containers - lxc-template: enable chroot + chpasswd functionality for Busybox hosts

This patch enables installation of Buysbox containers on Busybox hosts. Please see patch message for detailed information. The patch has been submitted and accepted upstream by LXC maintainers. The functionality hasn't made it to LXC 0.9.0, but will (most probably) be included upstream in future releases of LXC. Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
author: Bogdan Purcareata <bogdan.purcareata@freescale.com> 2013-04-12 17:21:58 +0300
committer: Bruce Ashfield <bruce.ashfield@windriver.com> 2013-04-12 10:17:03 -0700
commit: c6af28f6e7af3959495deada7f5210a47ee4d7f9 (patch)
tree: 451b27c81024946bfb3d74ca2706d7ab054a7769
parent: 4d85e67ec252de40b4ab35b5a9581e7ba5ac1ac9 (diff)
download: meta-virtualization-c6af28f6e7af3959495deada7f5210a47ee4d7f9.tar.gz
2 files changed, 71 insertions, 0 deletions
diff --git a/recipes-containers/lxc/files/lxc-0.9.0-enable-chroot-chpasswd-functionality-for-busybox-hosts.patch b/recipes-containers/lxc/files/lxc-0.9.0-enable-chroot-chpasswd-functionality-for-busybox-hosts.patch
new file mode 100644
index 00000000..d07c6580
--- /dev/null
+++ b/recipes-containers/lxc/files/lxc-0.9.0-enable-chroot-chpasswd-functionality-for-busybox-hosts.patch
@@ -0,0 +1,70 @@
+From 4ddc14bd0866ff769421857044dd14867f1944d5 Mon Sep 17 00:00:00 2001
+From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+Date: Thu, 11 Apr 2013 16:15:43 +0300
+Subject: [PATCH v2] lxc-template: enable chroot + chpasswd functionality for
+ Busybox hosts
+This patch supports the scenario where a user wants to install a
+busybox container on a busybox host.
+When running the template, in order to change the root password,
+the template needs to do the chroot. On busybox-powered hosts, chroot
+is not part of the coreutils package - it's part of busybox. And the
+busybox implementation or chroot only works if it has /lib in the new
+root populated with the right binaries (or at least that's the
+solution I found to make it work).
+The temporarily bind-mounts /lib in the NEWROOT, chroots there,
+changes the password, goes back and unmounts. This set of operations
+is contained in a new MOUNT namespace, using the lxc-unshare call.
+Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+---
+ templates/lxc-busybox.in | 30 ++++++++++++++++++++++++++++--
+ 1 file changed, 28 insertions(+), 2 deletions(-)
+diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
+index cb425ec..2ca2bfd 100644
+--- a/templates/lxc-busybox.in
+++ b/templates/lxc-busybox.in
+@@ -189,9 +189,35 @@ configure_busybox()
+     # passwd exec must be setuid
+     chmod +s $rootfs/bin/passwd
+     touch $rootfs/etc/shadow
+-    echo "setting root passwd to root"
+-    echo "root:root" | chroot $rootfs chpasswd
+ 
+    # setting passwd for root
+    CHPASSWD_FILE=$rootfs/root/chpasswd.sh
+
+    cat <<EOF >$CHPASSWD_FILE
+echo "setting root password to \"root\""
+
+mount --bind /lib $rootfs/lib
+if [ \$? -ne 0 ]; then
+    echo "Failed bind-mounting /lib at $rootfs/lib"
+    exit 1
+fi
+
+chroot $rootfs chpasswd <<EOFF 2>/dev/null
+root:root
+EOFF
+
+
+if [ \$? -ne 0 ]; then
+    echo "Failed to change root password"
+    exit 1
+fi
+
+umount $rootfs/lib
+
+EOF
+
+    lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE
+    rm $CHPASSWD_FILE
+ 
+     # add ssh functionality if dropbear package available on host
+     which dropbear >/dev/null 2>&1
+-- 
+1.7.11.7
diff --git a/recipes-containers/lxc/lxc_0.9.0.bb b/recipes-containers/lxc/lxc_0.9.0.bb
index fcda0ba4..63ce2d66 100644
--- a/recipes-containers/lxc/lxc_0.9.0.bb
+++ b/recipes-containers/lxc/lxc_0.9.0.bb
@@ -23,6 +23,7 @@ RDEPENDS_${PN} = " \
 SRC_URI = "http://lxc.sourceforge.net/download/lxc/${PN}-${PV}.tar.gz \
        file://lxc-0.9.0-disable-udhcp-from-busybox-template.patch \
+        file://lxc-0.9.0-enable-chroot-chpasswd-functionality-for-busybox-hosts.patch \
        "
 SRC_URI[md5sum] = "8552a4479090616f4bc04d8473765fc9"
 SRC_URI[sha256sum] = "1e1767eae6cc5fbf892c0e193d25da420ba19f2db203716c38f7cdea3b654120"
author	Bogdan Purcareata <bogdan.purcareata@freescale.com>	2013-04-12 17:21:58 +0300
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2013-04-12 10:17:03 -0700
commit	c6af28f6e7af3959495deada7f5210a47ee4d7f9 (patch)
tree	451b27c81024946bfb3d74ca2706d7ab054a7769
parent	4d85e67ec252de40b4ab35b5a9581e7ba5ac1ac9 (diff)
download	meta-virtualization-c6af28f6e7af3959495deada7f5210a47ee4d7f9.tar.gz

diff --git a/recipes-containers/lxc/files/lxc-0.9.0-enable-chroot-chpasswd-functionality-for-busybox-hosts.patch b/recipes-containers/lxc/files/lxc-0.9.0-enable-chroot-chpasswd-functionality-for-busybox-hosts.patch new file mode 100644 index 00000000..d07c6580 --- /dev/null +++ b/recipes-containers/lxc/files/lxc-0.9.0-enable-chroot-chpasswd-functionality-for-busybox-hosts.patch
@@ -0,0 +1,70 @@
		1	From 4ddc14bd0866ff769421857044dd14867f1944d5 Mon Sep 17 00:00:00 2001
		2	From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
		3	Date: Thu, 11 Apr 2013 16:15:43 +0300
		4	Subject: [PATCH v2] lxc-template: enable chroot + chpasswd functionality for
		5	Busybox hosts
		6
		7	This patch supports the scenario where a user wants to install a
		8	busybox container on a busybox host.
		9
		10	When running the template, in order to change the root password,
		11	the template needs to do the chroot. On busybox-powered hosts, chroot
		12	is not part of the coreutils package - it's part of busybox. And the
		13	busybox implementation or chroot only works if it has /lib in the new
		14	root populated with the right binaries (or at least that's the
		15	solution I found to make it work).
		16
		17	The temporarily bind-mounts /lib in the NEWROOT, chroots there,
		18	changes the password, goes back and unmounts. This set of operations
		19	is contained in a new MOUNT namespace, using the lxc-unshare call.
		20
		21	Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
		22	---
		23	templates/lxc-busybox.in \| 30 ++++++++++++++++++++++++++++--
		24	1 file changed, 28 insertions(+), 2 deletions(-)
		25
		26	diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
		27	index cb425ec..2ca2bfd 100644
		28	--- a/templates/lxc-busybox.in
		29	+++ b/templates/lxc-busybox.in
		30	@@ -189,9 +189,35 @@ configure_busybox()
		31	# passwd exec must be setuid
		32	chmod +s $rootfs/bin/passwd
		33	touch $rootfs/etc/shadow
		34	- echo "setting root passwd to root"
		35	- echo "root:root" \| chroot $rootfs chpasswd
		36
		37	+ # setting passwd for root
		38	+ CHPASSWD_FILE=$rootfs/root/chpasswd.sh
		39	+
		40	+ cat <<EOF >$CHPASSWD_FILE
		41	+echo "setting root password to \"root\""
		42	+
		43	+mount --bind /lib $rootfs/lib
		44	+if [ \$? -ne 0 ]; then
		45	+ echo "Failed bind-mounting /lib at $rootfs/lib"
		46	+ exit 1
		47	+fi
		48	+
		49	+chroot $rootfs chpasswd <<EOFF 2>/dev/null
		50	+root:root
		51	+EOFF
		52	+
		53	+
		54	+if [ \$? -ne 0 ]; then
		55	+ echo "Failed to change root password"
		56	+ exit 1
		57	+fi
		58	+
		59	+umount $rootfs/lib
		60	+
		61	+EOF
		62	+
		63	+ lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE
		64	+ rm $CHPASSWD_FILE
		65
		66	# add ssh functionality if dropbear package available on host
		67	which dropbear >/dev/null 2>&1
		68	--
		69	1.7.11.7
		70


diff --git a/recipes-containers/lxc/lxc_0.9.0.bb b/recipes-containers/lxc/lxc_0.9.0.bb index fcda0ba4..63ce2d66 100644 --- a/recipes-containers/lxc/lxc_0.9.0.bb +++ b/recipes-containers/lxc/lxc_0.9.0.bb
@@ -23,6 +23,7 @@ RDEPENDS_${PN} = " \
23		23
24	SRC_URI = "http://lxc.sourceforge.net/download/lxc/${PN}-${PV}.tar.gz \	24	SRC_URI = "http://lxc.sourceforge.net/download/lxc/${PN}-${PV}.tar.gz \
25	file://lxc-0.9.0-disable-udhcp-from-busybox-template.patch \	25	file://lxc-0.9.0-disable-udhcp-from-busybox-template.patch \
		26	file://lxc-0.9.0-enable-chroot-chpasswd-functionality-for-busybox-hosts.patch \
26	"	27	"
27	SRC_URI[md5sum] = "8552a4479090616f4bc04d8473765fc9"	28	SRC_URI[md5sum] = "8552a4479090616f4bc04d8473765fc9"
28	SRC_URI[sha256sum] = "1e1767eae6cc5fbf892c0e193d25da420ba19f2db203716c38f7cdea3b654120"	29	SRC_URI[sha256sum] = "1e1767eae6cc5fbf892c0e193d25da420ba19f2db203716c38f7cdea3b654120"