This adds OpenWrt common config file. Signed-off-by: Petar Koretic <[email protected]> CC: Luka Perkov <[email protected]> ---
OpenWrt templates are working using 'lxc-create -t download' command. We are running that over our server on http://virtualwrt.org/containers/. There is only support for x86, x86_64 and ar71xx as of now. We plan to add all other architectures supported by OpenWrt in the future. The build scripts used to generate images can be found here: https://github.com/VirtualWrt/misc Note that index files on virtualwrt.org/containers are not validated. OpenWrt now supports containers but due to platform specifics there are some limitations: * 'tar --anchored' doesn't come with busybox's tar version, lxc is patched in OpenWrt packages feed to ignore this functionality. * .xz extraction is very expensive on most OpenWrt supported devices, -0 level is used for rootfs compression to mitigate that to some extent. * Priviliged containers are not supported at the moment since default user is root on this platform. I'm looking forward for your comments and suggestions to get OpenWrt images hosted on official lxc servers. config/templates/Makefile.am | 1 + config/templates/openwrt.common.conf.in | 56 +++++++++++++++++++++++++++++++++ configure.ac | 1 + 3 files changed, 58 insertions(+) create mode 100644 config/templates/openwrt.common.conf.in diff --git a/config/templates/Makefile.am b/config/templates/Makefile.am index 82ca8be..fdbf9d2 100644 --- a/config/templates/Makefile.am +++ b/config/templates/Makefile.am @@ -28,4 +28,5 @@ templatesconfig_DATA = \ ubuntu.common.conf \ ubuntu.lucid.conf \ ubuntu.userns.conf \ + openwrt.common.conf \ userns.conf diff --git a/config/templates/openwrt.common.conf.in b/config/templates/openwrt.common.conf.in new file mode 100644 index 0000000..05918f0 --- /dev/null +++ b/config/templates/openwrt.common.conf.in @@ -0,0 +1,56 @@ +# Default mount entries +lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0 +lxc.mount.entry = sysfs sys sysfs defaults 0 0 + +# Default console settings +lxc.devttydir = lxc +lxc.tty = 4 +lxc.pts = 1024 + +# Default capabilities +lxc.cap.drop = mac_admin +lxc.cap.drop = mac_override +lxc.cap.drop = sys_admin +lxc.cap.drop = sys_module +lxc.cap.drop = sys_nice +lxc.cap.drop = sys_pacct +lxc.cap.drop = sys_ptrace +lxc.cap.drop = sys_rawio +lxc.cap.drop = sys_resource +lxc.cap.drop = sys_time +lxc.cap.drop = sys_tty_config +lxc.cap.drop = syslog +lxc.cap.drop = wake_alarm + +# Default cgroups - all denied except those whitelisted +lxc.cgroup.devices.deny = a +## /dev/null and zero +lxc.cgroup.devices.allow = c 1:3 rwm +lxc.cgroup.devices.allow = c 1:5 rwm +## consoles +lxc.cgroup.devices.allow = c 5:0 rwm +lxc.cgroup.devices.allow = c 5:1 rwm +## /dev/{,u}random +lxc.cgroup.devices.allow = c 1:8 rwm +lxc.cgroup.devices.allow = c 1:9 rwm +## /dev/pts/* +lxc.cgroup.devices.allow = c 5:2 rwm +lxc.cgroup.devices.allow = c 136:* rwm +## rtc +lxc.cgroup.devices.allow = c 254:0 rm +## fuse +lxc.cgroup.devices.allow = c 10:229 rwm +## tun +lxc.cgroup.devices.allow = c 10:200 rwm +## dev/tty0 +lxc.cgroup.devices.allow = c 4:0 rwm +## dev/tty1 +lxc.cgroup.devices.allow = c 4:1 rwm + +## To use loop devices, copy the following line to the container's +## configuration file (uncommented). +#lxc.cgroup.devices.allow = b 7:* rwm + +# Blacklist some syscalls which are not safe in privileged +# containers +lxc.seccomp = /usr/share/lxc/config/common.seccomp diff --git a/configure.ac b/configure.ac index 5f9774b..1d9634e 100644 --- a/configure.ac +++ b/configure.ac @@ -646,6 +646,7 @@ AC_CONFIG_FILES([ config/templates/ubuntu.common.conf config/templates/ubuntu.lucid.conf config/templates/ubuntu.userns.conf + config/templates/openwrt.common.conf config/templates/userns.conf config/yum/Makefile config/sysconfig/Makefile -- 2.1.2 _______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
