other config entries
+ sed -i -e "/lxc./{w ${path}/config-auto" -e "d}" $path/config
+
+ ## Add all the includes
+ echo "" >> $path/config
+ echo "# Common configuration" >> $path/config
+ if [ -e "${LXC_TEMPLATE_CONFIG}/ubuntu.common.conf" ]; then
+ echo "lxc.include = ${LXC_TEMPLATE_CONFIG}/ubuntu.common.conf" >> $path/config
+ fi
+ if [ -e "${LXC_TEMPLATE_CONFIG}/ubuntu.${release}.conf" ]; then
+ echo "lxc.include = ${LXC_TEMPLATE_CONFIG}/ubuntu.${release}.conf" >> $path/config
+ fi
+
+ ## Add the container-specific config
+ echo "" >> $path/config
+ echo "# Container specific configuration" >> $path/config
+ [ -e "$path/config-auto" ] && cat $path/config-auto >> $path/config && rm $path/config-auto
grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
cat <<EOF >> $path/config
lxc.mount = $path/fstab
-lxc.pivotdir = lxc_putold
-
-lxc.devttydir =$ttydir
-lxc.tty = 4
-lxc.pts = 1024
-
lxc.utsname = $name
lxc.arch = $arch
-lxc.cap.drop = sys_module mac_admin mac_override sys_time
-
-# When using LXC with apparmor, uncomment the next line to run unconfined:
-#lxc.aa_profile = unconfined
-
-# To support container nesting on an Ubuntu host, uncomment next two lines:
-#lxc.aa_profile = lxc-container-default-with-nesting
-#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
-
-lxc.cgroup.devices.deny = a
-# Allow any mknod (but not using the node)
-lxc.cgroup.devices.allow = c *:* m
-lxc.cgroup.devices.allow = b *:* m
-# /dev/null and zero
-lxc.cgroup.devices.allow = c 1:3 rwm
-lxc.cgroup.devices.allow = c 1:5 rwm
-# consoles
-lxc.cgroup.devices.allow = c 5:1 rwm
-lxc.cgroup.devices.allow = c 5:0 rwm
-# /dev/{,u}random
-lxc.cgroup.devices.allow = c 1:9 rwm
-lxc.cgroup.devices.allow = c 1:8 rwm
-lxc.cgroup.devices.allow = c 136:* rwm
-lxc.cgroup.devices.allow = c 5:2 rwm
-# rtc
-lxc.cgroup.devices.allow = c 254:0 rm
-# fuse
-lxc.cgroup.devices.allow = c 10:229 rwm
-# tun
-lxc.cgroup.devices.allow = c 10:200 rwm
-# full
-lxc.cgroup.devices.allow = c 1:7 rwm
-# hpet
-lxc.cgroup.devices.allow = c 10:228 rwm
-# kvm
-lxc.cgroup.devices.allow = c 10:232 rwm
EOF
- cat <<EOF > $path/fstab
-proc proc proc nodev,noexec,nosuid 0 0
-sysfs sys sysfs defaults 0 0
-/sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
-/sys/kernel/debug sys/kernel/debug none bind,optional 0 0
-/sys/kernel/security sys/kernel/security none bind,optional 0 0
-/sys/fs/pstore sys/fs/pstore none bind,optional 0 0
-EOF
+ ## Re-add the previously removed network config
+ echo "" >> $path/config
+ echo "# Network configuration" >> $path/config
+ cat $path/config-network >> $path/config
+ rm $path/config-network
if [ $? -ne 0 ]; then
echo "Failed to add configuration"
projects / thirdparty / lxc.git / commitdiff
