Fixes for selinux and pam_loginuid.so Just some additional catches for disabling selinux and pam_loginuid.so thanks to Dwight Engen and the Oracle template.
Signed-off-by: Michael H. Warfield <m...@wittsend.com>
---
templates/lxc-fedora.in | 23 ++++++++++++++++++++---
1 file changed, 20 insertions(+), 3 deletions(-)
diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in
index 9208e88..9999503 100644
--- a/templates/lxc-fedora.in
+++ b/templates/lxc-fedora.in
@@ -98,11 +98,24 @@ configure_fedora()
mkdir -p $rootfs_path/selinux
echo 0 > $rootfs_path/selinux/enforce
- # This may be related to disabling selinux above but this is
- # a known problem and documented in RedHat bugzilla as relating
+ # Also kill it in the /etc/selinux/config file if it's there...
+ if [[ -f $rootfs_path/etc/selinux/config ]]
+ then
+ sed -i '/^SELINUX=/s/.*/SELINUX=disabled/'
$rootfs_path/etc/selinux/config
+ fi
+
+ # Nice catch from Dwight Engen in the Oracle template.
+ # Wantonly plagerized here with much appreciation.
+ if [ -f $rootfs_path/usr/sbin/selinuxenabled ]; then
+ mv $rootfs_path/usr/sbin/selinuxenabled
$rootfs_path/usr/sbin/selinuxenabled.lxcorig
+ ln -s /bin/false $rootfs_path/usr/sbin/selinuxenabled
+ fi
+
+ # This is a known problem and documented in RedHat bugzilla as relating
# to a problem with auditing enabled. This prevents an error in
# the container "Cannot make/remove an entry for the specified session"
sed -i '/^session.*pam_loginuid.so/s/^session/# session/'
${rootfs_path}/etc/pam.d/login
+ sed -i '/^session.*pam_loginuid.so/s/^session/# session/'
${rootfs_path}/etc/pam.d/sshd
# configure the network using the dhcp
cat <<EOF > ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0
@@ -132,6 +145,9 @@ EOF
::1 localhost6.localdomain6 localhost6
EOF
+ # These mknod's really don't make any sense with modern releases of
+ # Fedora with systemd, devtmpfs, and autodev enabled. They are left
+ # here for legacy reasons and older releases with upstart and sysv init.
dev_path="${rootfs_path}/dev"
rm -rf $dev_path
mkdir -p $dev_path
@@ -187,6 +203,7 @@ EOF
return 0
}
+
configure_fedora_init()
{
sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
@@ -635,7 +652,7 @@ download_fedora()
BOOTSTRAP_INSTALL_ROOT=${INSTALL_ROOT}
BOOTSTRAP_CHROOT=
- PKG_LIST="yum initscripts passwd rsyslog vim-minimal dhclient chkconfig
rootfiles policycoreutils fedora-release"
+ PKG_LIST="yum initscripts passwd rsyslog vim-minimal openssh-server
openssh-clients dhclient chkconfig rootfiles policycoreutils fedora-release"
MIRRORLIST_URL="http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$release&arch=$arch";
if [[ ${release} -lt 17 ]]
--
1.8.3.1
--
Michael H. Warfield (AI4NB) | (770) 978-7061 | m...@wittsend.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Shape the Mobile Experience: Free Subscription Software experts and developers: Be at the forefront of tech innovation. Intel(R) Software Adrenaline delivers strategic insight and game-changing conversations that shape the rapidly evolving mobile landscape. Sign up now. http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
