From: Alexander Vladimirov Date: Thu, 26 Jun 2014 07:43:11 +0000 (+0800) Subject: lxc-archlinux.in: update securetty when lxc.devttydir is set X-Git-Tag: lxc-1.1.0.alpha1~20 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=23cc88bae05f790dcdfa9f511bbb60b2225692be;p=thirdparty%2Flxc.git lxc-archlinux.in: update securetty when lxc.devttydir is set Update container's /etc/securetty to allow console logins when lxc.devttydir is not empty. Also use config entries provided by shared and common configuration files. Signed-off-by: Alexander Vladimirov Acked-by: Stéphane Graber --- diff --git a/config/templates/archlinux.common.conf.in b/config/templates/archlinux.common.conf.in index 7c950e7a1..0be195886 100644 --- a/config/templates/archlinux.common.conf.in +++ b/config/templates/archlinux.common.conf.in @@ -17,6 +17,9 @@ lxc.stopsignal=SIGRTMIN+14 # Mount entries lxc.mount.auto = proc:mixed sys:ro +# Uncomment to disable creating tty devices subdirectory in /dev +# lxc.devttydir = + # Capabilities # Uncomment these if you don't run anything that needs the capability, and # would like the container to run with less privilege. diff --git a/templates/lxc-archlinux.in b/templates/lxc-archlinux.in index a95564b16..ceaff90b7 100644 --- a/templates/lxc-archlinux.in +++ b/templates/lxc-archlinux.in @@ -44,6 +44,7 @@ default_path="@LXCPATH@" default_locale="en-US.UTF-8" default_timezone="UTC" pacman_config="/etc/pacman.conf" +common_config="@LXCTEMPLATECONFIG@/common.conf" shared_config="@LXCTEMPLATECONFIG@/archlinux.common.conf" # by default, install 'base' except the kernel @@ -107,11 +108,23 @@ pacman-key --init pacman-key --populate archlinux EOF # enable getty on active ttys - nttys=$(grep lxc.tty ${config_path}/config | cut -d= -f 2 | tr -d "[:blank:]") + local nttys=$(cat "${config_path}/config" ${shared_config} ${common_config} | grep "^lxc.tty" | head -n1 | cut -d= -f2 | tr -d "[:blank:]") + local devttydir=$(cat "${config_path}/config" ${shared_config} ${common_config} | grep "^lxc.devttydir" | head -n1 | cut -d= -f2 | tr -d "[:blank:]") + local devtty="" + # bind getty instances to /dev//tty* if lxc.devttydir is set + [ -n "${devttydir}" ] && devtty="${devttydir}-" if [ ${nttys:-0} -gt 1 ]; then - ( cd ${rootfs_path}/etc/systemd/system/getty.target.wants - for i in $(seq 1 $nttys); do ln -sf ../getty\@.service getty@tty${i}.service; done ) + ( cd "${rootfs_path}/etc/systemd/system/getty.target.wants" + for i in $(seq 1 $nttys); do ln -sf "../getty@.service" "getty@${devtty}tty${i}.service"; done ) fi + # update securetty to allow console login if devttydir is set + if [ -n "${devttydir}" ]; then + for i in $(seq 1 ${nttys:-1}); do + echo "${devttydir}/tty${i}" >> "${rootfs_path}/etc/securetty" + done + fi + [ -n "${devttydir}" ] && echo "${devttydir}/console" >> "${rootfs_path}/etc/securetty" + # Arch default configuration allows only tty1-6 for login [ ${nttys:-0} -gt 6 ] && echo \ "You may want to modify container's /etc/securetty \ file to allow root logins on tty7 and higher"