On Thu, Jun 26, 2014 at 10:26:24PM +0800, Alexander Vladimirov wrote:
> Giving a fresh look uncovers subtle bug sneaked in:
> + echo "${devttydir}/${devtty}tty${i} " >>
> "${rootfs_path}/etc/securetty"
> should read as
> + echo "${devttydir}/tty${i} " >> "${rootfs_path}/etc/securetty"
>
> Should I resend the patch, or could it be fixed during merge?I'll fix it when I apply it in a bit. > > Best regards, > Alexander > > > 2014-06-26 21:53 GMT+08:00 Stéphane Graber <[email protected]>: > > On Thu, Jun 26, 2014 at 03:43:11PM +0800, Alexander Vladimirov wrote: > >> Update container's /etc/securetty to allow console logins when > >> lxc.devttydir is not empty. > >> Also use config entries provided by shared and common configuration files. > >> > >> Signed-off-by: Alexander Vladimirov <[email protected]> > > > > Oops, sorry for breaking this with my other change, I usually added a > > lxc.devttydir= in that case but I apparently forgot to do so for Arch... > > > > Acked-by: Stéphane Graber <[email protected]> > > > >> --- > >> config/templates/archlinux.common.conf.in | 3 +++ > >> templates/lxc-archlinux.in | 19 ++++++++++++++++--- > >> 2 files changed, 19 insertions(+), 3 deletions(-) > >> > >> diff --git a/config/templates/archlinux.common.conf.in > >> b/config/templates/archlinux.common.conf.in > >> index 7c950e7..0be1958 100644 > >> --- a/config/templates/archlinux.common.conf.in > >> +++ b/config/templates/archlinux.common.conf.in > >> @@ -17,6 +17,9 @@ lxc.stopsignal=SIGRTMIN+14 > >> # Mount entries > >> lxc.mount.auto = proc:mixed sys:ro > >> > >> +# Uncomment to disable creating tty devices subdirectory in /dev > >> +# lxc.devttydir = > >> + > >> # Capabilities > >> # Uncomment these if you don't run anything that needs the capability, and > >> # would like the container to run with less privilege. > >> diff --git a/templates/lxc-archlinux.in b/templates/lxc-archlinux.in > >> index 6f3ce2e..5ee4a30 100644 > >> --- a/templates/lxc-archlinux.in > >> +++ b/templates/lxc-archlinux.in > >> @@ -44,6 +44,7 @@ default_path="@LXCPATH@" > >> default_locale="en-US.UTF-8" > >> default_timezone="UTC" > >> pacman_config="/etc/pacman.conf" > >> +common_config="@LXCTEMPLATECONFIG@/common.conf" > >> shared_config="@LXCTEMPLATECONFIG@/archlinux.common.conf" > >> > >> # by default, install 'base' except the kernel > >> @@ -104,11 +105,23 @@ sed -e 's/^ConditionPathExists=/# > >> ConditionPathExists=/' \ > >> > /etc/systemd/system/getty\@.service > >> EOF > >> # enable getty on active ttys > >> - nttys=$(grep lxc.tty ${config_path}/config | cut -d= -f 2 | tr -d > >> "[:blank:]") > >> + local nttys=$(cat "${config_path}/config" ${shared_config} > >> ${common_config} | grep "^lxc.tty" | head -n1 | cut -d= -f2 | tr -d > >> "[:blank:]") > >> + local devttydir=$(cat "${config_path}/config" ${shared_config} > >> ${common_config} | grep "^lxc.devttydir" | head -n1 | cut -d= -f2 | tr -d > >> "[:blank:]") > >> + local devtty="" > >> + # bind getty instances to /dev/<devttydir>/tty* if lxc.devttydir is > >> set > >> + [ -n "${devttydir}" ] && devtty="${devttydir}-" > >> if [ ${nttys:-0} -gt 1 ]; then > >> - ( cd ${rootfs_path}/etc/systemd/system/getty.target.wants > >> - for i in $(seq 1 $nttys); do ln -sf ../getty\@.service > >> getty@tty${i}.service; done ) > >> + ( cd "${rootfs_path}/etc/systemd/system/getty.target.wants" > >> + for i in $(seq 1 $nttys); do ln -sf "../[email protected]" > >> "getty@${devtty}tty${i}.service"; done ) > >> fi > >> + # update securetty to allow console login if devttydir is set > >> + if [ -n "${devttydir}" ]; then > >> + for i in $(seq 1 ${nttys:-1}); do > >> + echo "${devttydir}/${devtty}tty${i}" >> > >> "${rootfs_path}/etc/securetty" > >> + done > >> + fi > >> + [ -n "${devttydir}" ] && echo "${devttydir}/console" >> > >> "${rootfs_path}/etc/securetty" > >> + # Arch default configuration allows only tty1-6 for login > >> [ ${nttys:-0} -gt 6 ] && echo \ > >> "You may want to modify container's /etc/securetty \ > >> file to allow root logins on tty7 and higher" > >> -- > >> 2.0.0 > >> > >> _______________________________________________ > >> lxc-devel mailing list > >> [email protected] > >> http://lists.linuxcontainers.org/listinfo/lxc-devel > > > > -- > > Stéphane Graber > > Ubuntu developer > > http://www.ubuntu.com > > > > _______________________________________________ > > lxc-devel mailing list > > [email protected] > > http://lists.linuxcontainers.org/listinfo/lxc-devel > > > _______________________________________________ > lxc-devel mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com
signature.asc
Description: Digital signature
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
