From 0706287ab500d02db0257d2321156da6f01a38a6 Mon Sep 17 00:00:00 2001 From: Brett Parker Date: Sat, 21 May 2016 23:55:28 +0100 Subject: [PATCH 1/1] Clean up after ourselves, and stop services from doing anything in the chroot as we're creating it --- templates/lxc-debian-unprivileged | 38 ++++++++++++++++++++----------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/templates/lxc-debian-unprivileged b/templates/lxc-debian-unprivileged index 3311609..c7134a7 100755 --- a/templates/lxc-debian-unprivileged +++ b/templates/lxc-debian-unprivileged @@ -66,6 +66,21 @@ eval set -- "$options" DEBIAN_MIRROR="http://mirror.mythic-beasts.com/debian/" DEBIAN_RELEASE="jessie" +disable_initscripts() { + cat < ${LXC_ROOTFS}/usr/sbin/policy-rc.d +#!/bin/sh + +exit 101 +EOF + chmod 755 ${LXC_ROOTFS}/usr/sbin/policy-rc.d +} + +enable_initscripts() { + if [ -e ${LXC_ROOTFS}/usr/sbin/policy-rc.d ]; then + rm ${LXC_ROOTFS}/usr/sbin/policy-rc.d + fi +} + while :; do case "$1" in -h|--help) usage && exit 1;; @@ -80,12 +95,6 @@ while :; do esac done -echo "Mapped UID: $MAPPED_UID" -echo "Mapped GID: $MAPPED_GID" -echo "RootFS: $LXC_ROOTFS" -echo "Name: $LXC_NAME" -echo "Path: $LXC_PATH" - # rewrite the default config file sed -i -e "/lxc./{w ${LXC_PATH}/config-auto" -e "d}" ${LXC_PATH}/config @@ -140,7 +149,7 @@ for file in /var/lib/lxcfs/proc/*; do mount -n -o bind $file ${LXC_ROOTFS}/proc/$fname done -for dev in random urandom; do +for dev in null random urandom; do touch ${LXC_ROOTFS}/dev/$dev mount -n -o bind /dev/$dev ${LXC_ROOTFS}/dev/$dev done @@ -149,15 +158,14 @@ done echo "debootstrapping - hahaha" > ${LXC_ROOTFS}/proc/cmdline # and disable initscripts -cat < ${LXC_ROOTFS}/usr/sbin/policy-rc.d -#!/bin/sh - -exit 101 -EOF +disable_initscripts # and run the second stage chroot ${LXC_ROOTFS} /debootstrap/debootstrap --second-stage +# make sure that initscripts are still disabled +disable_initscripts + # configure locales lang=en_GB.UTF-8 enc=UTF-8 @@ -228,7 +236,7 @@ chroot ${LXC_ROOTFS} apt-get -y upgrade [ -e ${LXC_ROOTFS}/usr/sbin/policy-rc.d ] && rm ${LXC_ROOTFS}/usr/sbin/policy-rc.d rm ${LXC_ROOTFS}/proc/cmdline -for dev in random urandom; do +for dev in null random urandom; do umount ${LXC_ROOTFS}/dev/$dev rm ${LXC_ROOTFS}/dev/$dev done @@ -239,4 +247,8 @@ for file in /var/lib/lxcfs/proc/*; do rm ${LXC_ROOTFS}/proc/$fname done +enable_initscripts + +rm -r ${LXC_PATH}/bin + exit 0 -- 2.39.5