diff options
Diffstat (limited to 'lxc')
| -rw-r--r-- | lxc/.signature | 12 | ||||
| -rw-r--r-- | lxc/Pkgfile | 50 | ||||
| -rw-r--r-- | lxc/default.conf | 7 | ||||
| -rw-r--r-- | lxc/lxc-cgroups | 54 | ||||
| -rw-r--r-- | lxc/lxc-net | 1 | ||||
| -rw-r--r-- | lxc/lxc-usernet | 3 | ||||
| -rw-r--r-- | lxc/lxc-users | 42 | ||||
| -rw-r--r-- | lxc/lxc-users-setup | 42 |
8 files changed, 196 insertions, 15 deletions
diff --git a/lxc/.signature b/lxc/.signature index 54901c257..137620f1c 100644 --- a/lxc/.signature +++ b/lxc/.signature @@ -1,6 +1,12 @@ untrusted comment: verify with /etc/ports/contrib.pub -RWSagIOpLGJF3zfHrAz0MlSoLWAhiHW4QVOEFHIY9BkuwCCIkqT8umk3z8olUUEW/O7qeI6MhwxaLIpQo6TUqEoCMuPL1BkJ7gE= -SHA256 (Pkgfile) = e066b66764b6887df2f529b324fb85dc6be711e40c782bb6843a9d3f7c5e8791 +RWSagIOpLGJF313PwTwnUheHG/tJ/HxNhGvF+DucRdJyivB4ObzGU1FKWGpBgsQVo6fYbeCQD9GPi0wNU0kSe/6NEy53Pk+sdQU= +SHA256 (Pkgfile) = 54c1895e84fb203b10441f88ac3d857fbc438dbced5abbce8781d790aed0c47e SHA256 (.footprint) = 920a21cb890fc0f44d0be2dc845217917692948036a9f984a5eea3c00aaa2e47 -SHA256 (lxc-2.0.7.tar.gz) = 1c09c075f06ec029f86fa6370c7d379494ff4c66a129eda17af7b7b41e055f5d +SHA256 (lxc-3.2.1.tar.gz) = 5f903986a4b17d607eea28c0aa56bf1e76e8707747b1aa07d31680338b1cc3d4 SHA256 (man-pages.tar.xz) = 9c78897c8057cf8be5873382d6d03bf54fb3e032279126560552166c0ea7481a +SHA256 (default.conf) = 6739fe54ffe7924a63fd47d8ff4b453e08b78bbd1b08e4426504b8f740e8b55f +SHA256 (lxc-usernet) = 83c30e9489fffd7bf815e312860e2c9b3022a0f422570d35a19eb021b433fe0f +SHA256 (lxc-users-setup) = 995f72d2284334ab84790951cfbf91d9b7016f4a93a3c51d774dea0e04e8000b +SHA256 (lxc-users) = 7b58fae4b1551c63d7839560875e4f8461aade852f33611a8a8319957f23b0eb +SHA256 (lxc-cgroups) = 6cdc6b76c438dfbcacf7ccd20ae9190ca5d12bad9fba60c5d77052c0e3f9258b +SHA256 (lxc-net) = 4e597a3ebb896ff852d54d4add562945bcf91e1005f3963ee7cbfc82606fcf2c diff --git a/lxc/Pkgfile b/lxc/Pkgfile index 1e85852c4..2e44a9f80 100644 --- a/lxc/Pkgfile +++ b/lxc/Pkgfile @@ -1,26 +1,52 @@ # Description: container namespace cgroup virtualisation for linux guests -# URL: https://linuxcontainers.org/lxc -# Maintainer: Thomas Penteker, tek at serverop dot de +# URL: https://linuxcontainers.org/lxc +# Maintainer: Thomas Penteker, tek at serverop dot de +# Depends: libseccomp +# Optional: gnupg dnsmasq name=lxc -version=2.0.7 +version=3.2.1 release=1 -source=(http://lxc.sourceforge.net/download/lxc-$version.tar.gz - man-pages.tar.xz) +source=(https://linuxcontainers.org/downloads/$name/$name-$version.tar.gz + man-pages.tar.xz + default.conf + lxc-usernet + lxc-users-setup + lxc-users + lxc-cgroups + lxc-net) build() { cd $name-$version ./configure --prefix=/usr \ - --mandir=/usr/man \ - --libexecdir=/usr/lib \ - --sysconfdir=/etc + --mandir=/usr/share/man \ + --libexecdir=/usr/lib \ + --localstatedir=/var \ + --sysconfdir=/etc \ + --enable-pam \ + --with-pamdir=/lib/security \ + --disable-apparmor \ + --with-init-script=sysvinit make make DESTDIR=$PKG install - - install -d $PKG/usr/man - mv $SRC/man* $PKG/usr/man + install -d $PKG/usr/share/man + install -d $PKG/var/lib/misc + + install -m 0755 $SRC/lxc-users-setup $PKG/usr/sbin/ + mv $SRC/man* $PKG/usr/share/man rm -rf $PKG/usr/lib/lxc/rootfs/README $PKG/usr/share/doc - rm -rf $PKG/etc/default $PKG/usr/share/lxc/config/common.conf.d/README + rm -rf $PKG/usr/share/lxc/config/common.conf.d/README + mv $PKG/etc/rc.d/init.d/* $PKG/etc/rc.d/ + install -m755 $SRC/lxc-cgroups $PKG/etc/rc.d/ + install -m755 $SRC/lxc-users $PKG/etc/rc.d/ + rmdir $PKG/etc/rc.d/init.d/ + install -m644 $SRC/lxc-net $PKG/etc/default/ + rm $PKG/etc/lxc/default.conf + install -m644 $SRC/default.conf $PKG/etc/lxc/ + install -m644 $SRC/lxc-usernet $PKG/etc/lxc/ + if [ "$(prt-get isinst bash-completion)" = 'package bash-completion is not installed' ]; then + rm -fr $PKG/etc/bash_completion.d; + fi } diff --git a/lxc/default.conf b/lxc/default.conf new file mode 100644 index 000000000..7a0971a7d --- /dev/null +++ b/lxc/default.conf @@ -0,0 +1,7 @@ +# Uncomment to create unprivileged containers +#lxc.idmap = u 0 100000 65536 +#lxc.idmap = g 0 100000 65536 + +# Network configuration +lxc.net.0.type = veth +lxc.net.0.link = lxcbr0 diff --git a/lxc/lxc-cgroups b/lxc/lxc-cgroups new file mode 100644 index 000000000..c920d44cc --- /dev/null +++ b/lxc/lxc-cgroups @@ -0,0 +1,54 @@ +#!/bin/sh +# +# /etc/rc.d/lxc-cgroups: setup lxc cgroups +# + +if test ! -f /proc/cgroups +then + echo 'cgroups are not enabled on this kernel.' + exit 1 +fi + +case $1 in + start) + # Mount system cgroups. + mount -t tmpfs -o nosuid,nodev,noexec,mode=0755 tmpfs /sys/fs/cgroup + for i in $(awk '!/^#/{if($4==1){print$1}}' /proc/cgroups) + do + mkdir /sys/fs/cgroup/$i + mount -t cgroup -o nosuid,nodev,noexec,$i cgroup /sys/fs/cgroup/$i + done + mkdir /sys/fs/cgroup/systemd + mount -t cgroup -o nosuid,nodev,noexec,none,name=systemd cgroup /sys/fs/cgroup/systemd + mkdir /sys/fs/cgroup/unified + mount -t cgroup2 -o nosuid,nodev,noexec cgroup /sys/fs/cgroup/unified + mount -o ro,remount /sys/fs/cgroup + # Setup user cgroups. + if test -f /etc/lxc/lxc-usernet + then + test -f /sys/fs/cgroup/cpuset/cgroup.clone_children && echo 1 > /sys/fs/cgroup/cpuset/cgroup.clone_children + test -f /sys/fs/cgroup/memory/memory.use_hierarchy && echo 1 > /sys/fs/cgroup/memory/memory.use_hierarchy + for i in $(awk '!/^#/{if($1!~"@"){print$1}}' /etc/lxc/lxc-usernet) + do + for j in /sys/fs/cgroup/* + do + test $j = /sys/fs/cgroup/unified && continue + mkdir -m 0755 -p $j/$i + chown -R $i $j/$i + done + done + fi + ;; + stop) + umount -R /sys/fs/cgroup + ;; + restart) + $0 stop + $0 start + ;; + *) + echo "Usage: $0 [start|stop|restart]" + ;; +esac + +# End of file diff --git a/lxc/lxc-net b/lxc/lxc-net new file mode 100644 index 000000000..5d52f62e1 --- /dev/null +++ b/lxc/lxc-net @@ -0,0 +1 @@ +USE_LXC_BRIDGE="true" diff --git a/lxc/lxc-usernet b/lxc/lxc-usernet new file mode 100644 index 000000000..64e336f14 --- /dev/null +++ b/lxc/lxc-usernet @@ -0,0 +1,3 @@ +# Edit this file to allow unprivileged users to create network devices for LXC containers. +# Example Entry: +# $USER veth lxcbr0 8 diff --git a/lxc/lxc-users b/lxc/lxc-users new file mode 100644 index 000000000..275db7eea --- /dev/null +++ b/lxc/lxc-users @@ -0,0 +1,42 @@ +#!/bin/sh +# +# /etc/rc.d/lxc-users: start/stop LXC user containers +# + +if test ! -f /etc/lxc/lxc-usernet +then + echo 'LXC not configured for user containers.' + exit 1 +fi + +[ -f /etc/default/lxc ] && . /etc/default/lxc + +case $1 in + start) + [ "$LXC_AUTO" = true ] || exit 0 + [ ! -f /var/lock/lxc-users ] || exit 0 + [ -n "$BOOTGROUPS" ] && BOOTGROUPS="-g $BOOTGROUPS" + touch /var/lock/lxc-users + for user in $(awk '!/^#/{if($1!~"@"){print$1}}' /etc/lxc/lxc-usernet) + do + sudo -u $user -i -- lxc-autostart $OPTIONS $BOOTGROUPS + done + rm -f /var/lock/lxc-users + ;; + stop) + [ -n "$SHUTDOWNDELAY" ] && SHUTDOWNDELAY="-t SHUTDOWNDELAY" + for user in $(awk '!/^#/{if($1!~"@"){print$1}}' /etc/lxc/lxc-usernet) + do + sudo -u $user -i -- lxc-autostart $STOPOPTS $SHUTDOWNDELAY + done + ;; + restart) + $0 stop + $0 start + ;; + *) + echo "Usage: $0 [start|stop|restart]" + ;; +esac + +# End of file diff --git a/lxc/lxc-users-setup b/lxc/lxc-users-setup new file mode 100644 index 000000000..1fc248677 --- /dev/null +++ b/lxc/lxc-users-setup @@ -0,0 +1,42 @@ +#!/bin/sh + +if test $(id -u) -ne 0 +then + echo 'This must be run as root.' + exit 1 +fi + +write_profile() { + test -f $1 || touch $1 && chown $uid:$gid $1 + if ! grep -q '# lxc-users-setup' $1 + then + echo 'for i in /sys/fs/cgroup/*/$USER/tasks; do test -w $i && echo $$ > $i; done # lxc-users-setup' >> $1 + fi +} + +for i in $(awk '!/^#/{if($1!~"@"){print$1}}' /etc/lxc/lxc-usernet) +do + passwd=$(getent passwd $i) + user=$(echo $passwd | cut -d : -f 1) + uid=$(echo $passwd | cut -d : -f 3) + gid=$(echo $passwd | cut -d : -f 4) + home=$(echo $passwd | cut -d : -f 6) + test -f '/etc/subuid' || touch '/etc/subuid' + if ! grep -qE "^($user|$uid):100000:65536\$" '/etc/subuid' + then + usermod -V 0-4294967295 -v 100000-165535 $user + fi + test -f '/etc/subgid' || touch '/etc/subgid' + if ! grep -qE "^($user|$uid):100000:65536\$" '/etc/subgid' + then + usermod -W 0-4294967295 -w 100000-165535 $user + fi + write_profile $home/.bash_profile + write_profile $home/.zprofile + if ! test -f $home/.config/lxc/default.conf + then + mkdir -p $home/.config/lxc + echo 'lxc.include = /etc/lxc/default.conf' > $home/.config/lxc/default.conf + chown $uid:$gid $home/.config $home/.config/lxc $home/.config/lxc/default.conf + fi +done |