On Thu, Jun 26, 2014 at 03:43:11PM +0800, Alexander Vladimirov wrote: > Update container's /etc/securetty to allow console logins when lxc.devttydir > is not empty. > Also use config entries provided by shared and common configuration files. > > Signed-off-by: Alexander Vladimirov <[email protected]>
Oops, sorry for breaking this with my other change, I usually added a lxc.devttydir= in that case but I apparently forgot to do so for Arch... Acked-by: Stéphane Graber <[email protected]> > --- > config/templates/archlinux.common.conf.in | 3 +++ > templates/lxc-archlinux.in | 19 ++++++++++++++++--- > 2 files changed, 19 insertions(+), 3 deletions(-) > > diff --git a/config/templates/archlinux.common.conf.in > b/config/templates/archlinux.common.conf.in > index 7c950e7..0be1958 100644 > --- a/config/templates/archlinux.common.conf.in > +++ b/config/templates/archlinux.common.conf.in > @@ -17,6 +17,9 @@ lxc.stopsignal=SIGRTMIN+14 > # Mount entries > lxc.mount.auto = proc:mixed sys:ro > > +# Uncomment to disable creating tty devices subdirectory in /dev > +# lxc.devttydir = > + > # Capabilities > # Uncomment these if you don't run anything that needs the capability, and > # would like the container to run with less privilege. > diff --git a/templates/lxc-archlinux.in b/templates/lxc-archlinux.in > index 6f3ce2e..5ee4a30 100644 > --- a/templates/lxc-archlinux.in > +++ b/templates/lxc-archlinux.in > @@ -44,6 +44,7 @@ default_path="@LXCPATH@" > default_locale="en-US.UTF-8" > default_timezone="UTC" > pacman_config="/etc/pacman.conf" > +common_config="@LXCTEMPLATECONFIG@/common.conf" > shared_config="@LXCTEMPLATECONFIG@/archlinux.common.conf" > > # by default, install 'base' except the kernel > @@ -104,11 +105,23 @@ sed -e 's/^ConditionPathExists=/# > ConditionPathExists=/' \ > > /etc/systemd/system/getty\@.service > EOF > # enable getty on active ttys > - nttys=$(grep lxc.tty ${config_path}/config | cut -d= -f 2 | tr -d > "[:blank:]") > + local nttys=$(cat "${config_path}/config" ${shared_config} > ${common_config} | grep "^lxc.tty" | head -n1 | cut -d= -f2 | tr -d > "[:blank:]") > + local devttydir=$(cat "${config_path}/config" ${shared_config} > ${common_config} | grep "^lxc.devttydir" | head -n1 | cut -d= -f2 | tr -d > "[:blank:]") > + local devtty="" > + # bind getty instances to /dev/<devttydir>/tty* if lxc.devttydir is set > + [ -n "${devttydir}" ] && devtty="${devttydir}-" > if [ ${nttys:-0} -gt 1 ]; then > - ( cd ${rootfs_path}/etc/systemd/system/getty.target.wants > - for i in $(seq 1 $nttys); do ln -sf ../getty\@.service > getty@tty${i}.service; done ) > + ( cd "${rootfs_path}/etc/systemd/system/getty.target.wants" > + for i in $(seq 1 $nttys); do ln -sf "../[email protected]" > "getty@${devtty}tty${i}.service"; done ) > fi > + # update securetty to allow console login if devttydir is set > + if [ -n "${devttydir}" ]; then > + for i in $(seq 1 ${nttys:-1}); do > + echo "${devttydir}/${devtty}tty${i}" >> > "${rootfs_path}/etc/securetty" > + done > + fi > + [ -n "${devttydir}" ] && echo "${devttydir}/console" >> > "${rootfs_path}/etc/securetty" > + # Arch default configuration allows only tty1-6 for login > [ ${nttys:-0} -gt 6 ] && echo \ > "You may want to modify container's /etc/securetty \ > file to allow root logins on tty7 and higher" > -- > 2.0.0 > > _______________________________________________ > lxc-devel mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com
signature.asc
Description: Digital signature
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
