Add custom LXC with fixed -g/-u for lxc-execute/attach
This commit is contained in:
parent
ff3d37517f
commit
692571a7f8
176
apk/lxc/APKBUILD
Normal file
176
apk/lxc/APKBUILD
Normal file
@ -0,0 +1,176 @@
|
||||
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
|
||||
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
|
||||
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
|
||||
pkgname=lxc
|
||||
pkgver=3.2.1
|
||||
_pkgver=${pkgver/_rc/.rc}
|
||||
pkgrel=2
|
||||
pkgdesc="Userspace interface for the Linux kernel containment features"
|
||||
url="https://linuxcontainers.org/lxc/"
|
||||
arch="all"
|
||||
license="GPL-2.0-only"
|
||||
makedepends="
|
||||
libcap-dev
|
||||
libcap-static
|
||||
libseccomp-dev
|
||||
linux-pam-dev
|
||||
linux-headers
|
||||
bsd-compat-headers
|
||||
docbook2x
|
||||
|
||||
automake
|
||||
autoconf
|
||||
libtool
|
||||
"
|
||||
|
||||
options="suid"
|
||||
subpackages="
|
||||
$pkgname-dev
|
||||
$pkgname-doc
|
||||
$pkgname-openrc
|
||||
$pkgname-lvm::noarch
|
||||
$pkgname-libs
|
||||
$pkgname-bridge::noarch
|
||||
$pkgname-bash-completion:bashcomp:noarch
|
||||
$pkgname-pam
|
||||
$pkgname-download:_download:noarch
|
||||
$pkgname-templates-oci:templates_oci:noarch
|
||||
$pkgname-templates::noarch
|
||||
"
|
||||
|
||||
source="https://linuxcontainers.org/downloads/lxc/lxc-$_pkgver.tar.gz
|
||||
cgroups-initialize-cpuset-properly.patch
|
||||
network-restore-ability-to-move-nl80211-devices.patch
|
||||
execute-attach-user-group.patch
|
||||
lxc.initd
|
||||
lxc.confd
|
||||
"
|
||||
|
||||
# secfixes:
|
||||
# 3.1.0-r1:
|
||||
# - CVE-2019-5736
|
||||
# 2.1.1-r9:
|
||||
# - CVE-2018-6556
|
||||
#
|
||||
|
||||
_tmpldir="usr/share/lxc/templates"
|
||||
|
||||
build() {
|
||||
./configure \
|
||||
--build=$CBUILD \
|
||||
--host=$CHOST \
|
||||
--prefix=/usr \
|
||||
--sysconfdir=/etc \
|
||||
--localstatedir=/var \
|
||||
--disable-apparmor \
|
||||
--enable-pam \
|
||||
--with-distro=alpine \
|
||||
--disable-werror \
|
||||
--enable-doc
|
||||
make
|
||||
}
|
||||
|
||||
check() {
|
||||
make check
|
||||
}
|
||||
|
||||
package() {
|
||||
make DESTDIR="$pkgdir" install
|
||||
|
||||
install -Dm755 "$srcdir"/lxc.initd "$pkgdir"/etc/init.d/lxc
|
||||
install -Dm644 "$srcdir"/lxc.confd "$pkgdir"/etc/conf.d/lxc
|
||||
install -d "$pkgdir"/var/lib/lxc
|
||||
|
||||
# Remove useless config for SysVinit.
|
||||
rm -r "$pkgdir"/etc/default
|
||||
}
|
||||
|
||||
lvm() {
|
||||
pkgdesc="LVM support for LXC"
|
||||
depends="$pkgname=$pkgver-r$pkgrel lvm2 util-linux"
|
||||
install_if="$pkgname=$pkgver-r$pkgrel lvm2"
|
||||
mkdir "$subpkgdir"
|
||||
}
|
||||
|
||||
_py3() {
|
||||
pkgdesc="Python3 module for LXC"
|
||||
depends="python3"
|
||||
mkdir -p "$subpkgdir"/usr/lib
|
||||
mv "$pkgdir"/usr/lib/python3.* "$subpkgdir"/usr/lib
|
||||
}
|
||||
|
||||
_download() {
|
||||
pkgdesc="LXC container image downloader template"
|
||||
depends="$pkgname gnupg1 tar wget"
|
||||
|
||||
mkdir -p "$subpkgdir"/$_tmpldir
|
||||
mv "$pkgdir"/$_tmpldir/lxc-download "$subpkgdir"/$_tmpldir/
|
||||
}
|
||||
|
||||
templates() {
|
||||
pkgdesc="Templates for LXC (except alpine and download)"
|
||||
depends="tar"
|
||||
mkdir -p "$subpkgdir"/$_tmpldir
|
||||
mv "$pkgdir"/$_tmpldir/* "$subpkgdir"/$_tmpldir/
|
||||
}
|
||||
|
||||
templates_oci() {
|
||||
pkgdesc="OCI Template for LXC"
|
||||
depends="bash jq"
|
||||
mkdir -p "$subpkgdir"/usr/share/lxc/templates
|
||||
mv "$pkgdir"/usr/share/lxc/templates/lxc-oci \
|
||||
"$subpkgdir"/usr/share/lxc/templates/
|
||||
}
|
||||
|
||||
pam() {
|
||||
pkgdesc="PAM module for LXC"
|
||||
mkdir -p "$subpkgdir"/lib/security
|
||||
mv "$pkgdir"/lib/security/pam_cgfs.so "$subpkgdir"/lib/security/
|
||||
}
|
||||
|
||||
dev() {
|
||||
default_dev
|
||||
# fix abuild smartness
|
||||
mv "$subpkgdir"/usr/bin/lxc-config "$pkgdir"/usr/bin/
|
||||
mv "$subpkgdir"/usr/bin/lxc-update-config "$pkgdir"/usr/bin/
|
||||
}
|
||||
|
||||
bridge() {
|
||||
depends="dnsmasq"
|
||||
pkgdesc="Bridge interface for LXC with dhcp"
|
||||
mkdir -p "$subpkgdir"/etc/conf.d \
|
||||
"$subpkgdir"/etc/init.d \
|
||||
"$subpkgdir"/etc/lxc
|
||||
|
||||
ln -s dnsmasq "$subpkgdir"/etc/init.d/dnsmasq.lxcbr0
|
||||
cat >>"$subpkgdir"/etc/conf.d/dnsmasq.lxcbr0 <<- EOF
|
||||
rc_before="lxc"
|
||||
BRIDGE_ADDR="10.0.3.1"
|
||||
BRIDGE_NETMASK="255.255.255.0"
|
||||
BRIDGE_NETWORK="10.0.3.0/24"
|
||||
BRIDGE_DHCP_RANGE="10.0.3.2,10.0.3.254"
|
||||
BRIDGE_DHCP_MAX="253"
|
||||
BRIDGE_MAC="00:16:3e:00:00:00"
|
||||
DNSMASQ_CONFFILE="/etc/lxc/dnsmasq.conf"
|
||||
EOF
|
||||
cat >>"$subpkgdir"/etc/lxc/dnsmasq.conf <<- EOF
|
||||
#dhcp-host=somehost,10.0.3.3
|
||||
#dhcp-host=otherhost,10.0.3.4
|
||||
EOF
|
||||
}
|
||||
|
||||
bashcomp() {
|
||||
depends=""
|
||||
pkgdesc="Bash completions for $pkgname"
|
||||
install_if="$pkgname=$pkgver-r$pkgrel bash-completion"
|
||||
mkdir -p "$subpkgdir"/usr/share/bash-completion/completions
|
||||
mv "$pkgdir"/etc/bash_completion.d/$pkgname "$subpkgdir"/usr/share/bash-completion/completions
|
||||
rmdir "$pkgdir"/etc/bash_completion.d
|
||||
}
|
||||
|
||||
sha512sums="4b3046fc6c4aa497fb26bd45839e60de503184af86d3966e796d14e619203536b9a9ed67bdcd8a108cf1a548f8d095fb46dff53094a08abd8d268c866db685c0 lxc-3.2.1.tar.gz
|
||||
2bebe6cc24987354b6e7dc9003c3a4df450ca10263e6dc0e9313977fdfc2eb57c0d68560da4d1071c8de2f8e3e394ed3ca17af445bea524daa5f8ae8955b3ba6 cgroups-initialize-cpuset-properly.patch
|
||||
d302b7296918680901d034dc12ae0687dbbc65766800a9f7256e661f638d3dcad66bcc737aec2c6de8c27d3b9c08833e00420c2064f356d6d73efda9ae9bd707 network-restore-ability-to-move-nl80211-devices.patch
|
||||
a26cd718760e73309a686242b03c5de5ceff17ab9c348438cd19d2d875696e5c788f0e04d66dd01e08449754c14ce2b7cc1dfc1bac2a64429ccf4462f8aa93a5 execute-attach-user-group.patch
|
||||
b74ffe7c3e8f193265a90ffeb6e5743b1212bc1416b898e5a7e59ddd7f06fc77dc34e2dcbb3614038ac6222a95e2b9beb9f03ab734c991837203ab626b1b091f lxc.initd
|
||||
91de43db5369a9e10102933514d674e9c875218a1ff2910dd882e5b9c308f9e430deacb13d1d7e0b2ed1ef682d0bb035aa6f8a6738f54fa2ca3a05acce04e467 lxc.confd"
|
33
apk/lxc/cgroups-initialize-cpuset-properly.patch
Normal file
33
apk/lxc/cgroups-initialize-cpuset-properly.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From b31d62b847a3ee013613795094cce4acc12345ef Mon Sep 17 00:00:00 2001
|
||||
From: Christian Brauner <christian.brauner@ubuntu.com>
|
||||
Date: Sun, 28 Jul 2019 23:13:26 +0200
|
||||
Subject: [PATCH] cgroups: initialize cpuset properly
|
||||
|
||||
Closes #3108.
|
||||
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
||||
---
|
||||
src/lxc/cgroups/cgfsng.c | 10 +++++-----
|
||||
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
|
||||
index 7b8fe6736f..c29c0958e9 100644
|
||||
--- a/src/lxc/cgroups/cgfsng.c
|
||||
+++ b/src/lxc/cgroups/cgfsng.c
|
||||
@@ -496,12 +496,12 @@ static bool cg_legacy_filter_and_set_cpus(char *path, bool am_initialized)
|
||||
}
|
||||
|
||||
if (!flipped_bit) {
|
||||
- DEBUG("No isolated or offline cpus present in cpuset");
|
||||
- return true;
|
||||
+ cpulist = lxc_cpumask_to_cpulist(possmask, maxposs);
|
||||
+ TRACE("No isolated or offline cpus present in cpuset");
|
||||
+ } else {
|
||||
+ cpulist = move_ptr(posscpus);
|
||||
+ TRACE("Removed isolated or offline cpus from cpuset");
|
||||
}
|
||||
- DEBUG("Removed isolated or offline cpus from cpuset");
|
||||
-
|
||||
- cpulist = lxc_cpumask_to_cpulist(possmask, maxposs);
|
||||
if (!cpulist) {
|
||||
ERROR("Failed to create cpu list");
|
||||
return false;
|
53
apk/lxc/execute-attach-user-group.patch
Normal file
53
apk/lxc/execute-attach-user-group.patch
Normal file
@ -0,0 +1,53 @@
|
||||
--- a/src/lxc/tools/lxc_attach.c
|
||||
+++ b/src/lxc/tools/lxc_attach.c
|
||||
@@ -153,6 +153,8 @@
|
||||
.checker = NULL,
|
||||
.log_priority = "ERROR",
|
||||
.log_file = "none",
|
||||
+ .uid = LXC_INVALID_UID,
|
||||
+ .gid = LXC_INVALID_GID,
|
||||
};
|
||||
|
||||
static int my_parser(struct lxc_arguments *args, int c, char *arg)
|
||||
@@ -366,10 +368,10 @@
|
||||
goto out;
|
||||
}
|
||||
|
||||
- if (my_args.uid)
|
||||
+ if (my_args.uid != LXC_INVALID_UID)
|
||||
attach_options.uid = my_args.uid;
|
||||
|
||||
- if (my_args.gid)
|
||||
+ if (my_args.gid != LXC_INVALID_GID)
|
||||
attach_options.gid = my_args.gid;
|
||||
|
||||
if (command.program) {
|
||||
--- a/src/lxc/tools/lxc_execute.c
|
||||
+++ b/src/lxc/tools/lxc_execute.c
|
||||
@@ -84,6 +84,8 @@
|
||||
.log_priority = "ERROR",
|
||||
.log_file = "none",
|
||||
.daemonize = 0,
|
||||
+ .uid = LXC_INVALID_UID,
|
||||
+ .gid = LXC_INVALID_GID,
|
||||
};
|
||||
|
||||
static int my_parser(struct lxc_arguments *args, int c, char *arg)
|
||||
@@ -211,7 +213,7 @@
|
||||
if (!bret)
|
||||
goto out;
|
||||
|
||||
- if (my_args.uid) {
|
||||
+ if (my_args.uid != LXC_INVALID_UID) {
|
||||
char buf[256];
|
||||
|
||||
ret = snprintf(buf, 256, "%d", my_args.uid);
|
||||
@@ -223,7 +225,7 @@
|
||||
goto out;
|
||||
}
|
||||
|
||||
- if (my_args.gid) {
|
||||
+ if (my_args.gid != LXC_INVALID_GID) {
|
||||
char buf[256];
|
||||
|
||||
ret = snprintf(buf, 256, "%d", my_args.gid);
|
10
apk/lxc/lxc.confd
Normal file
10
apk/lxc/lxc.confd
Normal file
@ -0,0 +1,10 @@
|
||||
# Configuration for /etc/init.d/lxc[.*]
|
||||
|
||||
# Enable cgroup for systemd-based containers.
|
||||
#systemd_container=no
|
||||
|
||||
# autostart groups (comma separated)
|
||||
#lxc_group="onboot"
|
||||
|
||||
# Directory for containers' logs (used for symlinked runscripts lxc.*).
|
||||
#logdir="/var/log/lxc"
|
157
apk/lxc/lxc.initd
Normal file
157
apk/lxc/lxc.initd
Normal file
@ -0,0 +1,157 @@
|
||||
#!/sbin/openrc-run
|
||||
# Copyright 1999-2012 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-emulation/lxc/files/lxc.initd.2,v 1.5 2012/07/21 05:07:15 flameeyes Exp $
|
||||
|
||||
extra_started_commands="reboot"
|
||||
|
||||
description="Linux Containers (LXC)"
|
||||
description_reboot="Reboot containers"
|
||||
|
||||
CONTAINER=${SVCNAME#*.}
|
||||
: ${lxc_group:=$LXC_GROUP}
|
||||
: ${systemd_container:=no}
|
||||
: ${logdir:=/var/log/lxc}
|
||||
|
||||
command="/usr/bin/lxc-start"
|
||||
pidfile="/var/run/lxc/$CONTAINER.pid"
|
||||
|
||||
depend() {
|
||||
need localmount sysfs cgroups
|
||||
after firewall net
|
||||
}
|
||||
|
||||
lxc_get_configfile() {
|
||||
local i
|
||||
for i in /var/lib/lxc/${CONTAINER}/config \
|
||||
/etc/lxc/${CONTAINER}.conf \
|
||||
/etc/lxc/${CONTAINER}/config; do
|
||||
if [ -f "$i" ]; then
|
||||
echo "$i"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
eerror "Unable to find a suitable configuration file."
|
||||
eerror "If you set up the container in a non-standard"
|
||||
eerror "location, please set the CONFIGFILE variable."
|
||||
return 1
|
||||
}
|
||||
|
||||
lxc_get_var() {
|
||||
awk 'BEGIN { FS="[ \t]*=[ \t]*" } $1 == "'$1'" { print $2; exit }' ${CONFIGFILE} | cut -d: -f2
|
||||
}
|
||||
|
||||
checkconfig() {
|
||||
if [ ${CONTAINER} = ${SVCNAME} ]; then
|
||||
CONTAINER=
|
||||
return 0
|
||||
fi
|
||||
CONFIGFILE=${CONFIGFILE:-$(lxc_get_configfile)}
|
||||
|
||||
# no need to output anything, the function takes care of that.
|
||||
[ -z "${CONFIGFILE}" ] && return 1
|
||||
|
||||
utsname=$(lxc_get_var lxc.uts.name)
|
||||
if [ "${CONTAINER}" != "${utsname}" ]; then
|
||||
eerror "You should use the same name for the service and the"
|
||||
eerror "lxc.uts.name : Right now the lxc.uts.name is set to : ${utsname}"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
systemd_ctr() {
|
||||
local cmd="$1"
|
||||
# Required for lxc-console and services inside systemd containers.
|
||||
local cgroup=/sys/fs/cgroup/systemd
|
||||
local mnt_opts='rw,nosuid,nodev,noexec,relatime,none,name=systemd'
|
||||
|
||||
case "$cmd" in
|
||||
mount)
|
||||
checkpath -d $cgroup
|
||||
if ! mount | grep $cgroup >/dev/null; then
|
||||
mount -t cgroup -o $mnt_opts cgroup $cgroup
|
||||
fi
|
||||
;;
|
||||
unmount)
|
||||
if mount | grep $cgroup >/dev/null; then
|
||||
umount $cgroup
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
_autostart() {
|
||||
ebegin "$1 LXC containers"
|
||||
shift
|
||||
lxc-autostart --group "$lxc_group" "$@"
|
||||
eend $?
|
||||
}
|
||||
|
||||
start() {
|
||||
checkconfig || return 1
|
||||
if yesno "$systemd_container"; then
|
||||
systemd_ctr mount
|
||||
fi
|
||||
if [ -z "$CONTAINER" ]; then
|
||||
_autostart "Starting"
|
||||
return
|
||||
fi
|
||||
|
||||
rm -f "$logdir"/${CONTAINER}.log
|
||||
|
||||
rootpath=$(lxc_get_var lxc.rootfs.path)
|
||||
# verify that container is not on tmpfs
|
||||
dev=$(df -P "${rootpath}" | awk '{d=$1}; END {print d}')
|
||||
type=$(awk -v dev="$dev" '$1 == dev {m=$3}; END {print m}' /proc/mounts)
|
||||
if [ "$type" = tmpfs ] && ! yesno "$ALLOW_TMPFS"; then
|
||||
eerror "${rootpath} is on tmpfs and ALLOW_TMPFS is not set"
|
||||
return 1
|
||||
fi
|
||||
|
||||
checkpath -d -m 750 -o root:wheel $logdir
|
||||
|
||||
checkpath -d ${pidfile%/*}
|
||||
ebegin "Starting container ${CONTAINER}"
|
||||
start-stop-daemon --start $command \
|
||||
--pidfile $pidfile \
|
||||
-- \
|
||||
--daemon \
|
||||
--pidfile $pidfile \
|
||||
--name ${CONTAINER} \
|
||||
--rcfile ${CONFIGFILE} \
|
||||
--logpriority WARN \
|
||||
--logfile $logdir/${CONTAINER}.log \
|
||||
|| eend $? || return $?
|
||||
lxc-wait -n ${CONTAINER} -t 5 -s RUNNING
|
||||
eend $?
|
||||
}
|
||||
|
||||
stop() {
|
||||
checkconfig || return 1
|
||||
systemd_ctr unmount
|
||||
|
||||
if [ -z "$CONTAINER" ]; then
|
||||
_autostart "Stopping" --shutdown --timeout ${LXC_TIMEOUT:-30}
|
||||
return
|
||||
fi
|
||||
|
||||
ebegin "Stopping container ${CONTAINER}"
|
||||
start-stop-daemon --stop --pidfile ${pidfile} \
|
||||
--retry ${POWEROFF_SIGNAL:-SIGUSR2}/${TIMEOUT:-30} \
|
||||
--progress
|
||||
eend $?
|
||||
}
|
||||
|
||||
reboot() {
|
||||
checkconfig || return 1
|
||||
if [ -z "$CONTAINER" ]; then
|
||||
_autostart "Rebooting" --reboot
|
||||
return
|
||||
fi
|
||||
|
||||
ebegin "Sending reboot signal to container $CONTAINER"
|
||||
start-stop-daemon --signal ${RESTART_SIG:-SIGTERM} \
|
||||
--pidfile ${pidfile}
|
||||
eend $?
|
||||
}
|
||||
|
@ -0,0 +1,91 @@
|
||||
From 3dd7829433f63b2ec1323a1f237efa7d67ea6e2b Mon Sep 17 00:00:00 2001
|
||||
From: Christian Brauner <christian.brauner@ubuntu.com>
|
||||
Date: Fri, 26 Jul 2019 08:20:02 +0200
|
||||
Subject: [PATCH] network: restore ability to move nl80211 devices
|
||||
|
||||
Closes #3105.
|
||||
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
||||
---
|
||||
src/lxc/network.c | 31 +++++++++++++++++--------------
|
||||
1 file changed, 17 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/src/lxc/network.c b/src/lxc/network.c
|
||||
index 9755116ba1..7684f95918 100644
|
||||
--- a/src/lxc/network.c
|
||||
+++ b/src/lxc/network.c
|
||||
@@ -1248,22 +1248,21 @@ static int lxc_netdev_rename_by_name_in_netns(pid_t pid, const char *old,
|
||||
static int lxc_netdev_move_wlan(char *physname, const char *ifname, pid_t pid,
|
||||
const char *newname)
|
||||
{
|
||||
- char *cmd;
|
||||
+ __do_free char *cmd = NULL;
|
||||
pid_t fpid;
|
||||
- int err = -1;
|
||||
|
||||
/* Move phyN into the container. TODO - do this using netlink.
|
||||
* However, IIUC this involves a bit more complicated work to talk to
|
||||
* the 80211 module, so for now just call out to iw.
|
||||
*/
|
||||
cmd = on_path("iw", NULL);
|
||||
- if (!cmd)
|
||||
- goto out1;
|
||||
- free(cmd);
|
||||
+ if (!cmd) {
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
fpid = fork();
|
||||
if (fpid < 0)
|
||||
- goto out1;
|
||||
+ return -1;
|
||||
|
||||
if (fpid == 0) {
|
||||
char pidstr[30];
|
||||
@@ -1274,21 +1273,18 @@ static int lxc_netdev_move_wlan(char *physname, const char *ifname, pid_t pid,
|
||||
}
|
||||
|
||||
if (wait_for_pid(fpid))
|
||||
- goto out1;
|
||||
+ return -1;
|
||||
|
||||
- err = 0;
|
||||
if (newname)
|
||||
- err = lxc_netdev_rename_by_name_in_netns(pid, ifname, newname);
|
||||
+ return lxc_netdev_rename_by_name_in_netns(pid, ifname, newname);
|
||||
|
||||
-out1:
|
||||
- free(physname);
|
||||
- return err;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
int lxc_netdev_move_by_name(const char *ifname, pid_t pid, const char* newname)
|
||||
{
|
||||
+ __do_free char *physname = NULL;
|
||||
int index;
|
||||
- char *physname;
|
||||
|
||||
if (!ifname)
|
||||
return -EINVAL;
|
||||
@@ -3279,13 +3275,20 @@ int lxc_network_move_created_netdev_priv(struct lxc_handler *handler)
|
||||
return 0;
|
||||
|
||||
lxc_list_for_each(iterator, network) {
|
||||
+ __do_free char *physname = NULL;
|
||||
int ret;
|
||||
struct lxc_netdev *netdev = iterator->elem;
|
||||
|
||||
if (!netdev->ifindex)
|
||||
continue;
|
||||
|
||||
- ret = lxc_netdev_move_by_index(netdev->ifindex, pid, NULL);
|
||||
+ if (netdev->type == LXC_NET_PHYS)
|
||||
+ physname = is_wlan(netdev->link);
|
||||
+
|
||||
+ if (physname)
|
||||
+ ret = lxc_netdev_move_wlan(physname, netdev->link, pid, NULL);
|
||||
+ else
|
||||
+ ret = lxc_netdev_move_by_index(netdev->ifindex, pid, NULL);
|
||||
if (ret) {
|
||||
errno = -ret;
|
||||
SYSERROR("Failed to move network device \"%s\" with ifindex %d to network namespace %d",
|
@ -12,6 +12,10 @@ cd ${ROOT}/vm
|
||||
tar czpf /srv/build/vm.tar.gz *
|
||||
|
||||
# Build native apps
|
||||
cd ${ROOT}/apk/lxc
|
||||
apk add -U autoconf automake bsd-compat-headers docbook2x libcap-dev libcap-static libseccomp-dev libtool linux-headers linux-pam-dev
|
||||
abuild -F
|
||||
|
||||
cd ${ROOT}/apk/rabbitmq-server
|
||||
apk add -U elixir erlang-compiler erlang-dev erlang-edoc erlang-eldap erlang-erl-docgen erlang-mnesia erlang-os-mon erlang-runtime-tools erlang-tools erlang-eunit erlang-xmerl gawk grep libxslt py3-simplejson python3 rsync socat xmlto zip
|
||||
abuild -F
|
||||
|
2
vm.sh
2
vm.sh
@ -89,7 +89,7 @@ apk --no-cache add apache2-utils gettext
|
||||
wget https://repo.spotter.cz/vm.tar.gz -O - | tar xzf - -C /mnt
|
||||
envsubst </mnt/boot/extlinux.conf >/mnt/boot/extlinux.conf.new
|
||||
mv /mnt/boot/extlinux.conf.new /mnt/boot/extlinux.conf
|
||||
chroot /mnt apk --no-cache add bridge ca-certificates curl e2fsprogs-extra gettext iptables kbd-misc logrotate postfix nginx openssh-server openssh-sftp-server util-linux wireguard-virt wireguard-tools-wg spoc@vm vmmgr@vm
|
||||
chroot /mnt apk --no-cache add bridge ca-certificates curl e2fsprogs-extra gettext iptables kbd-misc logrotate postfix nginx openssh-server openssh-sftp-server util-linux wireguard-virt wireguard-tools-wg lxc@vm spoc@vm vmmgr@vm
|
||||
chroot /mnt newaliases
|
||||
for SERVICE in cgroups consolefont crond iptables networking nginx ntpd postfix spoc swap urandom vmmgr; do
|
||||
ln -s /etc/init.d/${SERVICE} /mnt/etc/runlevels/boot
|
||||
|
Loading…
x
Reference in New Issue
Block a user