X-Git-Url: https://git.sommitrealweird.co.uk/lxc-debian-unprivileged.git/blobdiff_plain/330e7d0cfc0886a371df29017a74d9e01c92562e..e442c7dafe02a235c2f2e4696f73ae9c81dcaf49:/templates/lxc-debian-unprivileged diff --git a/templates/lxc-debian-unprivileged b/templates/lxc-debian-unprivileged index 9b45a1b..89dbd50 100755 --- a/templates/lxc-debian-unprivileged +++ b/templates/lxc-debian-unprivileged @@ -31,9 +31,13 @@ done if [ "$MAPPED" == "no" ]; then echo "This template can only be used for unprivileged containers." 1>&2 - echo "You might want the \"debian\" template instead." 1|&2 + echo "You might want the \"debian\" template instead." 1>&2 + exit 1 fi +set -e +set -u + # Make sure the usual locations are in PATH export PATH=/usr/sbin:/usr/bin:/sbin:/bin:$PATH export GREP_OPTIONS="" @@ -197,7 +201,7 @@ if [ -e "${LXC_ROOTFS}/etc/network/interfaces.d" ]; then fi # remove some interesting breakages in pam for unpriv foo -sed -i -e 's#^\(session.*required.*pam_loginuid.so\)#\#\1#;' "${LXC_ROOTFS}/etc/pam.d/*" +sed -i -e 's#^\(session.*required.*pam_loginuid.so\)#\#\1#;' "${LXC_ROOTFS}"/etc/pam.d/* # set the hostname echo $LXC_NAME > "${LXC_ROOTFS}/etc/hostname" @@ -208,11 +212,11 @@ deb $DEBIAN_MIRROR $DEBIAN_RELEASE main deb http://security.debian.org/ $DEBIAN_RELEASE/updates main EOF -# disable bits of systemd that we hates -chroot "${LXC_ROOTFS}" /usr/sbin/update-rc.d -f checkroot.sh disable > /dev/null 2>&1 -chroot "${LXC_ROOTFS}" /usr/sbin/update-rc.d -f umountfs disable > /dev/null 2>&1 -chroot "${LXC_ROOTFS}" /usr/sbin/update-rc.d -f hwclock.sh disable > /dev/null 2>&1 -chroot "${LXC_ROOTFS}" /usr/sbin/update-rc.d -f hwclockfirst.sh disable > /dev/null 2>&1 +# disable bits of systemd / initrd that break things +chroot "${LXC_ROOTFS}" /usr/sbin/update-rc.d -f checkroot.sh disable > /dev/null 2>&1 || true +chroot "${LXC_ROOTFS}" /usr/sbin/update-rc.d -f umountfs disable > /dev/null 2>&1 || true +chroot "${LXC_ROOTFS}" /usr/sbin/update-rc.d -f hwclock.sh disable > /dev/null 2>&1 || true +chroot "${LXC_ROOTFS}" /usr/sbin/update-rc.d -f hwclockfirst.sh disable > /dev/null 2>&1 || true if [ -e "${LXC_ROOTFS}/etc/systemd/system/" ]; then touch "${LXC_ROOTFS}/etc/systemd/system/systemd-setup-dgram-qlen.service" @@ -223,6 +227,10 @@ if [ -e "${LXC_ROOTFS}/etc/systemd/system/" ]; then chroot "${LXC_ROOTFS}" ln -s /lib/systemd/system/halt.target /etc/systemd/system/sigpwr.target fi +if [ -e "${LXC_ROOTFS}/lib/systemd/system/systemd-journald-audit.socket" ]; then + touch "${LXC_ROOTFS}/etc/systemd/system/systemd-journald-audit.socket" +fi + cat <> "${LXC_ROOTFS}${NETWORK_FILE}" auto eth0 iface eth0 inet dhcp