From: Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
Date: Wed, 6 Nov 2019 05:08:05 +0000 (+0100)
Subject: Updated efg.pn, ifg.usr (cgroups and NIC naming fixes).
X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=fc56b0032568f4a831a9de816badba0fe90cb6bb;p=user-lxc.git

Updated efg.pn, ifg.usr (cgroups and NIC naming fixes).
---

diff --git a/sources/efg.pm/config b/sources/efg.pm/config
index 75be1c8..45d40e5 100644
--- a/sources/efg.pm/config
+++ b/sources/efg.pm/config
@@ -14,6 +14,9 @@ lxc.net.1.type = phys
 lxc.net.1.flags = up
 lxc.net.1.link = bonde-dev
 
+lxc.cgroup.devices.allow =
+lxc.cgroup.devices.deny =
+
 lxc.autodev = 1
 
 lxc.signal.halt = SIGRTMIN+4
diff --git a/sources/efg.pm/firstboot/10_setupnftables.sh b/sources/efg.pm/firstboot/10_setupnftables.sh
index fd180f1..93bbdc1 100755
--- a/sources/efg.pm/firstboot/10_setupnftables.sh
+++ b/sources/efg.pm/firstboot/10_setupnftables.sh
@@ -4,7 +4,6 @@
 REAL_PATH=$(realpath $(dirname $0))
 
 
-nft list ruleset
 nft list ruleset | grep ^table | sed 's/ {$//' | while read TABLE_SPEC
 do
     nft flush $TABLE_SPEC
@@ -13,5 +12,6 @@ done
 
 nft --echo --file $REAL_PATH/nftables.config
 nft list ruleset >/etc/nftables/efg.nft
+nft list ruleset
 
 systemctl enable nftables.service
diff --git a/sources/ifg.usr/config b/sources/ifg.usr/config
index 2b075cb..523e730 100644
--- a/sources/ifg.usr/config
+++ b/sources/ifg.usr/config
@@ -8,13 +8,18 @@ lxc.mount.auto = proc:rw sys:ro
 lxc.net.0.type = veth
 lxc.net.0.flags = up
 lxc.net.0.link = bri-dev
+lxc.net.0.name = eth0
 lxc.net.0.hwaddr = 02:0c:18:03:6d:fe
 
 lxc.net.1.type = veth
 lxc.net.1.flags = up
 lxc.net.1.link = brh-dev
+lxc.net.1.name = eth1
 lxc.net.1.hwaddr = 02:0c:18:03:ad:01
 
+lxc.cgroup.devices.allow =
+lxc.cgroup.devices.deny =
+
 lxc.autodev = 1
 
 lxc.signal.halt = SIGRTMIN+4
diff --git a/sources/ifg.usr/firstboot/01_setupnetworking.sh b/sources/ifg.usr/firstboot/01_setupnetworking.sh
index 3c31156..a45e33e 100755
--- a/sources/ifg.usr/firstboot/01_setupnetworking.sh
+++ b/sources/ifg.usr/firstboot/01_setupnetworking.sh
@@ -39,8 +39,8 @@ do
     CONNECTIONS=$(nmcli --terse connection show | wc -l)
 done
 
-INTERNAL_DEVICE=ifg
-PM_DEVICE=eth0
+INTERNAL_DEVICE=eth0
+PM_DEVICE=eth1
 
 nmcli connection add \
     connection.autoconnect yes \
diff --git a/sources/ifg.usr/firstboot/10_setupnftables.sh b/sources/ifg.usr/firstboot/10_setupnftables.sh
index 2f32506..a522aaf 100755
--- a/sources/ifg.usr/firstboot/10_setupnftables.sh
+++ b/sources/ifg.usr/firstboot/10_setupnftables.sh
@@ -4,7 +4,6 @@
 REAL_PATH=$(realpath $(dirname $0))
 
 
-nft list ruleset
 nft list ruleset | grep ^table | sed 's/ {$//' | while read TABLE_SPEC
 do
     nft flush $TABLE_SPEC
@@ -13,5 +12,6 @@ done
 
 nft --echo --file $REAL_PATH/nftables.config
 nft list ruleset >/etc/nftables/ifg.nft
+nft list ruleset
 
 systemctl enable nftables.service