diff options
| -rw-r--r--[-rwxr-xr-x] | lxc/.footprint | 8 | ||||
| -rw-r--r-- | lxc/.signature | 10 | ||||
| -rw-r--r-- | lxc/Pkgfile | 20 | ||||
| -rw-r--r-- | lxc/README | 93 | ||||
| -rw-r--r-- | lxc/man-pages.tar.xz | bin | 29064 -> 34972 bytes | |||
| -rw-r--r-- | lxc/post-install | 9 |
6 files changed, 122 insertions, 18 deletions
diff --git a/lxc/.footprint b/lxc/.footprint index bdcfdc893..3c156c940 100755..100644 --- a/lxc/.footprint +++ b/lxc/.footprint @@ -49,8 +49,8 @@ drwxr-xr-x root/root usr/lib/ -rw-r--r-- root/root usr/lib/liblxc.a -rwxr-xr-x root/root usr/lib/liblxc.la lrwxrwxrwx root/root usr/lib/liblxc.so -> liblxc.so.1 -lrwxrwxrwx root/root usr/lib/liblxc.so.1 -> liblxc.so.1.6.0 --rwxr-xr-x root/root usr/lib/liblxc.so.1.6.0 +lrwxrwxrwx root/root usr/lib/liblxc.so.1 -> liblxc.so.1.7.0 +-rwxr-xr-x root/root usr/lib/liblxc.so.1.7.0 drwxr-xr-x root/root usr/lib/lxc/ drwxr-xr-x root/root usr/lib/lxc/hooks/ -rwxr-xr-x root/root usr/lib/lxc/hooks/unmount-namespace @@ -99,9 +99,9 @@ drwxr-xr-x root/root usr/share/man/man1/ -rw-r--r-- root/root usr/share/man/man1/lxc-cgroup.1.gz -rw-r--r-- root/root usr/share/man/man1/lxc-checkconfig.1.gz -rw-r--r-- root/root usr/share/man/man1/lxc-checkpoint.1.gz --rw-r--r-- root/root usr/share/man/man1/lxc-clone.1.gz -rw-r--r-- root/root usr/share/man/man1/lxc-config.1.gz -rw-r--r-- root/root usr/share/man/man1/lxc-console.1.gz +-rw-r--r-- root/root usr/share/man/man1/lxc-copy.1.gz -rw-r--r-- root/root usr/share/man/man1/lxc-create.1.gz -rw-r--r-- root/root usr/share/man/man1/lxc-destroy.1.gz -rw-r--r-- root/root usr/share/man/man1/lxc-device.1.gz @@ -111,12 +111,12 @@ drwxr-xr-x root/root usr/share/man/man1/ -rw-r--r-- root/root usr/share/man/man1/lxc-ls.1.gz -rw-r--r-- root/root usr/share/man/man1/lxc-monitor.1.gz -rw-r--r-- root/root usr/share/man/man1/lxc-snapshot.1.gz --rw-r--r-- root/root usr/share/man/man1/lxc-start-ephemeral.1.gz -rw-r--r-- root/root usr/share/man/man1/lxc-start.1.gz -rw-r--r-- root/root usr/share/man/man1/lxc-stop.1.gz -rw-r--r-- root/root usr/share/man/man1/lxc-top.1.gz -rw-r--r-- root/root usr/share/man/man1/lxc-unfreeze.1.gz -rw-r--r-- root/root usr/share/man/man1/lxc-unshare.1.gz +-rw-r--r-- root/root usr/share/man/man1/lxc-update-config.1.gz -rw-r--r-- root/root usr/share/man/man1/lxc-user-nic.1.gz -rw-r--r-- root/root usr/share/man/man1/lxc-usernsexec.1.gz -rw-r--r-- root/root usr/share/man/man1/lxc-wait.1.gz diff --git a/lxc/.signature b/lxc/.signature index e63b0cb9c..c221c75be 100644 --- a/lxc/.signature +++ b/lxc/.signature @@ -1,9 +1,9 @@ untrusted comment: verify with /etc/ports/contrib.pub -RWSagIOpLGJF32YPWV8VCQ8eU8iHiVsBws5LIbE0Qrtv707K47A/MuEY7xcGtGSdN3bXcHo6KJg5g+SVNteVov9lGYzv5jj9TQc= -SHA256 (Pkgfile) = 54c1895e84fb203b10441f88ac3d857fbc438dbced5abbce8781d790aed0c47e -SHA256 (.footprint) = 609a2aa78593b12a664aec16e0653d6a796c4fc80c00277735b10113db7e9319 -SHA256 (lxc-3.2.1.tar.gz) = 5f903986a4b17d607eea28c0aa56bf1e76e8707747b1aa07d31680338b1cc3d4 -SHA256 (man-pages.tar.xz) = 9c78897c8057cf8be5873382d6d03bf54fb3e032279126560552166c0ea7481a +RWSagIOpLGJF39swBC4Sh9YID5lmUy86k6POxXmzTvc12HMEnHCpm807pOaAcAhh0j20eptCZSx2hfw8anp0r0v/7xl1ZgDgTw4= +SHA256 (Pkgfile) = 0a908418500caf00597af8560e8929b8eafeeff7d5ebaec63643227e359720ae +SHA256 (.footprint) = 9fe6acac2fae505a8d46a745ee9b6c7ce5bd51e92d747392e86443553695d19c +SHA256 (lxc-4.0.2.tar.gz) = ca336dcdf303fea5ff231d89a9b6278b061c4cffb14f0db0a71a15bdd95a5cb0 +SHA256 (man-pages.tar.xz) = 28e6602414149ca4cc1afbabb203afe12b2e694436b23d7a2501a2b6a868e473 SHA256 (default.conf) = 6739fe54ffe7924a63fd47d8ff4b453e08b78bbd1b08e4426504b8f740e8b55f SHA256 (lxc-usernet) = 83c30e9489fffd7bf815e312860e2c9b3022a0f422570d35a19eb021b433fe0f SHA256 (lxc-users-setup) = 995f72d2284334ab84790951cfbf91d9b7016f4a93a3c51d774dea0e04e8000b diff --git a/lxc/Pkgfile b/lxc/Pkgfile index 2e44a9f80..5f90a589f 100644 --- a/lxc/Pkgfile +++ b/lxc/Pkgfile @@ -1,20 +1,22 @@ # Description: container namespace cgroup virtualisation for linux guests # URL: https://linuxcontainers.org/lxc -# Maintainer: Thomas Penteker, tek at serverop dot de +# Maintainer: Tim Biermann, tbier at posteo dot de +# Packager: ryuo, James Buren +# Packager: Thomas Penteker, tek at serverop dot de # Depends: libseccomp # Optional: gnupg dnsmasq name=lxc -version=3.2.1 +version=4.0.2 release=1 source=(https://linuxcontainers.org/downloads/$name/$name-$version.tar.gz - man-pages.tar.xz - default.conf - lxc-usernet - lxc-users-setup - lxc-users - lxc-cgroups - lxc-net) + man-pages.tar.xz + default.conf + lxc-usernet + lxc-users-setup + lxc-users + lxc-cgroups + lxc-net) build() { cd $name-$version diff --git a/lxc/README b/lxc/README new file mode 100644 index 000000000..a9e191232 --- /dev/null +++ b/lxc/README @@ -0,0 +1,93 @@ +First, your kernel needs to be configured correctly to be able to use LXC. +Enable the following options in your kernel config: +CONFIG_NAMESPACES +CONFIG_UTS_NS +CONFIG_IPC_NS +CONFIG_PID_NS +CONFIG_USER_NS +CONFIG_NET_NS +CONFIG_CGROUPS +CONFIG_CGROUP_NS +CONFIG_CGROUP_DEVICE +CONFIG_CGROUP_SCHED +CONFIG_CGROUP_CPUACCT +CONFIG_CGROUP_FREEZER +CONFIG_CGROUP_RDMA +CONFIG_CGROUP_PIDS +CONFIG_BLK_CGROUP +CONFIG_MEMCG +CONFIG_MEMCG_SWAP +CONFIG_CPUSETS +CONFIG_VETH +CONFIG_BRIDGE +CONFIG_MACVLAN +CONFIG_VLAN_8021Q +CONFIG_NETFILTER_ADVANCED +CONFIG_NF_NAT_IPV4 +CONFIG_NF_NAT_IPV6 +CONFIG_IP_NF_TARGET_MASQUERADE +CONFIG_IP6_NF_TARGET_MASQUERADE +CONFIG_NETFILTER_XT_TARGET_CHECKSUM +CONFIG_NETFILTER_XT_MATCH_COMMENT +CONFIG_FUSE_FS +CONFIG_CHECKPOINT_RESTORE +CONFIG_FHANDLE +CONFIG_EVENTFD +CONFIG_EPOLL +CONFIG_UNIX_DIAG +CONFIG_INET_DIAG +CONFIG_PACKET_DIAG +CONFIG_NETLINK_DIAG + +Second, you need to edit /etc/lxc/default.conf to suite your desired +container setup. The default network configuration is designed to use +the default LXC managed bridge which relies on NAT to provide access +to any external networks. Be sure to modify this if you wish to do +something different. Also, if unprivileged containers are desired, +then be sure to uncomment the uidmap configuration. + +Third, you need to edit /etc/rc.conf to enable any desired LXC services. +First, the lxc-cgroups service needs to be enabled and placed before any +other LXC services for LXC to function correctly. Next, the lxc-net +service should be enabled and placed before lxc if you are wanting LXC to +manage your container networking. Last, the lxc service should be enabled +and placed after any other LXC services if you are wanting LXC to manage +the startup of your containers. + +Fourth, if you are wanting to allow unprivileged users to use LXC containers, +then you will need to do some setup. First, be sure that you have enabled LXC +unprivileged containers as is documented above. Second, you need to edit +/etc/lxc/lxc-usernet and add any users that you wish to have access to LXC +unprivileged containers. The comments in the file will show how to do this. +Third, you need to run the following command to setup each user, which will +create the subuids, create the subgids, setup their BASH profile for LXC, +and create their initial LXC configuration file: lxc-users-setup +Please note that you will also need to reboot or restart the lxc-cgroups +service for the new user cgroups to be available for use. Last, if you are +wanting LXC to manage the startup of your user containers, be sure to place +the lxc-users service after lxc in the /etc/rc.conf file. + +Fifth, you need to add the following line to /etc/pam.d/common-session: +session optional pam_cgfs.so -c all + +Now you are ready to start using LXC. See below for some examples of basic +usage of LXC. + +You can create a container using lxc-create: +lxc-create -t download -- alpine -d alpine -r 3.8 -a amd64 + +You can start this container using lxc-start: +lxc-start -n alpine + +You can get a shell in this container using lxc-attach: +lxc-attach -n alpine + +You can run arbitrary commands in this container using lxc-attach: +lxc-attach -n alpine -- echo Hello World! + +You can stop this container using lxc-stop: +lxc-stop -n alpine + +You can start LXC containers at boot by adding this line to your +container configuration: +lxc.start.auto = 1 diff --git a/lxc/man-pages.tar.xz b/lxc/man-pages.tar.xz Binary files differindex bdfe9fab0..14eaf4158 100644 --- a/lxc/man-pages.tar.xz +++ b/lxc/man-pages.tar.xz diff --git a/lxc/post-install b/lxc/post-install new file mode 100644 index 000000000..039c46787 --- /dev/null +++ b/lxc/post-install @@ -0,0 +1,9 @@ +#!/bin/sh + +# Setup user mapping for unprivileged containers +test -f '/etc/subuid' || touch '/etc/subuid' +/usr/sbin/usermod -v 100000-165535 root + +# Setup group mapping for unprivileged containers +test -f '/etc/subgid' || touch '/etc/subgid' +/usr/sbin/usermod -w 100000-165535 root |