Change some pam stuff so that we can login

[lxc-debian-unprivileged.git] / templates / lxc-debian-unprivileged

diff --git a/templates/lxc-debian-unprivileged b/templates/lxc-debian-unprivileged
index d18a27e7ea66bde662a5bf66e921f8bf3adc7479..bc6288b8eb69f9a14f24d9e998ca239448e007dd 100755 (executable)
--- a/templates/lxc-debian-unprivileged
+++ b/templates/lxc-debian-unprivileged
@@ -118,7 +118,7 @@ chmod 755 ${LXC_PATH}/bin/mknod
 
 export PATH=${LXC_PATH}/bin:$PATH
 
-debootstrap --foreign --include debian-archive-keyring,ifupdown,isc-dhcp-client,locales $DEBIAN_RELEASE ${LXC_ROOTFS} $DEBIAN_MIRROR
+debootstrap --foreign --include debian-archive-keyring,ifupdown,isc-dhcp-client,locales,openssh-server $DEBIAN_RELEASE ${LXC_ROOTFS} $DEBIAN_MIRROR
 
 # now totally skip that check in the new root, because it sucks.
 sed -i -e 's#check_sane_mount () {#check_sane_mount () {\n\treturn 0#;' ${LXC_ROOTFS}/debootstrap/functions
@@ -188,6 +188,9 @@ if [ -e ${LXC_ROOTFS}/etc/network/interfaces.d ]; then
     NETWORK_FILE=/etc/network/interfaces.d/eth0
 fi
 
+# remove some interesting breakages in pam for unpriv foo
+sed -i -e 's#^\(session.*required.*pam_loginuid.so\)#\#\1#;' ${LXC_ROOTFS}/etc/pam.d/*
+
 # setup sources.list
 cat <<EOF > ${LXC_ROOTFS}/etc/apt/sources.list
 deb $DEBIAN_MIRROR $DEBIAN_RELEASE main
@@ -216,7 +219,7 @@ EOF
 
 # and update to the latest security
 chroot ${LXC_ROOTFS} apt-get update
-chroot ${LXC_ROOTFS} apt-get upgrade
+chroot ${LXC_ROOTFS} apt-get -y upgrade
 
 # if we're all good here, unmount things and clean up
 [ -e ${LXC_ROOTFS}/usr/sbin/policy-rc.d ] && rm ${LXC_ROOTFS}/usr/sbin/policy-rc.d