{
echo "Copying base container files."
- for FQ_DIRECTORY in $BASE_CONTAINER_PATH/rootfs/*
- do
- DIRECTORY=$(basename $FQ_DIRECTORY)
- case "$DIRECTORY" in
- "usr")
- # common for all containers
- cp --archive --link $FQ_DIRECTORY $CONTAINER_BUILDROOT
- ;;
- "dev" | "proc")
- # already mounted, skip
- ;;
- *)
- # each container must have its own version
- cp --archive $FQ_DIRECTORY $CONTAINER_BUILDROOT
- ;;
- esac
- done
- # the rpm database has moved to /usr
- for DIRECTORY in usr/lib/sysimage
- do
- rm --force --recursive $CONTAINER_BUILDROOT/$DIRECTORY
- cp --archive $BASE_CONTAINER_PATH/rootfs/$DIRECTORY \
- $CONTAINER_BUILDROOT/$DIRECTORY
- done
+ if [ "$1" = "btrfs" ]
+ then
+ for FQ_DIRECTORY in $BASE_CONTAINER_PATH/rootfs/*
+ do
+ DIRECTORY=$(basename $FQ_DIRECTORY)
+ case "$DIRECTORY" in
+ "dev" | "proc")
+ # already mounted, skip
+ ;;
+ *)
+ # each container modifies its own version
+ cp --archive $FQ_DIRECTORY $CONTAINER_BUILDROOT
+ ;;
+ esac
+ done
+ else
+ for FQ_DIRECTORY in $BASE_CONTAINER_PATH/rootfs/*
+ do
+ DIRECTORY=$(basename $FQ_DIRECTORY)
+ case "$DIRECTORY" in
+ "usr")
+ # common for all containers
+ cp --archive --link $FQ_DIRECTORY $CONTAINER_BUILDROOT
+ ;;
+ "dev" | "proc")
+ # already mounted, skip
+ ;;
+ *)
+ # each container must have its own version
+ cp --archive $FQ_DIRECTORY $CONTAINER_BUILDROOT
+ ;;
+ esac
+ done
+ # copy the rpm database separately as it has been moved to /usr
+ for DIRECTORY in usr/lib/sysimage
+ do
+ rm --force --recursive $CONTAINER_BUILDROOT/$DIRECTORY
+ cp --archive $BASE_CONTAINER_PATH/rootfs/$DIRECTORY \
+ $CONTAINER_BUILDROOT/$DIRECTORY
+ done
+ fi
echo "Installing special packages."
| xargs --null chmod 755
find $CONTAINER_BUILDROOT/c3d -type f -print0 \
| xargs --null chmod 644
- chown --recursive root.root $CONTAINER_BUILDROOT/c3d
+ chown --recursive root:root $CONTAINER_BUILDROOT/c3d
fi
MODE_LIST=$CONTAINER_BUILDROOT/c3d/mode.txt
OWNER_LIST=$CONTAINER_BUILDROOT/c3d/owner.txt
if [ -f $OWNER_LIST ]
then
- shopt -s nullglob
grep --invert-match \
--regexp='^#' \
--regexp='^$' $OWNER_LIST | while read LINE
do
- TGT_OWNER=$(echo "$LINE" | cut -f 1 -d ' ')
- GLOB_TGT_PATH=$(echo "$LINE" | cut -f 2 -d ' ')
+ SEPARATORS=$(echo $LINE | tr --complement --delete ' ' | wc -c)
+ PATH_FIELD=$(($SEPARATORS + 1))
+ FLAGS_AND_OWNER=$(echo $LINE | cut -f -$SEPARATORS -d ' ')
+ GLOB_TGT_PATH=$(echo $LINE | cut -f $PATH_FIELD -d ' ')
for BUILDROOT_TGT_PATH in $CONTAINER_BUILDROOT/c3d/$GLOB_TGT_PATH
do
TGT_PATH=$(echo $BUILDROOT_TGT_PATH | sed "s|^$CONTAINER_BUILDROOT||")
- chroot $CONTAINER_BUILDROOT chown $TGT_OWNER $TGT_PATH
+ chroot $CONTAINER_BUILDROOT chown $FLAGS_AND_OWNER $TGT_PATH
done
done
- shopt -u nullglob
fi
echo "Set ownership of the container creation and configuration directory files."
fi
OLD_CONTAINER_NAME=$(lxc-ls -1 | grep -w "^$CONTAINER_BASENAME")
- #OLD_CONTAINER_OS=$(echo $OLD_CONTAINER_NAME | sed 's/.*\.\([^\.]*\)$/\1/')
OLD_CONTAINER_PATH=$LXC_PATH/$OLD_CONTAINER_NAME
OLD_CONTAINER_BACKUP_PATH=$BACKUPS_PATH/$OLD_CONTAINER_NAME
mkdir $CONTAINER_BUILDROOT/dev
mkdir $CONTAINER_BUILDROOT/proc
+ mkdir $CONTAINER_BUILDROOT/sys
mount -o bind /dev $CONTAINER_BUILDROOT/dev
mount -t proc proc $CONTAINER_BUILDROOT/proc
+ mount -t sysfs sysfs $CONTAINER_BUILDROOT/sys
echo "Finished preinstall phase."
}
root@${SRC_HOST}:$SRC_PATH $COPY_PATH
done
fi
- if [ -d $POSTINSTALL_PATH/install-data ]
+ if [ -d $POSTINSTALL_PATH/install-data ]
then
tar --create \
--directory=$POSTINSTALL_PATH \
umount $CONTAINER_BUILDROOT/dev
umount $CONTAINER_BUILDROOT/proc
+ umount $CONTAINER_BUILDROOT/sys
echo "Finished postinstall phase."
}
+unprivilege()
+{
+ find $CONTAINER_BUILDROOT -perm -u+s >/tmp/us.$$
+ find $CONTAINER_BUILDROOT -perm -g+s >/tmp/gs.$$
+ find $CONTAINER_BUILDROOT -perm -o+t >/tmp/ot.$$
+
+ PRIV_UID=0
+ PRIV_UID_COUNT=$(find $CONTAINER_BUILDROOT -uid $PRIV_UID | wc -l)
+ if [ $PRIV_UID_COUNT -gt 0 ]
+ then
+ echo "root user files: $PRIV_UID_COUNT"
+ UNPRIV_UID=$(( $PRIV_UID + 100000 ))
+ find $CONTAINER_BUILDROOT -uid $PRIV_UID -print0 | xargs -0 chown --no-dereference $UNPRIV_UID
+ fi
+
+ PRIV_GID=0
+ PRIV_GID_COUNT=$(find $CONTAINER_BUILDROOT -gid $PRIV_GID | wc -l)
+ if [ $PRIV_GID_COUNT -gt 0 ]
+ then
+ echo "root group files: $PRIV_GID_COUNT"
+ UNPRIV_GID=$(( $PRIV_GID + 100000 ))
+ find $CONTAINER_BUILDROOT -gid $PRIV_GID -print0 | xargs -0 chgrp --no-dereference $UNPRIV_GID
+ fi
+
+ find $CONTAINER_BUILDROOT -uid -100000 | while read PRIV_UID_FILE
+ do
+ ls --directory -l $PRIV_UID_FILE
+ PRIV_UID=$(stat --format="%u" $PRIV_UID_FILE)
+ UNPRIV_UID=$(( $PRIV_UID + 100000 ))
+ chown --no-dereference $UNPRIV_UID $PRIV_UID_FILE
+ done
+
+ find $CONTAINER_BUILDROOT -gid -100000 | while read PRIV_GID_FILE
+ do
+ ls --directory -l $PRIV_GID_FILE
+ PRIV_GID=$(stat --format="%g" $PRIV_GID_FILE)
+ UNPRIV_GID=$(( $PRIV_GID + 100000 ))
+ chgrp --no-dereference $UNPRIV_GID $PRIV_GID_FILE
+ done
+
+ cat /tmp/us.$$ | while read US_NODE
+ do
+ chmod u+s $US_NODE
+ done
+ cat /tmp/gs.$$ | while read GS_NODE
+ do
+ chmod g+s $GS_NODE
+ done
+ cat /tmp/ot.$$ | while read OT_NODE
+ do
+ chmod o+t $OT_NODE
+ done
+ rm --force /tmp/us.$$ /tmp/gs.$$ /tmp/ot.$$
+}
+
firstboot()
{
echo "Executing firstboot phase."
preinstall
-copy_and_install
+copy_and_install ext4
set_c3d_ownership
postinstall
+unprivilege
+
backup_old_container
mv $CONTAINER_BUILD_PATH $CONTAINER_PATH
https://git.useribm.hu / user-lxc.git / commitdiff