Skip to content

L
lxc
Commit 5266cf0a by Michael H. Warfield Committed by Stéphane Graber
Options

lxc-fedora: Fixes for selinux and pam_loginuid.so

Just some additional catches for disabling selinux and pam_loginuid.so thanks to Dwight Engen and the Oracle template. Also add ssh and ssh-server to the default installation. Signed-off-by: 's avatarMichael H. Warfield <mhw@WittsEnd.com> Acked-by: 's avatarStéphane Graber <stgraber@ubuntu.com>
parent 6a59920b
Showing with 20 additions and 3 deletions
templates/lxc-fedora.in
...@@ -98,11 +98,24 @@ configure_fedora() ...@@ -98,11 +98,24 @@ configure_fedora()
mkdir -p $rootfs_path/selinux mkdir -p $rootfs_path/selinux
echo 0 > $rootfs_path/selinux/enforce echo 0 > $rootfs_path/selinux/enforce
# This may be related to disabling selinux above but this is # Also kill it in the /etc/selinux/config file if it's there...
# a known problem and documented in RedHat bugzilla as relating if [[ -f $rootfs_path/etc/selinux/config ]]
then
sed -i '/^SELINUX=/s/.*/SELINUX=disabled/' $rootfs_path/etc/selinux/config
fi
# Nice catch from Dwight Engen in the Oracle template.
# Wantonly plagerized here with much appreciation.
if [ -f $rootfs_path/usr/sbin/selinuxenabled ]; then
mv $rootfs_path/usr/sbin/selinuxenabled $rootfs_path/usr/sbin/selinuxenabled.lxcorig
ln -s /bin/false $rootfs_path/usr/sbin/selinuxenabled
fi
# This is a known problem and documented in RedHat bugzilla as relating
# to a problem with auditing enabled. This prevents an error in # to a problem with auditing enabled. This prevents an error in
# the container "Cannot make/remove an entry for the specified session" # the container "Cannot make/remove an entry for the specified session"
sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/login sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/login
sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/sshd
# configure the network using the dhcp # configure the network using the dhcp
cat <<EOF > ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0 cat <<EOF > ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0
...@@ -132,6 +145,9 @@ EOF ...@@ -132,6 +145,9 @@ EOF
::1 localhost6.localdomain6 localhost6 ::1 localhost6.localdomain6 localhost6
EOF EOF
# These mknod's really don't make any sense with modern releases of
# Fedora with systemd, devtmpfs, and autodev enabled. They are left
# here for legacy reasons and older releases with upstart and sysv init.
dev_path="${rootfs_path}/dev" dev_path="${rootfs_path}/dev"
rm -rf $dev_path rm -rf $dev_path
mkdir -p $dev_path mkdir -p $dev_path
...@@ -187,6 +203,7 @@ EOF ...@@ -187,6 +203,7 @@ EOF
return 0 return 0
} }
configure_fedora_init() configure_fedora_init()
{ {
sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
...@@ -635,7 +652,7 @@ download_fedora() ...@@ -635,7 +652,7 @@ download_fedora()
BOOTSTRAP_INSTALL_ROOT=${INSTALL_ROOT} BOOTSTRAP_INSTALL_ROOT=${INSTALL_ROOT}
BOOTSTRAP_CHROOT= BOOTSTRAP_CHROOT=
PKG_LIST="yum initscripts passwd rsyslog vim-minimal dhclient chkconfig rootfiles policycoreutils fedora-release" PKG_LIST="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils fedora-release"
MIRRORLIST_URL="http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$release&arch=$arch" MIRRORLIST_URL="http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$release&arch=$arch"
if [[ ${release} -lt 17 ]] if [[ ${release} -lt 17 ]]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment