X-Git-Url: https://git.sommitrealweird.co.uk/lxc-debian-unprivileged.git/blobdiff_plain/0b6c3fd3611a11798ccdbc2f2e39f38132bc67d4..4af5c17fb1da5c3d6fbbd2d13174326e04147610:/templates/lxc-debian-unprivileged?ds=sidebyside diff --git a/templates/lxc-debian-unprivileged b/templates/lxc-debian-unprivileged index 30d4912..3311609 100755 --- a/templates/lxc-debian-unprivileged +++ b/templates/lxc-debian-unprivileged @@ -118,7 +118,7 @@ chmod 755 ${LXC_PATH}/bin/mknod export PATH=${LXC_PATH}/bin:$PATH -debootstrap --foreign --include debian-archive-keyring,ifupdown,isc-dhcp-client,locales $DEBIAN_RELEASE ${LXC_ROOTFS} $DEBIAN_MIRROR +debootstrap --foreign --include debian-archive-keyring,ifupdown,isc-dhcp-client,locales,openssh-server $DEBIAN_RELEASE ${LXC_ROOTFS} $DEBIAN_MIRROR # now totally skip that check in the new root, because it sucks. sed -i -e 's#check_sane_mount () {#check_sane_mount () {\n\treturn 0#;' ${LXC_ROOTFS}/debootstrap/functions @@ -188,10 +188,16 @@ if [ -e ${LXC_ROOTFS}/etc/network/interfaces.d ]; then NETWORK_FILE=/etc/network/interfaces.d/eth0 fi +# remove some interesting breakages in pam for unpriv foo +sed -i -e 's#^\(session.*required.*pam_loginuid.so\)#\#\1#;' ${LXC_ROOTFS}/etc/pam.d/* + +# set the hostname +echo $LXC_NAME > ${LXC_ROOTFS}/etc/hostname + # setup sources.list cat < ${LXC_ROOTFS}/etc/apt/sources.list deb $DEBIAN_MIRROR $DEBIAN_RELEASE main -deb http://security.debian.org/ $DEBIAN_RELEASE/update main +deb http://security.debian.org/ $DEBIAN_RELEASE/updates main EOF # disable bits of systemd that we hates @@ -216,7 +222,7 @@ EOF # and update to the latest security chroot ${LXC_ROOTFS} apt-get update -chroot ${LXC_ROOTFS} apt-get upgrade +chroot ${LXC_ROOTFS} apt-get -y upgrade # if we're all good here, unmount things and clean up [ -e ${LXC_ROOTFS}/usr/sbin/policy-rc.d ] && rm ${LXC_ROOTFS}/usr/sbin/policy-rc.d