This patch adds support for the lxc container system. We install the
userspace lib and application.
To make sure all necessary kernel options are enabled use:
$ CONFIG=/path/to/kernelconfig lxc-checkconfig
Signed-off-by: Michael Grzeschik <m.grzesc...@pengutronix.de>
---
v1 -> v2: - prefixed used variables with PTXCONF_ :
LXC_TEMPLATES, LXC_HOOKS, LXC_SELINUX
- fixed used variable LXC_SYSTEMD_UNIT
- added missing dir /usr/lib/lxc/rootfs
- added dependency to busybox tools when using templates
- added dependency to iptables when starting systemd.service
- removed some extra commented unused options
- removed hooks
- only installing busybox template
- added dependency to busybox_umount
v2 -> v3: - removed the busybox template
- added patch for dnsmasq to start without dns support
- added install stage to include getent from toolchain
v3 -> v4: - removed all patches as --bind-interfaces is already there
- removed dependency to IPTABLES*_UNIT
- removed gnutls dependency
- used GLOBAL_SELINUX
- always enabled SECCOMP
- removed examples
- improved targetinstall stage
- using glibc getent option
- changed the ip range to 172.16.1.*
projectroot/etc/default/lxc-net | 7 ++
projectroot/etc/lxc/default.conf | 4 +
rules/lxc.in | 37 ++++++
rules/lxc.make | 209 +++++++++++++++++++++++++++++++
4 files changed, 257 insertions(+)
create mode 100644 projectroot/etc/default/lxc-net
create mode 100644 projectroot/etc/lxc/default.conf
create mode 100644 rules/lxc.in
create mode 100644 rules/lxc.make
diff --git a/projectroot/etc/default/lxc-net b/projectroot/etc/default/lxc-net
new file mode 100644
index 000000000..347726e55
--- /dev/null
+++ b/projectroot/etc/default/lxc-net
@@ -0,0 +1,7 @@
+USE_LXC_BRIDGE="true"
+LXC_BRIDGE="lxcbr0"
+LXC_ADDR="172.16.1.1"
+LXC_NETMASK="255.255.255.0"
+LXC_NETWORK="172.16.1.0/24"
+LXC_DHCP_RANGE="172.16.1.2,172.16.1.254"
+LXC_DHCP_MAX="253"
diff --git a/projectroot/etc/lxc/default.conf b/projectroot/etc/lxc/default.conf
new file mode 100644
index 000000000..e7af1e6ae
--- /dev/null
+++ b/projectroot/etc/lxc/default.conf
@@ -0,0 +1,4 @@
+lxc.net.0.type = veth
+lxc.net.0.link = lxcbr0
+lxc.net.0.flags = up
+lxc.net.0.hwaddr = 00:16:3e:11:22:34
diff --git a/rules/lxc.in b/rules/lxc.in
new file mode 100644
index 000000000..1db096641
--- /dev/null
+++ b/rules/lxc.in
@@ -0,0 +1,37 @@
+## SECTION=system_libraries
+
+menuconfig LXC
+ bool
+ prompt "lxc "
+ select LIBSECCOMP
+ select GLIBC_GETENT
+ select BUSYBOX_FEATURE_SH_MATH if LXC_SYSTEMD_UNIT
+ select SYSTEMD if LXC_SYSTEMD_UNIT
+ select DNSMASQ if LXC_SYSTEMD_UNIT
+ select IPTABLES if LXC_SYSTEMD_UNIT
+ select IPTABLES_IPV4 if LXC_SYSTEMD_UNIT
+ select IPTABLES_IPV6 if LXC_SYSTEMD_UNIT
+ select IPTABLES_INSTALL_TOOLS if LXC_SYSTEMD_UNIT
+ help
+ LXC is a userspace interface for the Linux kernel containment
+ features. Through a powerful API and simple tools, it lets
+ Linux users easily create and manage system or application
+ containers.
+
+if LXC
+
+config LXC_SYSTEMD_UNIT
+ bool
+ prompt "LXC systemd unit"
+ default INITMETHOD_SYSTEMD
+ help
+ Turn on to install systemd unit for lxc
+
+config LXC_TEST_TOOLS
+ bool
+ prompt "LXC test applications"
+ default n
+ help
+ Turn on to enable building the lxc test applications
+
+endif
diff --git a/rules/lxc.make b/rules/lxc.make
new file mode 100644
index 000000000..e6c275deb
--- /dev/null
+++ b/rules/lxc.make
@@ -0,0 +1,209 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2018 by Michael Grzeschik <m...@pengutronix.de>
+#
+# See CREDITS for details about who has contributed to this project.
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_LXC) += lxc
+
+#
+# Paths and names
+#
+LXC_VERSION := 3.0.1
+LXC_MD5 := 8eb396dde561e5832ba2d505513a1935
+LXC := lxc-$(LXC_VERSION)
+LXC_SUFFIX := tar.gz
+LXC_URL :=
https://linuxcontainers.org/downloads/lxc/$(LXC).$(LXC_SUFFIX)
+LXC_SOURCE := $(SRCDIR)/$(LXC).$(LXC_SUFFIX)
+LXC_DIR := $(BUILDDIR)/$(LXC)
+LXC_LICENSE := unknown
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+#LXC_CONF_ENV := $(CROSS_ENV)
+
+#
+# autoconf
+#
+LXC_CONF_TOOL := autoconf
+LXC_CONF_OPT := \
+ $(CROSS_AUTOCONF_USR) \
+ --enable-silent-rules \
+ --enable-dependency-tracking \
+ --enable-shared \
+ --disable-static \
+ --disable-fast-install \
+ --disable-libtool-lock \
+ --disable-werror \
+ --disable-rpath \
+ --disable-doc \
+ --disable-api-docs \
+ --disable-apparmor \
+ --disable-gnutls \
+ --$(call ptx/endis, PTXCONF_GLOBAL_SELINUX)-selinux \
+ --enable-seccomp \
+ --enable-capabilities \
+ --disable-examples \
+ --disable-mutex-debugging \
+ --disable-bash \
+ --enable-tools \
+ --enable-commands \
+ --$(call ptx/endis, PTXCONF_LXC_TEST_TOOLS)-tests \
+ --enable-configpath-log \
+ --disable-pam \
+ --with-init-script=systemd \
+ --with-systemdsystemunitdir=/usr/lib/systemd/system/ \
+ --with-distro=unknown \
+ --with-usernic-conf \
+ --with-usernic-db \
+ --with-log-path=/var/log \
+ --with-pamdir=none
+
+LXC_APPLICATIONS := \
+ copy \
+ cgroup \
+ create \
+ snapshot \
+ freeze \
+ config \
+ monitor \
+ unfreeze \
+ device \
+ destroy \
+ ls \
+ console \
+ wait \
+ execute \
+ update-config \
+ stop \
+ checkconfig \
+ checkpoint \
+ usernsexec \
+ attach \
+ start \
+ top \
+ info \
+ autostart \
+ unshare
+
+ifdef PTXCONF_LXC_TEST_TOOLS
+LXC_TEST_TOOLS := \
+ containertests \
+ may-control \
+ console \
+ locktests \
+ no-new-privs \
+ snapshot \
+ concurrent \
+ shutdowntest \
+ cgpath \
+ get_item \
+ criu-check-feature \
+ apparmor \
+ share-ns \
+ saveconfig \
+ clonetest \
+ createtest \
+ createconfig \
+ shortlived \
+ rootfs \
+ getkeys \
+ console-log \
+ attach \
+ reboot \
+ automount \
+ api-reboot \
+ destroytest \
+ startone \
+ raw-clone \
+ parse-config-file \
+ config-jump-table \
+ autostart \
+ state-server \
+ list \
+ device-add-remove \
+ cloneconfig \
+ utils \
+ lxcpath
+endif
+
+LXC_LIBEXEC_APPS := \
+ containers \
+ net \
+ apparmor-load \
+ user-nic \
+ monitord \
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/lxc.targetinstall:
+ @$(call targetinfo)
+
+ @$(call install_init, lxc)
+ @$(call install_fixup, lxc, PRIORITY, optional)
+ @$(call install_fixup, lxc, SECTION, base)
+ @$(call install_fixup, lxc, AUTHOR, "Michael Grzeschik
<m...@pengutronix.de>")
+ @$(call install_fixup, lxc, DESCRIPTION, missing)
+
+ @$(call install_lib, lxc, 0, 0, 0644, liblxc);
+
+ @$(call install_copy, lxc, 0, 0, 0644, /var/lib/lxc);
+ @$(call install_copy, lxc, 0, 0, 0644, /usr/lib/lxc/rootfs);
+
+ @$(call install_tree, lxc, 0, 0, -, /usr/share/lxc/config);
+
+ifdef PTXCONF_GLOBAL_SELINUX
+ @$(call install_tree, lxc, 0, 0, -, /usr/share/lxc/selinux);
+endif
+
+ @$(call install_alternative, lxc, 0, 0, 0644, /etc/lxc/default.conf);
+ @$(call install_alternative, lxc, 0, 0, 0644, /etc/default/lxc-net);
+
+ @$(call install_copy, lxc, 0, 0, 0644, -, /etc/default/lxc)
+
+ @$(foreach app, $(LXC_APPLICATIONS), \
+ $(call install_copy, lxc, 0, 0, 0755, -, \
+ /usr/bin/lxc-$(app))$(ptx/nl))
+
+ @$(foreach app, $(LXC_LIBEXEC_APPS), \
+ $(call install_copy, lxc, 0, 0, 0755, -, \
+ /usr/libexec/lxc/lxc-$(app))$(ptx/nl))
+
+ifdef PTXCONF_LXC_TEST_TOOLS
+ @$(foreach app, $(LXC_TEST_TOOLS), \
+ $(call install_copy, lxc, 0, 0, 0755,
$(LXC_PKGDIR)/usr/bin/lxc-test-$(app), \
+ /usr/bin/lxc-tests/$(app))$(ptx/nl))
+endif
+
+ifdef PTXCONF_LXC_SYSTEMD_UNIT
+ @$(call install_copy, lxc, 0, 0, 0644, -, \
+ /usr/lib/systemd/system/lxc.service)
+ @$(call install_copy, lxc, 0, 0, 0644, -, \
+ /usr/lib/systemd/system/lxc@.service)
+ @$(call install_copy, lxc, 0, 0, 0644, -, \
+ /usr/lib/systemd/system/lxc-net.service)
+
+ @$(call install_link, lxc, ../lxc.service, \
+ /usr/lib/systemd/system/multi-user.target.wants/lxc.service)
+ @$(call install_link, lxc, ../lxc@.service, \
+ /usr/lib/systemd/system/multi-user.target.wants/lxc@.service)
+ @$(call install_link, lxc, ../lxc-net.service, \
+ /usr/lib/systemd/system/multi-user.target.wants/lxc-net.service)
+endif
+
+ @$(call install_finish, lxc)
+
+ @$(call touch)
+
+# vim: syntax=make
--
2.18.0
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
