https://git.useribm.hu / user-lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dd299ec)
Updated efg.pn, ifg.usr (cgroups and NIC naming fixes).
authorZoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
Wed, 6 Nov 2019 05:08:05 +0000 (06:08 +0100)
committerZoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
Wed, 6 Nov 2019 05:08:05 +0000 (06:08 +0100)
sources/efg.pm/config patch | blob | history
sources/efg.pm/firstboot/10_setupnftables.sh patch | blob | history
sources/ifg.usr/config patch | blob | history
sources/ifg.usr/firstboot/01_setupnetworking.sh patch | blob | history
sources/ifg.usr/firstboot/10_setupnftables.sh patch | blob | history

diff --git a/sources/efg.pm/config b/sources/efg.pm/config
index 75be1c866bc874345f87217277039e5ad7ffc787..45d40e5bc819ceb63ebb9a425ebbafa1fc2b5462 100644 (file)
--- a/sources/efg.pm/config
+++ b/sources/efg.pm/config
@@ -14,6 +14,9 @@ lxc.net.1.type = phys
 lxc.net.1.flags = up
 lxc.net.1.link = bonde-dev
 
+lxc.cgroup.devices.allow =
+lxc.cgroup.devices.deny =
+
 lxc.autodev = 1
 
 lxc.signal.halt = SIGRTMIN+4
diff --git a/sources/efg.pm/firstboot/10_setupnftables.sh b/sources/efg.pm/firstboot/10_setupnftables.sh
index fd180f179c80d21e8e779815f6979d20bab2ce6b..93bbdc132f94b805b66f8df1e14cd7c8e7d268bc 100755 (executable)
--- a/sources/efg.pm/firstboot/10_setupnftables.sh
+++ b/sources/efg.pm/firstboot/10_setupnftables.sh
@@ -4,7 +4,6 @@
 REAL_PATH=$(realpath $(dirname $0))
 
 
-nft list ruleset
 nft list ruleset | grep ^table | sed 's/ {$//' | while read TABLE_SPEC
 do
     nft flush $TABLE_SPEC
@@ -13,5 +12,6 @@ done
 
 nft --echo --file $REAL_PATH/nftables.config
 nft list ruleset >/etc/nftables/efg.nft
+nft list ruleset
 
 systemctl enable nftables.service
diff --git a/sources/ifg.usr/config b/sources/ifg.usr/config
index 2b075cb47293d61d0c92d3d60a23027d06c3af0c..523e73092854b8a261c652f3ffb2ae306ef1bcad 100644 (file)
--- a/sources/ifg.usr/config
+++ b/sources/ifg.usr/config
@@ -8,13 +8,18 @@ lxc.mount.auto = proc:rw sys:ro
 lxc.net.0.type = veth
 lxc.net.0.flags = up
 lxc.net.0.link = bri-dev
+lxc.net.0.name = eth0
 lxc.net.0.hwaddr = 02:0c:18:03:6d:fe
 
 lxc.net.1.type = veth
 lxc.net.1.flags = up
 lxc.net.1.link = brh-dev
+lxc.net.1.name = eth1
 lxc.net.1.hwaddr = 02:0c:18:03:ad:01
 
+lxc.cgroup.devices.allow =
+lxc.cgroup.devices.deny =
+
 lxc.autodev = 1
 
 lxc.signal.halt = SIGRTMIN+4
diff --git a/sources/ifg.usr/firstboot/01_setupnetworking.sh b/sources/ifg.usr/firstboot/01_setupnetworking.sh
index 3c3115623f91613a0c28c80e19001965637af823..a45e33e53300d61bf765d5ded7cb23871eebd9fd 100755 (executable)
--- a/sources/ifg.usr/firstboot/01_setupnetworking.sh
+++ b/sources/ifg.usr/firstboot/01_setupnetworking.sh
@@ -39,8 +39,8 @@ do
     CONNECTIONS=$(nmcli --terse connection show | wc -l)
 done
 
-INTERNAL_DEVICE=ifg
-PM_DEVICE=eth0
+INTERNAL_DEVICE=eth0
+PM_DEVICE=eth1
 
 nmcli connection add \
     connection.autoconnect yes \
diff --git a/sources/ifg.usr/firstboot/10_setupnftables.sh b/sources/ifg.usr/firstboot/10_setupnftables.sh
index 2f32506552816a2015e5537e72e5ae9f96a0867c..a522aaf97873152bad51a8b62d379c9be660927f 100755 (executable)
--- a/sources/ifg.usr/firstboot/10_setupnftables.sh
+++ b/sources/ifg.usr/firstboot/10_setupnftables.sh
@@ -4,7 +4,6 @@
 REAL_PATH=$(realpath $(dirname $0))
 
 
-nft list ruleset
 nft list ruleset | grep ^table | sed 's/ {$//' | while read TABLE_SPEC
 do
     nft flush $TABLE_SPEC
@@ -13,5 +12,6 @@ done
 
 nft --echo --file $REAL_PATH/nftables.config
 nft list ruleset >/etc/nftables/ifg.nft
+nft list ruleset
 
 systemctl enable nftables.service
user-lxc repository