Attachment #6812 for bug #32462

View | Details | Raw Unified | Return to bug 32462
Collapse All | Expand All

Lines 346-352 Link Here

(-)/usr/share/perl5/PVE/LXC.pm.orig (-1 / +1 lines)
346	my $custom_idmap = grep { $_->[0] eq 'lxc.id_map' } @{$conf->{lxc}};	346	my $custom_idmap = grep { $_->[0] eq 'lxc.id_map' } @{$conf->{lxc}};
347		347
348	my $ostype = $conf->{ostype} \|\| die "missing 'ostype' - internal error";	348	my $ostype = $conf->{ostype} \|\| die "missing 'ostype' - internal error";
349	if ($ostype =~ /^(?:debian \| ubuntu \| centos \| fedora \| opensuse \| archlinux \| alpine \| gentoo \| unmanaged)$/x) {	349	if ($ostype =~ /^(?:debian \| ubuntu \| centos \| fedora \| oracle \| opensuse \| altlinux \| archlinux \| alpine \| gentoo \| unmanaged)$/x) {
350	my $inc ="/usr/share/lxc/config/$ostype.common.conf";	350	my $inc ="/usr/share/lxc/config/$ostype.common.conf";
351	$inc ="/usr/share/lxc/config/common.conf" if !-f $inc;	351	$inc ="/usr/share/lxc/config/common.conf" if !-f $inc;
352	$raw .= "lxc.include = $inc\n";	352	$raw .= "lxc.include = $inc\n";

Lines 289-295 Link Here

(-)/usr/share/perl5/PVE/LXC/Config.pm.orig (-1 / +1 lines)
289	ostype => {	289	ostype => {
290	optional => 1,	290	optional => 1,
291	type => 'string',	291	type => 'string',
292	enum => [qw(debian ubuntu centos fedora opensuse archlinux alpine gentoo unmanaged)],	292	enum => [qw(debian ubuntu centos fedora oralce opensuse altlinux archlinux alpine gentoo unmanaged)],
293	description => "OS type. This is used to setup configuration inside the container, and corresponds to lxc setup scripts in /usr/share/lxc/config/<ostype>.common.conf. Value 'unmanaged' can be used to skip and OS specific setup.",	293	description => "OS type. This is used to setup configuration inside the container, and corresponds to lxc setup scripts in /usr/share/lxc/config/<ostype>.common.conf. Value 'unmanaged' can be used to skip and OS specific setup.",
294	},	294	},
295	console => {	295	console => {

Lines 13-18 Link Here

(-)/usr/share/perl5/PVE/LXC/Setup.pm.orig (+8 lines)
13	use PVE::LXC::Setup::ArchLinux;	13	use PVE::LXC::Setup::ArchLinux;
14	use PVE::LXC::Setup::Alpine;	14	use PVE::LXC::Setup::Alpine;
15	use PVE::LXC::Setup::Gentoo;	15	use PVE::LXC::Setup::Gentoo;
		16	use PVE::LXC::Setup::Oracle;
		17	use PVE::LXC::Setup::ALTLinux;
16		18
17	my $plugins = {	19	my $plugins = {
18	debian => 'PVE::LXC::Setup::Debian',	20	debian => 'PVE::LXC::Setup::Debian',
Lines 23-28 Link Here
23	archlinux => 'PVE::LXC::Setup::ArchLinux',	25	archlinux => 'PVE::LXC::Setup::ArchLinux',
24	alpine => 'PVE::LXC::Setup::Alpine',	26	alpine => 'PVE::LXC::Setup::Alpine',
25	gentoo => 'PVE::LXC::Setup::Gentoo',	27	gentoo => 'PVE::LXC::Setup::Gentoo',
		28	oracle => 'PVE::LXC::Setup::Oracle',
		29	altlinux => 'PVE::LXC::Setup::ALTLinux',
26	};	30	};
27		31
28	my $autodetect_type = sub {	32	my $autodetect_type = sub {
Lines 40-45 Link Here
40	return "debian";	44	return "debian";
41	} elsif (-f "$rootdir/etc/SuSE-brand" \|\| -f "$rootdir/etc/SuSE-release") {	45	} elsif (-f "$rootdir/etc/SuSE-brand" \|\| -f "$rootdir/etc/SuSE-release") {
42	return "opensuse";	46	return "opensuse";
		47	} elsif (-f "$rootdir/etc/altlinux-release") {
		48	return "altlinux";
		49	} elsif (-f "$rootdir/etc/oracle-release") {
		50	return "oracle";
43	} elsif (-f "$rootdir/etc/fedora-release") {	51	} elsif (-f "$rootdir/etc/fedora-release") {
44	return "fedora";	52	return "fedora";
45	} elsif (-f "$rootdir/etc/centos-release" \|\| -f "$rootdir/etc/redhat-release") {	53	} elsif (-f "$rootdir/etc/centos-release" \|\| -f "$rootdir/etc/redhat-release") {




package PVE::LXC::Setup::Oracle;

use strict;
use warnings;
use PVE::LXC::Setup::CentOS;
use base qw(PVE::LXC::Setup::CentOS);

sub new {
	my ($class, $conf, $rootdir) = @_;
	my $release = PVE::Tools::file_read_firstline("$rootdir/etc/oracle-release");
	die "unable to read version info\n" if !defined($release);
	my $version;
	if ($release =~ m/release\s+(\d+\.\d+)(\.\d+)?/){
		if ($1 >= 6 && $1 < 8){
			$version = $1;
		}
	}
	die "unsupported oracle release '$release'\n" if !$version;
	my $self = { conf => $conf, rootdir => $rootdir, version => $version };
	$conf->{ostype} = "oracle";
	return bless $self, $class;
}

1;




package PVE::LXC::Setup::ALTLinux;

use strict;
use warnings;
use PVE::LXC::Setup::Base;
use base qw(PVE::LXC::Setup::Base);

sub new {
	my $ostype = "altlinux";
	my ($class, $conf, $rootdir) = @_;
	my $version = PVE::Tools::file_read_firstline("$rootdir/etc/$ostype-release");
	my $self = { conf => $conf, rootdir => $rootdir, version => $version };
	$conf->{ostype} = $ostype;
	return bless $self, $class;
}

sub set_hostname {
	my ($self, $conf) = @_;
	# Redhat wants the fqdn in /etc/sysconfig/network's HOSTNAME
	my $hostname = $conf->{hostname} || 'localhost';
	my $sysconfig_network = "/etc/sysconfig/network";
	my $oldname;
	my $data = $self->ct_file_get_contents($sysconfig_network);
	if ($data =~ m/^HOSTNAME=\s*(\S+)\s*$/m){
		$oldname = $1;
	}
	my $hosts_fn = "/etc/hosts";
	my ($ipv4, $ipv6) = PVE::LXC::get_primary_ips($conf);
	my $hostip = $ipv4 || $ipv6;
	my ($searchdomains) = $self->lookup_dns_conf($conf);
	$self->update_etc_hosts($hostip, $oldname, $hostname, $searchdomains);
	if ($self->ct_file_exists($sysconfig_network)){
		my $data = $self->ct_file_get_contents($sysconfig_network);
		if ($data !~ s/^HOSTNAME=\h*(\S+)\h*$/HOSTNAME=$hostname/m){
			$data .= "HOSTNAME=$hostname\n";
		}
		$self->ct_file_set_contents($sysconfig_network, $data);
	}
}

sub setup_init {
	my ($self, $conf) = @_;
	my $filename = "/etc/inittab";
	return if !$self->ct_file_exists($filename);
	my $ttycount = PVE::LXC::Config->get_tty_count($conf);
	my $inittab = $self->ct_file_get_contents($filename);
	my @lines = grep {
		# remove getty lines
		!/^\s*\d+:\d+:[^:]*:.*getty/ &&
		# remove power lines
		!/^\s*p[fno0]:/
	} split(/\n/, $inittab);
	$inittab = join("\n", @lines) . "\n";
	$inittab .= "p0::powerfail:/sbin/shutdown -f -h +2 \"Power failure, system shutting down...\"\n";
	for (my $id = 1; $id <= $ttycount; $id++){
		next if $id == 7; # reserved for X11
		my $levels = ($id == 1) ? '234' : '2345';
		$inittab .= "$id:$levels:respawn:/sbin/mingetty tty$id\n";
	}
	$self->ct_file_set_contents($filename, $inittab);
}

sub setup_network {
	my ($self, $conf) = @_;
#	my $gw;
	foreach my $k (keys %$conf) {
		next if $k !~ m/^net(\d+)$/;
		my $d = PVE::LXC::Config->parse_lxc_network($conf->{$k});
		next if !$d->{name};
		my $ifpath = "/etc/net/ifaces/$d->{name}";
		$self->ct_make_path($ifpath);
		my $optfile = "$ifpath/options";
		my $addrfile = "$ifpath/ipv4address";
		my $routefile = "$ifpath/ipv4route";
		my $options = "TYPE=eth\n";
		my $address = '';
		my $routes = '';
		if ($d->{ip} && $d->{ip} ne 'manual'){
			if ($d->{ip} eq 'dhcp'){
				$options .= "BOOTPROTO=dhcp\n";
			} else {
				$options .= "BOOTPROTO=static\n";
				$address = "$d->{ip}\n";
				if (defined($d->{gw})){
					$routes .= "default via $d->{gw}\n";
					$self->ct_modify_file($routefile, $routes, delete => 1, prepend => 1);
				}
				$self->ct_file_set_contents($addrfile, $address);
			}
			$self->ct_file_set_contents($optfile, $options);
		}
	}
}

1;




# This derives from the global common config
lxc.include = /usr/share/lxc/config/common.conf

# Allow for 6 tty devices by default
lxc.tty = 6

# Doesn't support consoles in /dev/lxc/
#lxc.devttydir =

# Capabilities
# Uncomment these if you don't run anything that needs the capability, and
# would like the container to run with less privilege.
#
# Dropping sys_admin disables container root from doing a lot of things
# that could be bad like re-mounting lxc fstab entries rw for example,
# but also disables some useful things like being able to nfs mount, and
# things that are already namespaced with ns_capable() kernel checks, like
# hostname(1).
# lxc.cap.drop = sys_admin
# lxc.cap.drop = net_raw          # breaks dhcp/ping
# lxc.cap.drop = setgid           # breaks login (initgroups/setgroups)
# lxc.cap.drop = dac_read_search  # breaks login (pam unix_chkpwd)
# lxc.cap.drop = setuid           # breaks sshd,nfs statd
# lxc.cap.drop = audit_control    # breaks sshd (set_loginuid failed)
# lxc.cap.drop = audit_write
# lxc.cap.drop = setpcap          # big big login delays in Fedora 20 systemd
lxc.cap.drop = setfcap sys_nice sys_pacct sys_rawio

Line 0 Link Here

(-)/usr/share/lxc/config/altlinux.userns.conf.orig (+2 lines)
	1	# This derives from the global userns config
	2	lxc.include = /usr/share/lxc/config/userns.conf

Return to bug 32462

Line 0 Link Here

(-)/usr/share/perl5/PVE/LXC/Setup/Oracle.pm.orig (+24 lines)
	1	package PVE::LXC::Setup::Oracle;
	2
	3	use strict;
	4	use warnings;
	5	use PVE::LXC::Setup::CentOS;
	6	use base qw(PVE::LXC::Setup::CentOS);
	7
	8	sub new {
	9	my ($class, $conf, $rootdir) = @_;
	10	my $release = PVE::Tools::file_read_firstline("$rootdir/etc/oracle-release");
	11	die "unable to read version info\n" if !defined($release);
	12	my $version;
	13	if ($release =~ m/release\s+(\d+\.\d+)(\.\d+)?/){
	14	if ($1 >= 6 && $1 < 8){
	15	$version = $1;
	16	}
	17	}
	18	die "unsupported oracle release '$release'\n" if !$version;
	19	my $self = { conf => $conf, rootdir => $rootdir, version => $version };
	20	$conf->{ostype} = "oracle";
	21	return bless $self, $class;
	22	}
	23
	24	1;

Line 0 Link Here

(-)/usr/share/perl5/PVE/LXC/Setup/ALTLinux.pm.orig (+95 lines)
		1	package PVE::LXC::Setup::ALTLinux;
		2
		3	use strict;
		4	use warnings;
		5	use PVE::LXC::Setup::Base;
		6	use base qw(PVE::LXC::Setup::Base);
		7
		8	sub new {
		9	my $ostype = "altlinux";
		10	my ($class, $conf, $rootdir) = @_;
		11	my $version = PVE::Tools::file_read_firstline("$rootdir/etc/$ostype-release");
		12	my $self = { conf => $conf, rootdir => $rootdir, version => $version };
		13	$conf->{ostype} = $ostype;
		14	return bless $self, $class;
		15	}
		16
		17	sub set_hostname {
		18	my ($self, $conf) = @_;
		19	# Redhat wants the fqdn in /etc/sysconfig/network's HOSTNAME
		20	my $hostname = $conf->{hostname} \|\| 'localhost';
		21	my $sysconfig_network = "/etc/sysconfig/network";
		22	my $oldname;
		23	my $data = $self->ct_file_get_contents($sysconfig_network);
		24	if ($data =~ m/^HOSTNAME=\s(\S+)\s$/m){
		25	$oldname = $1;
		26	}
		27	my $hosts_fn = "/etc/hosts";
		28	my ($ipv4, $ipv6) = PVE::LXC::get_primary_ips($conf);
		29	my $hostip = $ipv4 \|\| $ipv6;
		30	my ($searchdomains) = $self->lookup_dns_conf($conf);
		31	$self->update_etc_hosts($hostip, $oldname, $hostname, $searchdomains);
		32	if ($self->ct_file_exists($sysconfig_network)){
		33	my $data = $self->ct_file_get_contents($sysconfig_network);
		34	if ($data !~ s/^HOSTNAME=\h(\S+)\h$/HOSTNAME=$hostname/m){
		35	$data .= "HOSTNAME=$hostname\n";
		36	}
		37	$self->ct_file_set_contents($sysconfig_network, $data);
		38	}
		39	}
		40
		41	sub setup_init {
		42	my ($self, $conf) = @_;
		43	my $filename = "/etc/inittab";
		44	return if !$self->ct_file_exists($filename);
		45	my $ttycount = PVE::LXC::Config->get_tty_count($conf);
		46	my $inittab = $self->ct_file_get_contents($filename);
		47	my @lines = grep {
		48	# remove getty lines
		49	!/^\s\d+:\d+:[^:]:.*getty/ &&
		50	# remove power lines
		51	!/^\s*p[fno0]:/
		52	} split(/\n/, $inittab);
		53	$inittab = join("\n", @lines) . "\n";
		54	$inittab .= "p0::powerfail:/sbin/shutdown -f -h +2 \"Power failure, system shutting down...\"\n";
		55	for (my $id = 1; $id <= $ttycount; $id++){
		56	next if $id == 7; # reserved for X11
		57	my $levels = ($id == 1) ? '234' : '2345';
		58	$inittab .= "$id:$levels:respawn:/sbin/mingetty tty$id\n";
		59	}
		60	$self->ct_file_set_contents($filename, $inittab);
		61	}
		62
		63	sub setup_network {
		64	my ($self, $conf) = @_;
65	# my $gw;
66	foreach my $k (keys %$conf) {
67	next if $k !~ m/^net(\d+)$/;
68	my $d = PVE::LXC::Config->parse_lxc_network($conf->{$k});
69	next if !$d->{name};
70	my $ifpath = "/etc/net/ifaces/$d->{name}";
71	$self->ct_make_path($ifpath);
72	my $optfile = "$ifpath/options";
73	my $addrfile = "$ifpath/ipv4address";
74	my $routefile = "$ifpath/ipv4route";
75	my $options = "TYPE=eth\n";
76	my $address = '';
77	my $routes = '';
78	if ($d->{ip} && $d->{ip} ne 'manual'){
79	if ($d->{ip} eq 'dhcp'){
80	$options .= "BOOTPROTO=dhcp\n";
81	} else {
82	$options .= "BOOTPROTO=static\n";
83	$address = "$d->{ip}\n";
84	if (defined($d->{gw})){
85	$routes .= "default via $d->{gw}\n";
86	$self->ct_modify_file($routefile, $routes, delete => 1, prepend => 1);
87	}
88	$self->ct_file_set_contents($addrfile, $address);
89	}
90	$self->ct_file_set_contents($optfile, $options);
91	}
92	}
93	}
94
95	1;

Line 0 Link Here

(-)/usr/share/lxc/config/altlinux.common.conf.orig (+27 lines)
	1	# This derives from the global common config
	2	lxc.include = /usr/share/lxc/config/common.conf
	3
	4	# Allow for 6 tty devices by default
	5	lxc.tty = 6
	6
	7	# Doesn't support consoles in /dev/lxc/
	8	#lxc.devttydir =
	9
	10	# Capabilities
	11	# Uncomment these if you don't run anything that needs the capability, and
	12	# would like the container to run with less privilege.
	13	#
	14	# Dropping sys_admin disables container root from doing a lot of things
	15	# that could be bad like re-mounting lxc fstab entries rw for example,
	16	# but also disables some useful things like being able to nfs mount, and
	17	# things that are already namespaced with ns_capable() kernel checks, like
	18	# hostname(1).
	19	# lxc.cap.drop = sys_admin
	20	# lxc.cap.drop = net_raw # breaks dhcp/ping
	21	# lxc.cap.drop = setgid # breaks login (initgroups/setgroups)
	22	# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd)
	23	# lxc.cap.drop = setuid # breaks sshd,nfs statd
	24	# lxc.cap.drop = audit_control # breaks sshd (set_loginuid failed)
	25	# lxc.cap.drop = audit_write
	26	# lxc.cap.drop = setpcap # big big login delays in Fedora 20 systemd
	27	lxc.cap.drop = setfcap sys_nice sys_pacct sys_rawio