On Tue, 19 Sep 2006 14:40:04 -0400, Jeff Dike <[EMAIL PROTECTED]> said:
> On Mon, Sep 18, 2006 at 09:06:49PM -0500, Ben Wing wrote:
>> i'm trying to get uml working with modules. i downloaded the
>> latest kernel 2.6.17.13, compiled using the `defconfig', obtained
>> the root fs from http://uml.nagafix.co.uk/Debian-3.1/ (which claims
>> to have been updated sept 13 2006), and ran ./linux.
> This may not be that recent. Debian is famous for being behind the
> times.
The file system is not coming from Debian, unless I am
mistaken.
> I would go with a Fedora filesystem or another which is kept
> somewhat close to the bleeding edge.
Debian is about giving people tools and choices. You can
build your own, for example, with scripts like the one
attached. Works for me with the latest kernels (I use SELinux,
comment those bits out if you do not want them).
manoj
#!/bin/bash
# -*- Mode: Sh -*-
# creatfs ---
# Author : Manoj Srivastava ( [EMAIL PROTECTED] )
# Created On : Wed Sep 15 14:21:22 2004
# Created On Node : glaurung.internal.golden-gryphon.com
# Last Modified By : Manoj Srivastava
# Last Modified On : Thu Sep 14 00:03:18 2006
# Last Machine Used: glaurung.internal.golden-gryphon.com
# Update Count : 166
# Status : Unknown, Use with caution!
# HISTORY :
# Description :
#
#
set -e
progname="`basename \"$0\"`"
pversion='$Revision: 1.58 $'
mydir="$(dirname $0)"
#
# Long term variables, which may be set in the config file or the
# environment:
# DEBUG rootdir workdir (if all original sources are kept in one dir)
#
#
action='withecho'
DEBUG=${DEBUG:-0}
# Working directory for all output
WORKING_DIR=$(pwd); export WORKING_DIR
LC_ALL=C
export LC_ALL
DEBOOTSTRAP_EXCLUDE="hwclock"
DEBOOTSTRAP_INCLUDE="udev"
setq() {
# Variable Value Doc string
if [ "x$2" = "x" ]; then
echo >&2 "$progname: Unable to determine $3"
exit 1;
else
if [ ! "x$Verbose" = "x" ]; then
echo "$progname: $3 is $2";
fi
eval "$1=\"\$2\"";
fi
}
withecho () {
echo " $@" >&2
"$@"
}
usageversion () {
cat >&2 <<END
Debian GNU/Linux $progname $pversion.
Copyright (C) 2004 Manoj Srivastava.
This is free software; see the GNU General Public Licence for copying
conditions. There is NO warranty.
Usage: $progname [options]
Options:
-h print this message
END
}
# Configuration
# This function sets configuration variables from various sources,
# alowing the command line to override the environment, which in turn
# over rides the configuration file, which supercedes the built in
# default value. It is called by read_cfg below to actually set the
# variables.
combine_values() {
# Command line, env variable, config file, or default
if [ ! "x$opt_mirrorsite" = "x" ]; then
MIRRORSITE="$opt_mirrorsite";
elif [ ! "x$CFS_MIRRORSITE" = "x" ]; then
MIRRORSITE="$CFS_MIRRORSITE";
elif [ ! "x$conf_mirrorsite" = "x" ]; then
MIRRORSITE="$conf_mirrorsite";
else
: echo nop;
fi
if [ ! "x$opt_my_ip" = "x" ]; then
MY_IP="$opt_my_ip";
elif [ ! "x$CFS_MY_IP" = "x" ]; then
MY_IP="$CFS_MY_IP";
elif [ ! "x$conf_my_ip" = "x" ]; then
MY_IP="$conf_my_ip";
else
: echo nop;
fi
if [ ! "x$opt_uml_broadcast" = "x" ]; then
UML_BROADCAST="$opt_uml_broadcast";
elif [ ! "x$CFS_UML_BROADCAST" = "x" ]; then
UML_BROADCAST="$CFS_UML_BROADCAST";
elif [ ! "x$conf_uml_broadcast" = "x" ]; then
UML_BROADCAST="$conf_uml_broadcast";
else
: echo nop;
fi
if [ ! "x$opt_uml_netmask" = "x" ]; then
UML_NETMASK="$opt_uml_netmask";
elif [ ! "x$CFS_UML_NETMASK" = "x" ]; then
UML_NETMASK="$CFS_UML_NETMASK";
elif [ ! "x$conf_uml_netmask" = "x" ]; then
UML_NETMASK="$conf_uml_netmask";
else
: echo nop;
fi
if [ ! "x$opt_uml_mailname" = "x" ]; then
UML_MAILNAME="$opt_uml_mailname";
elif [ ! "x$CFS_UML_MAILNAME" = "x" ]; then
UML_MAILNAME="$CFS_UML_MAILNAME";
elif [ ! "x$conf_uml_mailname" = "x" ]; then
UML_MAILNAME="$conf_uml_mailname";
else
: echo nop;
fi
if [ ! "x$opt_uml_domain" = "x" ]; then
UML_DOMAIN="$opt_uml_domain";
elif [ ! "x$CFS_UML_DOMAIN" = "x" ]; then
UML_DOMAIN="$CFS_UML_DOMAIN";
elif [ ! "x$conf_uml_domain" = "x" ]; then
UML_DOMAIN="$conf_uml_domain";
else
: echo nop;
fi
if [ ! "x$opt_uml_ns1" = "x" ]; then
UML_NS1="$opt_uml_ns1";
elif [ ! "x$CFS_UML_NS1" = "x" ]; then
UML_NS1="$CFS_UML_NS1";
elif [ ! "x$conf_uml_ns1" = "x" ]; then
UML_NS1="$conf_uml_ns1";
else
: echo nop;
fi
if [ ! "x$opt_uml_ns2" = "x" ]; then
UML_NS2="$opt_uml_ns2";
elif [ ! "x$CFS_UML_NS2" = "x" ]; then
UML_NS2="$CFS_UML_NS2";
elif [ ! "x$conf_uml_ns2" = "x" ]; then
UML_NS2="$conf_uml_ns2";
else
: echo nop;
fi
if [ ! "x$opt_uml_ns3" = "x" ]; then
UML_NS3="$opt_uml_ns3";
elif [ ! "x$CFS_UML_NS3" = "x" ]; then
UML_NS3="$CFS_UML_NS3";
elif [ ! "x$conf_uml_ns3" = "x" ]; then
UML_NS3="$conf_uml_ns3";
else
: echo nop;
fi
if [ ! "x$opt_uml_ip" = "x" ]; then
UML_IP="$opt_uml_ip";
elif [ ! "x$CFS_UML_IP" = "x" ]; then
UML_IP="$CFS_UML_IP";
elif [ ! "x$conf_uml_ip" = "x" ]; then
UML_IP="$conf_uml_ip";
else
: echo nop;
fi
if [ ! "x$opt_uml_network" = "x" ]; then
UML_NETWORK="$opt_uml_network";
elif [ ! "x$CFS_UML_NETWORK" = "x" ]; then
UML_NETWORK="$CFS_UML_NETWORK";
elif [ ! "x$conf_uml_network" = "x" ]; then
UML_NETWORK="$conf_uml_network";
else
: echo nop;
fi
if [ ! "x$opt_my_eth0" = "x" ]; then
MY_ETH0="$opt_my_eth0";
elif [ ! "x$CFS_MY_ETH0" = "x" ]; then
MY_ETH0="$CFS_MY_ETH0";
elif [ ! "x$conf_my_eth0" = "x" ]; then
MY_ETH0="$conf_my_eth0";
else
: echo nop;
fi
if [ ! "x$opt_uml_deb_release" = "x" ]; then
UML_DEB_RELEASE="$opt_uml_deb_release";
elif [ ! "x$CFS_UML_DEB_RELEASE" = "x" ]; then
UML_DEB_RELEASE="$CFS_UML_DEB_RELEASE";
elif [ ! "x$conf_uml_deb_release" = "x" ]; then
UML_DEB_RELEASE="$conf_uml_deb_release";
else
: echo nop;
fi
if [ ! "x$opt_uml_image" = "x" ]; then
UML_IMAGE="$opt_uml_image";
elif [ ! "x$CFS_UML_IMAGE" = "x" ]; then
UML_IMAGE="$CFS_UML_IMAGE";
elif [ ! "x$conf_uml_image" = "x" ]; then
UML_IMAGE="$conf_uml_image";
else
: echo nop;
fi
if [ ! "x$opt_uml_mount_tmpfs" = "x" ]; then
UML_MOUNT_TMPFS="$opt_uml_mount_tmpfs";
elif [ ! "x$CFS_UML_MOUNT_TMPFS" = "x" ]; then
UML_MOUNT_TMPFS="$CFS_UML_MOUNT_TMPFS";
elif [ ! "x$conf_uml_mount_tmpfs" = "x" ]; then
UML_MOUNT_TMPFS="$conf_uml_mount_tmpfs";
else
: echo nop;
fi
if [ ! "x$opt_uml_mem" = "x" ]; then
UML_MEM="$opt_uml_mem";
elif [ ! "x$CFS_UML_MEM" = "x" ]; then
UML_MEM="$CFS_UML_MEM";
elif [ ! "x$conf_uml_mem" = "x" ]; then
UML_MEM="$conf_uml_mem";
else
: echo nop;
fi
if [ ! "x$opt_uml_gateway" = "x" ]; then
UML_GATEWAY="$opt_uml_gateway";
elif [ ! "x$CFS_UML_GATEWAY" = "x" ]; then
UML_GATEWAY="$CFS_UML_GATEWAY";
elif [ ! "x$conf_uml_gateway" = "x" ]; then
UML_GATEWAY="$conf_uml_gateway";
else
: echo nop;
fi
if [ ! "x$opt_uml_hostname" = "x" ]; then
UML_HOSTNAME="$opt_uml_hostname";
elif [ ! "x$CFS_UML_HOSTNAME" = "x" ]; then
UML_HOSTNAME="$CFS_UML_HOSTNAME";
elif [ ! "x$conf_uml_hostname" = "x" ]; then
UML_HOSTNAME="$conf_uml_hostname";
else
: echo nop;
fi
if [ ! "x$opt_file_contexts" = "x" ]; then
UML_FILE_CONTEXTS="$opt_file_contexts";
elif [ ! "x$CFS_FILE_CONTEXTS" = "x" ]; then
UML_FILE_CONTEXTS="$CFS_FILE_CONTEXTS";
elif [ ! "x$conf_file_contexts" = "x" ]; then
UML_FILE_CONTEXTS="$conf_file_contexts";
else
UML_FILE_CONTEXTS="./file_contexts";
fi
if [ ! "x$opt_home_contexts" = "x" ]; then
UML_HOME_CONTEXTS="$opt_home_contexts";
elif [ ! "x$CFS_HOME_CONTEXTS" = "x" ]; then
UML_HOME_CONTEXTS="$CFS_HOME_CONTEXTS";
elif [ ! "x$conf_home_contexts" = "x" ]; then
UML_HOME_CONTEXTS="$conf_home_contexts";
else
UML_HOME_CONTEXTS="./file_contexts.homedir";
fi
if [ ! "x$opt_selinux_policy" = "x" ]; then
UML_SELINUX_POLICY="$opt_selinux_policy";
elif [ ! "x$CFS_SELINUX_POLICY" = "x" ]; then
UML_SELINUX_POLICY="$CFS_SELINUX_POLICY";
elif [ ! "x$conf_selinux_policy" = "x" ]; then
UML_SELINUX_POLICY="$conf_selinux_policy";
else
: echo nop;
fi
if [ ! "x$opt_uml_new_user" = "x" ]; then
UML_NEW_USER="$opt_uml_new_user";
elif [ ! "x$CFS_NEW_USER" = "x" ]; then
UML_NEW_USER="$CFS_NEW_USER";
elif [ ! "x$conf_uml_new_user" = "x" ]; then
UML_NEW_USER="$conf_uml_new_user";
else
UML_NEW_USER="guest";
fi
if [ ! "x$opt_uml_new_user_gecos" = "x" ]; then
UML_NEW_USER_GECOS="$opt_uml_new_user_gecos";
elif [ ! "x$CFS_NEW_USER_GECOS" = "x" ]; then
UML_NEW_USER_GECOS="$CFS_NEW_USER_GECOS";
elif [ ! "x$conf_uml_new_user_gecos" = "x" ]; then
UML_NEW_USER_GECOS="$conf_uml_new_user_gecos";
else
UML_NEW_USER_GECOS="Guest User,,,";
fi
if [ ! "x$opt_policy_type" = "x" ]; then
UML_POLICY_TYPE="$opt_policy_type";
elif [ ! "x$CFS_POLICY_TYPE" = "x" ]; then
UML_POLICY_TYPE="$CFS_POLICY_TYPE";
elif [ ! "x$conf_policy_type" = "x" ]; then
UML_POLICY_TYPE="$conf_policy_type";
else
UML_POLICY_TYPE="strict";
fi
}
# This function reads the configuration parameters from the various
# sources, and calls the combine_values function above to set the
# configuration variables.
read_cfg() {
# The site given to debootstrap to download initial packages
# from. Also added to the initial sources.list.
MIRRORSITE=http://http.us.debian.org/debian
#MIRRORSITE=http://glaurung.internal.golden-gryphon.com:9999/debian
#MIRRORSITE=http://glaurung.internal.golden-gryphon.com/debian
#MIRRORSITE=file:///var/spool/mirror/debian
#MIRRORSITE=http://192.168.1.10:9999/debian
MY_IP=
UML_BROADCAST=
UML_NETMASK=
UML_MAILNAME=
UML_DOMAIN=
UML_NS1=
UML_NS2=
UML_NS3=
UML_IP=192.168.1.13
UML_NETWORK=
MY_ETH0=
UML_DEB_RELEASE=sid
UML_IMAGE="root_fs"
UML_MOUNT_TMPFS="no"
UML_MEM=256M
UML_GATEWAY=
UML_HOSTNAME=cinder
UML_NEW_USER=
UML_NEW_USER_GECOS=
UML_POLICY_TYPE=
# Command line
TEMP=$(getopt -a -s bash -o h -n 'createfs' -- "$@")
if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi
# Note the quotes around `$TEMP': they are essential!
eval set -- "$TEMP"
while true ; do
case "$1" in
-h) usageversion; exit 0 ; shift ;;
--) shift ; break ;;
*) echo >&2 "Internal error!($1)"
usageversion; exit 1 ;;
esac
done
# Load site defaults and over rides.
if [ -f /etc/createfs.conf ]; then
. /etc/createfs.conf
fi
# Load user defaults and over rides.
if [ -f ./createfs.conf ]; then
. ./createfs.conf
elif [ -f ~/.createfs.conf ]; then
. ~/.createfs.conf
fi
combine_values;
# Check for all configured network devices
DEVICES=$(ifconfig | sed 's/ .*//' | egrep -v '^lo|^ *$')
for dev in $DEVICES; do
if ifconfig $dev | grep RUNNING >& /dev/null ; then
if [ -z "$MY_IP" ]; then
MY_IP=$(ifconfig $dev | \
perl -nle 'm/inet addr:(\d+\.\d+\.\d+\.\d+)/m && print $1;')
fi
if [ -z "$UML_NETMASK" ]; then
UML_NETMASK=$(ifconfig $dev | \
perl -nle 'm/Mask:(\d+\.\d+\.\d+\.\d+)/m && print $1;')
fi
if [ -z "$UML_BROADCAST" ]; then
UML_BROADCAST=$(ifconfig $dev | \
perl -nle 'm/Bcast:(\d+\.\d+\.\d+\.\d+)/m && print $1;')
fi
if [ -z "$UML_NETWORK" ]; then
UML_NETWORK=$(route -n | grep $dev | grep -v ^0.0.0.0 | awk '{print $1;}' | head -n 1)
fi
break;
fi
done
if [ -z "$UML_GATEWAY" ]; then
UML_GATEWAY=$MY_IP
fi
if [ -z "$UML_MAILNAME" ]; then
UML_MAILNAME=$(cat /etc/mailname)
fi
if [ -z "$UML_DOMAIN" ]; then
UML_DOMAIN=$(dnsdomainname)
fi
if [ -z "$UML_NETWORK" ]; then
UML_NETWORK=$(echo ${MY_IP} | perl -ple 's/\.[0-9]+$/.0/')
fi
if [ -z "$UML_BROADCAST" ]; then
UML_BROADCAST=255.255.255.0
fi
if [ -z "$UML_NS1" ]; then
eval $(perl -e 'while(<>){chomp;next if m/^nameserver\s+127.0.0.1/;next unless m/^nameserver\s+(\S+)/;$N{++$i}=$1;};for (sort keys %N){print "export UML_NS$_=$N{$_}\n";}' /etc/resolv.conf)
fi
MY_ETH0=tuntap,,,$MY_IP
OTHERMIRROR="deb http://security.debian.org stable/updates main contrib non-free
deb http://http.us.debian.org/debian $UML_DEB_RELEASE main contrib non-free
"
# Read the configuration file
if [ -f $HOME/.creatfsrc ]; then
. $HOME/.creatfsrc
fi
}
#
# Set up the root_fs
# Here we create a sparse 1GB partition, create an ext3 file system
# on that sparse partition. Since the FS is sparse, the disk usage is
# initially small, and the actual size of the file grows as required.
#
initiate_image () {
echo >&2 "Creating a Sparse File system"
if test -e ${UML_IMAGE}; then mv -f ${UML_IMAGE} ${UML_IMAGE}.old; fi
$action dd if=/dev/zero of=${UML_IMAGE} bs=$((1024 * 1024)) count=0 seek=1024
$action mke2fs -j -F ${UML_IMAGE}
}
#
# Create a dir where we can mount the root_fs, and mount it. This
# allows us to create the initial Debian install on that file system.
#
mount_image () {
echo >&2 "Mount the file system just created via loopback"
if [ ! -d mounted ]; then
mkdir mounted
else
umount mounted || true
fi
# Note: only root can do this
$action mount -o loop ${UML_IMAGE} ./mounted/
trap 'test -d mounted && umount mounted' ERR
}
#
# Here is where we do a basic installation. The only changes to the
# default are that we install postfix rather than exim4 (better
# support in SELinux policy), and we install all the selinux related
# packages to be found in the main Debian archive.
#
configure_postfix() {
postfix_addons="postfix,libsasl2"
postfix_removals="exim4,exim4-base,exim4-config,exim4-daemon-light"
if [ -n "$DEBOOTSTRAP_EXCLUDE" ]; then
DEBOOTSTRAP_EXCLUDE="$DEBOOTSTRAP_EXCLUDE,$postfix_removals"
else
DEBOOTSTRAP_EXCLUDE="$postfix_removals"
fi
if [ -n "$DEBOOTSTRAP_INCLUDE" ]; then
DEBOOTSTRAP_INCLUDE="$DEBOOTSTRAP_INCLUDE,$postfix_addons"
else
DEBOOTSTRAP_INCLUDE="$postfix_addons"
fi
}
configure_selinux() {
selinux_addons="checkpolicy,selinux-utils,gettext"
if [ -n "$DEBOOTSTRAP_INCLUDE" ]; then
DEBOOTSTRAP_INCLUDE="$DEBOOTSTRAP_INCLUDE,$selinux_addons"
else
DEBOOTSTRAP_INCLUDE="$selinux_addons"
fi
}
basic_install () {
# Create a basic Debian install
echo >&2 "Preparing to install"
inc_exc=
inc_incl=
if [ -n "$DEBOOTSTRAP_EXCLUDE" ]; then
inc_exc="--exclude=$DEBOOTSTRAP_EXCLUDE"
fi
if [ -n "$DEBOOTSTRAP_INCLUDE" ]; then
inc_incl="--include=$DEBOOTSTRAP_INCLUDE"
fi
$action debootstrap --resolve-deps $inc_exc $inc_incl --verbose $UML_DEB_RELEASE \
./mounted/ $MIRRORSITE
#echo >&2 "moving mounted/lib/tls to avoid NPTL issues"
#if [ -d mounted/lib/tls ]; then
# $action mv mounted/lib/tls mounted/lib/tls.save
#fi
echo >&2 "Removing old-style pseudo-tty's,"
$action rm -f mounted/dev/[tp]ty[abcdepqrstuvwxyz][0-9a-f]
builtin cd mounted/dev
$action ./MAKEDEV ubd
builtin cd ../..
}
setup_network () {
echo >&2 "Setting up networking .. interfaces"
$action test -L mounted/etc/network/run && rm -f mounted/etc/network/run
$action test -d mounted/etc/network/run || mkdir -p mounted/etc/network/run
cat >mounted/etc/network/interfaces<<EOF
auto lo
iface lo inet loopback
# The first network card - this entry was created during the Debian installation
auto eth0
iface eth0 inet dhcp
## If you want a static interface, comment out the line above
## and uncomment the lines below
#iface eth0 inet static
# address $UML_IP
# netmask $UML_NETMASK
# network $UML_NETWORK
# broadcast $UML_BROADCAST
# gateway $UML_GATEWAY
EOF
}
setup_name () {
echo >&2 "Setting up name mailname .. hostname .. hosts .. resolv.conf .."
echo $UML_MAILNAME >mounted/etc/mailname
echo $UML_HOSTNAME >mounted/etc/hostname
echo >&2 "Setting up Nameservers: \"UML_NS1\" \"$UML_NS2\" \"$UML_NS3\" \"$UML_DOMAIN\" "
test -n "$UML_NS1" && echo "nameserver $UML_NS1" > mounted/etc/resolv.conf
test -n "$UML_NS2" && echo "nameserver $UML_NS2" >> mounted/etc/resolv.conf
test -n "$UML_NS3" && echo "nameserver $UML_NS3" >> mounted/etc/resolv.conf
test -n "$UML_DOMAIN" && echo "search $UML_DOMAIN" >> mounted/etc/resolv.conf
echo "Setting up hosts file"
cat >mounted/etc/hosts<<EOF
127.0.0.1 localhost
$UML_IP $UML_HOSTNAME.$UML_DOMAIN $UML_HOSTNAME
# The following lines are desirable for IPv6 capable hosts
# (added automatically by netbase upgrade)
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
EOF
}
setup_postfix() {
echo >&2 " /etc/default/postfix"
echo SYNC_CHROOT= > mounted/etc/default/postfix
$action mv mounted/etc/postfix/master.cf mounted/etc/postfix/master.cf.dist
$action perl -ple 's/^(\w+\s+(inet|fifo|unix)\s+[-n]\s+[-n]\s+)-(.*)$/${1}n$2/g;' \
mounted/etc/postfix/master.cf.dist > mounted/etc/postfix/master.cf
}
setup_misc () {
echo >&2 "Setting up miscellaneous files "
if [ -e mounted/etc/init.d/setserial ]; then
$action mv mounted/etc/init.d/setserial mounted/etc/init.d/setserial.dpkg-old
fi
echo >&2 "Disable all the 'hwclock' scripts "
$action find mounted/etc/rc*d -name '*hwclock*' -print0 | xargs -0r rm
echo >&2 "Fix /etc/init.d/udev "
if [ -e mounted/etc/init.d/udev ]; then
cat >mounted/etc/udev.patch<<'EOF'
--- mounted/etc/init.d/udev 2006-09-03 05:15:35.000000000 -0500
+++ old/etc/init.d/udev 2006-09-10 20:02:37.000000000 -0500
@@ -34,8 +34,9 @@
log_failure_msg "udev requires tmpfs support, not started."
log_end_msg 1
fi
-
mkdir -p /dev/.static/dev
+ # relabel the new tmpfs accordingly
+ [ -x /sbin/restorecon ] && /sbin/restorecon /dev /dev/.static /dev/.static/dev
chmod 700 /dev/.static/
mount -n --move /lib/udev/devices /dev/.static/dev
}
@@ -52,6 +53,7 @@
make_extra_nodes() {
if [ "$(echo /lib/udev/devices/*)" != "/lib/udev/devices/*" ]; then
cp --archive --update /lib/udev/devices/* /dev/
+ [ -x /sbin/restorecon ] && /sbin/restorecon /dev/*
fi
[ -e /etc/udev/links.conf ] || return 0
@@ -64,6 +66,7 @@
M) mknod -m 600 /dev/$name $arg1 ;;
*) log_warning_msg "links.conf: unparseable line ($type $name $arg1)" ;;
esac
+ [ -x /sbin/restorecon ] && /sbin/restorecon /dev/$name >/dev/null 2>/dev/null
done
}
EOF
patch -p0 mounted/etc/init.d/udev < mounted/etc/udev.patch
rm mounted/etc/udev.patch
fi
echo >&2 " /etc/fstab"
cat >mounted/etc/fstab<<EOF
/dev/ubda / ext3 defaults 0 1
proc /proc proc defaults 0 0
# example of using hostfs. Use with the command line hostfs=/usr/local/src/arch,apend
# assuming, of course, the host has a existing directory /usr/local/src/arch
none /mnt hostfs /usr/local/src/arch,noauto 0 0
EOF
echo >&2 " /etc/syslog.conf"
cat >mounted/etc/syslog.conf<<'EOF'
# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.
#
# First some standard logfiles. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
uucp.* /var/log/uucp.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
# Logging for INN news system
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
#
# Some catch-all logfiles.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg *
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8
# The named pipe /dev/xconsole is for the xconsole utility. To use it,
# you must invoke xconsole with the -file option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
#daemon.*;mail.*;\
# news.crit;news.err;news.notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn |/dev/xconsole
EOF
}
# Changes the standard cron file; commenting out the backup of the
# shadow file; since cron does not have access to that under SELinux
fix_cron() {
test -d mounted/etc/cron.daily || mkdir -p mounted/etc/cron.daily
chroot mounted /etc/init.d/cron stop
echo >&2 " /etc/cron.daily/standard"
cat > mounted/etc/cron.daily/standard<<'EOSTD'
#!/bin/sh
# /etc/cron.daily/standard: standard daily maintenance script
# Written by Ian A. Murdock <[EMAIL PROTECTED]>
# Modified by Ian Jackson <[EMAIL PROTECTED]>
# Modified by Steve Greenland <[EMAIL PROTECTED]>
bak=/var/backups
LOCKFILE=/var/lock/cron.daily
umask 022
#
# Avoid running more than one at a time
#
if [ -x /usr/bin/lockfile-create ] ; then
lockfile-create $LOCKFILE
if [ $? -ne 0 ] ; then
cat <<EOF
Unable to run /etc/cron.daily/standard because lockfile $LOCKFILE
acquisition failed. This probably means that the previous day's
instance is still running. Please check and correct if necessary.
EOF
exit 1
fi
# Keep lockfile fresh
lockfile-touch $LOCKFILE &
LOCKTOUCHPID="$!"
fi
#
# Backup key system files
#
if cd $bak ; then
cmp -s passwd.bak /etc/passwd || (cp -p /etc/passwd passwd.bak &&
chmod 600 passwd.bak)
cmp -s group.bak /etc/group || (cp -p /etc/group group.bak &&
chmod 600 group.bak)
# if [ -f /etc/shadow ] ; then
# cmp -s shadow.bak /etc/shadow || (cp -p /etc/shadow shadow.bak &&
# chmod 600 shadow.bak)
# fi
if [ -f /etc/gshadow ] ; then
cmp -s gshadow.bak /etc/gshadow || (cp -p /etc/gshadow gshadow.bak &&
chmod 600 gshadow.bak)
fi
fi
if cd $bak ; then
if ! cmp -s dpkg.status.0 /var/lib/dpkg/status ; then
cp -p /var/lib/dpkg/status dpkg.status
savelog -c 7 dpkg.status >/dev/null
fi
fi
#
# Check to see if any files are in lost+found directories and warn admin
#
# Get a list of the (potential) ext2 and ext3 l+f directories
lflist=$(df -P --type=ext2 --type=ext3 |awk '$6 == "/" {$6 = ""} /\/dev\// {printf "%s/lost+found ", $6}')
# In each directory, look for files
for lfdir in $lflist ; do
if [ -d "$lfdir" ] ; then
more_lost_found=$(ls -1 "$lfdir" | grep -v 'lost+found$' | sed 's/^/ /')
if [ -n "$more_lost_found" ] ; then
lost_found="$lost_found
$lfdir:
$more_lost_found"
# NOTE: above weird line breaks in string are intentional!
fi
fi
done
if [ -n "$lost_found" ]; then
cat << EOF
Files were found in lost+found directories. This is probably
the result of a crash or bad shutdown, or possibly of a disk
problem. These files may contain important information. You
should examine them, and move them out of lost+found or delete
them if they are not important.
The following files were found:
$lost_found
EOF
fi
#
# Clean up lockfile
#
if [ -x /usr/bin/lockfile-create ] ; then
kill $LOCKTOUCHPID
lockfile-remove $LOCKFILE
fi
EOSTD
}
# change the syslog init file to not create /dev/xconsole, since that
# contravenes SELinux policy
fix_sysklogd() {
echo >&2 " /etc/init.d/sysklogd"
cat > mounted/etc/init.d/sysklogd<<'EOF'
#! /bin/sh
# /etc/init.d/sysklogd: start the system log daemon.
PATH=/bin:/usr/bin:/sbin:/usr/sbin
pidfile=/var/run/syslogd.pid
binpath=/sbin/syslogd
test -x $binpath || exit 0
# Options for start/restart the daemons
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD=""
create_xconsole()
{
:echo no > /dev/null
# if [ ! -e /dev/xconsole ]; then
# mknod -m 640 /dev/xconsole p
# else
# chmod 0640 /dev/xconsole
# fi
# chown root:adm /dev/xconsole
}
running()
{
# No pidfile, probably no daemon present
#
if [ ! -f $pidfile ]
then
return 1
fi
pid=$(cat $pidfile)
# No pid, probably no daemon present
#
if [ -z "$pid" ]
then
return 1
fi
if [ ! -d /proc/$pid ]
then
return 1
fi
cmd=$(cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1)
# No syslogd?
#
if [ "$cmd" != "$binpath" ]
then
return 1
fi
return 0
}
case "$1" in
start)
echo -n "Starting system log daemon: syslogd"
#create_xconsole
start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD
echo "."
;;
stop)
echo -n "Stopping system log daemon: syslogd"
start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile
echo "."
;;
reload|force-reload)
echo -n "Reloading system log daemon: syslogd"
start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile
echo "."
;;
restart)
echo -n "Restarting system log daemon: syslogd"
start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile
sleep 1
start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD
echo "."
;;
reload-or-restart)
if running
then
echo -n "Reloading system log daemon: syslogd"
start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile
else
echo -n "Restarting system log daemon: syslogd"
start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD
fi
echo "."
;;
*)
echo "Usage: /etc/init.d/sysklogd {start|stop|reload|restart|force-reload|reload-or-restart}"
exit 1
esac
exit 0
EOF
}
setup_selinux_policy_changes() {
echo >&2 "Setting up local SELinux policy files for use later"
echo "HOME=/home" > mounted/etc/default/useradd
echo "LU_HOMEDIRECTORY=/home" > mounted/etc/libuser.conf
cat >mounted/root/post-install.sh<<EOF
#!/bin/bash
set -x
/bin/true | apt-get -fy install selinux-policy-refpolicy-${UML_POLICY_TYPE}
dpkg --configure --pending
if [ -x /sbin/setfiles ]; then
test -e /etc/selinux/refpolicy-${UML_POLICY_TYPE}/contexts/files/file_contexts && \
setfiles -vv /etc/selinux/refpolicy-${UML_POLICY_TYPE}/contexts/files/file_contexts /
test -e /etc/selinux/refpolicy-${UML_POLICY_TYPE}/contexts/files/file_contexts.homedir && \
setfiles -vv /etc/selinux/refpolicy-${UML_POLICY_TYPE}/contexts/files/file_contexts.homedir /
fi
/usr/sbin/setfilecon system_u:object_r:udev_exec_t /etc/init.d/udev
/usr/sbin/setfilecon system_u:object_r:fsadm_exec_t /etc/init.d/check\*.sh
# schedule a relabeling for the next reboot
touch /.autorelabel
EOF
}
install_selinux_std() {
if [ -e key.asc ]; then
cp key.asc mounted/root/
chroot mounted apt-key add /root/key.asc
fi
test ! -f mounted/selinux && mkdir mounted/selinux
chroot mounted apt-get update
chroot mounted apt-get -fy upgrade
chroot mounted apt-get -fy install policycoreutils
chroot mounted apt-get clean
if [ -f mounted//etc/pam.d/login ]; then
if ! grep pam_selinux.so mounted//etc/pam.d/login >& /dev/null; then
echo "" >> mounted//etc/pam.d/login
echo "session required pam_selinux.so multiple" >> mounted//etc/pam.d/login
echo "" >> mounted//etc/pam.d/login
fi
fi
if [ -f mounted//etc/pam.d/ssh ]; then
if ! grep pam_selinux.so mounted//etc/pam.d/ssh >& /dev/null; then
echo "" >> mounted//etc/pam.d/ssh
echo "session required pam_selinux.so multiple" >> mounted//etc/pam.d/ssh
echo "" >> mounted//etc/pam.d/ssh
fi
fi
if [ -e mounted/etc/selinux/config ]; then
perl -pli~ -e "s/SELINUXTYPE=refpolicy-targeted/SELINUXTYPE=refpolicy-${UML_POLICY_TYPE}/" mounted/etc/selinux/config
rm mounted/etc/selinux/config~
fi
if [ -n "$UML_SELINUX_POLICY" ] && [ -e "$UML_SELINUX_POLICY" ]; then
test ! -d mounted/etc/selinux/refpolicy-${UML_POLICY_TYPE}/policy && \
mkdir -p mounted/etc/selinux/refpolicy-${UML_POLICY_TYPE}/policy
cp -f "$UML_SELINUX_POLICY" mounted/etc/selinux/refpolicy-${UML_POLICY_TYPE}/policy/
fi
if [ -n "$UML_FILE_CONTEXTS" ] && [ -e "$UML_FILE_CONTEXTS" ]; then
cp -f "$UML_FILE_CONTEXTS" mounted/etc/file_contexts
chroot mounted setfiles -vv /etc/file_contexts /
rm -f mounted/etc/file_contexts
fi
if [ -n "$UML_HOME_CONTEXTS" ] && [ -e "$UML_HOME_CONTEXTS" ]; then
cp -f "$UML_HOME_CONTEXTS" mounted/etc/file_contexts.homedir
chroot mounted setfiles -vv /etc/file_contexts.homedir /
rm -f mounted/etc/file_contexts.homedir
fi
chroot mounted /usr/sbin/setfilecon system_u:object_r:udev_exec_t /etc/init.d/udev
chroot mounted /usr/sbin/setfilecon system_u:object_r:fsadm_exec_t /etc/init.d/check*.sh
}
setup_shell() {
cat >mounted/root/.bashrc<<'EOF'
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
# If not running interactively, don't do anything
[ -z "$PS1" ] && return
# don't put duplicate lines in the history. See bash(1) for more options
#export HISTCONTROL=ignoredups
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(lesspipe)"
# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "$debian_chroot" -a -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color)
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;[EMAIL PROTECTED]:\[\033[01;34m\]\w\[\033[00m\]\$ '
;;
*)
PS1='${debian_chroot:+($debian_chroot)[EMAIL PROTECTED]:\w\$ '
;;
esac
# Comment in the above and uncomment this below for a color prompt
#PS1='${debian_chroot:+($debian_chroot)}\[\033[01;[EMAIL PROTECTED]:\[\033[01;34m\]\w\[\033[00m\]\$ '
# If this is an xterm set the title to [EMAIL PROTECTED]:dir
case "$TERM" in
xterm*|rxvt*)
PROMPT_COMMAND='echo -ne "\033]0;[EMAIL PROTECTED]: ${PWD/$HOME/~}\007"'
;;
*)
;;
esac
# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
alias d-b="dpkg-buildpackage -D -i'\+\+pristine-trees|\+\+saved.*|,,.*' -rfakeroot"
# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
if [ "$TERM" != "dumb" ]; then
eval "`dircolors -b`"
alias ls='ls --color=auto'
alias dir='ls --color=auto --format=vertical'
alias vdir='ls --color=auto --format=long'
alias l='ls --color=auto -AsCF'
alias lt="ls --color=auto -tAsCF "
alias lu="ls --color=auto -uAsCF "
alias llx="ls --color=auto -XAsCF "
alias ll="ls --color=auto -Als "
alias llt="ls --color=auto -tAls "
alias llc="ls --color=auto -cAls "
alias llu="ls --color=auto -uAls "
alias lls="ls --color=auto -SAls "
alias llx="ls --color=auto -XAls "
else
alias l='ls -AsCF'
alias lt="ls -tAsCF "
alias lu="ls -uAsCF "
alias llx="ls -XAsCF "
alias ll="ls -Als "
alias llt="ls -tAls "
alias llc="ls -cAls "
alias llu="ls -uAls "
alias lls="ls -SAls "
alias llx="ls -XAls "
fi
alias cx="chmod ugo+x "
alias h='history'
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
EOF
cp mounted/root/.bashrc mounted/etc/skel
chroot mounted adduser --disabled-password --gecos "$UML_NEW_USER_GECOS" $UML_NEW_USER
echo >&2 Set root passwd
chroot mounted passwd
echo >&2 Set user passwd for $UML_NEW_USER
chroot mounted passwd $UML_NEW_USER
}
read_cfg;
initiate_image;
mount_image;
# Configure the packages we want
#configure_postfix;
configure_selinux;
basic_install;
# Various configurations
setup_name;
setup_network;
#setup_postfix;
setup_misc;
# setup aliases and the like
setup_shell;
# The following are SELinux related
fix_cron;
fix_sysklogd;
setup_selinux_policy_changes;
# This does the down grades that selinux uses
install_selinux_std;
cd $WORKING_DIR
umount mounted || echo "Could not un mount mounted"
#allow user_t nfs_t:dir { add_name getattr read search write };
#allow user_t nfs_t:file { create getattr read write };
--
"Problem solving under linux has never been the circus that it is
under AIX." (By Pete Ehlke in comp.unix.aix)
Manoj Srivastava <[EMAIL PROTECTED]> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
User-mode-linux-user mailing list
User-mode-linux-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
