Skip to content

L
lxc
Commit 23cc88ba by Alexander Vladimirov Committed by Stéphane Graber
Options

lxc-archlinux.in: update securetty when lxc.devttydir is set

Update container's /etc/securetty to allow console logins when lxc.devttydir is not empty. Also use config entries provided by shared and common configuration files. Signed-off-by: 's avatarAlexander Vladimirov <alexander.idkfa.vladimirov@gmail.com> Acked-by: 's avatarStéphane Graber <stgraber@ubuntu.com>
parent 99cbd299
Showing with 19 additions and 3 deletions
config/templates/archlinux.common.conf.in
...@@ -17,6 +17,9 @@ lxc.stopsignal=SIGRTMIN+14 ...@@ -17,6 +17,9 @@ lxc.stopsignal=SIGRTMIN+14
# Mount entries # Mount entries
lxc.mount.auto = proc:mixed sys:ro lxc.mount.auto = proc:mixed sys:ro
# Uncomment to disable creating tty devices subdirectory in /dev
# lxc.devttydir =
# Capabilities # Capabilities
# Uncomment these if you don't run anything that needs the capability, and # Uncomment these if you don't run anything that needs the capability, and
# would like the container to run with less privilege. # would like the container to run with less privilege.
......
templates/lxc-archlinux.in
...@@ -44,6 +44,7 @@ default_path="@LXCPATH@" ...@@ -44,6 +44,7 @@ default_path="@LXCPATH@"
default_locale="en-US.UTF-8" default_locale="en-US.UTF-8"
default_timezone="UTC" default_timezone="UTC"
pacman_config="/etc/pacman.conf" pacman_config="/etc/pacman.conf"
common_config="@LXCTEMPLATECONFIG@/common.conf"
shared_config="@LXCTEMPLATECONFIG@/archlinux.common.conf" shared_config="@LXCTEMPLATECONFIG@/archlinux.common.conf"
# by default, install 'base' except the kernel # by default, install 'base' except the kernel
...@@ -107,11 +108,23 @@ pacman-key --init ...@@ -107,11 +108,23 @@ pacman-key --init
pacman-key --populate archlinux pacman-key --populate archlinux
EOF EOF
# enable getty on active ttys # enable getty on active ttys
nttys=$(grep lxc.tty ${config_path}/config | cut -d= -f 2 | tr -d "[:blank:]") local nttys=$(cat "${config_path}/config" ${shared_config} ${common_config} | grep "^lxc.tty" | head -n1 | cut -d= -f2 | tr -d "[:blank:]")
local devttydir=$(cat "${config_path}/config" ${shared_config} ${common_config} | grep "^lxc.devttydir" | head -n1 | cut -d= -f2 | tr -d "[:blank:]")
local devtty=""
# bind getty instances to /dev/<devttydir>/tty* if lxc.devttydir is set
[ -n "${devttydir}" ] && devtty="${devttydir}-"
if [ ${nttys:-0} -gt 1 ]; then if [ ${nttys:-0} -gt 1 ]; then
( cd ${rootfs_path}/etc/systemd/system/getty.target.wants ( cd "${rootfs_path}/etc/systemd/system/getty.target.wants"
for i in $(seq 1 $nttys); do ln -sf ../getty\@.service getty@tty${i}.service; done ) for i in $(seq 1 $nttys); do ln -sf "../getty@.service" "getty@${devtty}tty${i}.service"; done )
fi fi
# update securetty to allow console login if devttydir is set
if [ -n "${devttydir}" ]; then
for i in $(seq 1 ${nttys:-1}); do
echo "${devttydir}/tty${i}" >> "${rootfs_path}/etc/securetty"
done
fi
[ -n "${devttydir}" ] && echo "${devttydir}/console" >> "${rootfs_path}/etc/securetty"
# Arch default configuration allows only tty1-6 for login
[ ${nttys:-0} -gt 6 ] && echo \ [ ${nttys:-0} -gt 6 ] && echo \
"You may want to modify container's /etc/securetty \ "You may want to modify container's /etc/securetty \
file to allow root logins on tty7 and higher" file to allow root logins on tty7 and higher"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment