[pve-devel] [PATCH v2 container 1/2] setup: more general approach to tty paths
Wolfgang Bumiller
w.bumiller at proxmox.com
Wed Dec 7 14:10:34 CET 2016
Unprivileged containers always use an empty lxc.devttydir
option (iow. don't use the /dev/lxc/ subdirectory).
Alpine and Gentoo don't support it in general.
Define a devttydir() sub in Setup::Base which by default
returns "lxc/" or an empty string depending on whether it is
an unprivileged container. Gentoo and Alpine override it
with one which always returns an empty string.
Additionally rather than adding 4 fixed tty entries to
securetty, use the number we actually configured.
---
This approach mimics the behavior of lxc. Their default 'lxc/' devttydir
comes from their `common.conf`, and their `user.conf` unsets it again.
Additionally gentoo.common.conf and alpine.common.conf unset it as well.
src/PVE/LXC/Setup/Alpine.pm | 6 +++++-
src/PVE/LXC/Setup/ArchLinux.pm | 4 ++--
src/PVE/LXC/Setup/Base.pm | 20 ++++++++++++++++++--
src/PVE/LXC/Setup/CentOS.pm | 2 +-
src/PVE/LXC/Setup/Debian.pm | 2 +-
src/PVE/LXC/Setup/Gentoo.pm | 5 ++++-
src/PVE/LXC/Setup/SUSE.pm | 4 ++--
src/PVE/LXC/Setup/Ubuntu.pm | 2 +-
src/test/test-centos6-001/config | 1 +
src/test/test-opensuse-001/etc/securetty.exp | 2 --
src/test/test-opensuse-002/config | 1 +
src/test/test-opensuse-003/config | 1 +
12 files changed, 37 insertions(+), 13 deletions(-)
diff --git a/src/PVE/LXC/Setup/Alpine.pm b/src/PVE/LXC/Setup/Alpine.pm
index d69a0df..99be985 100644
--- a/src/PVE/LXC/Setup/Alpine.pm
+++ b/src/PVE/LXC/Setup/Alpine.pm
@@ -19,9 +19,13 @@ sub new {
my $self = { conf => $conf, rootdir => $rootdir, version => $version };
$conf->{ostype} = "alpine";
+
return bless $self, $class;
}
+# Alpine doesn't support the /dev/lxc/ subdirectory.
+sub devttydir { '' }
+
sub template_fixup {
my ($self, $conf) = @_;
@@ -39,7 +43,7 @@ sub template_fixup {
$self->ct_symlink('/etc/init.d/savecache',
'/etc/runlevels/shutdown/savecache');
- $self->setup_securetty($conf, qw(lxc/console lxc/tty1 lxc/tty2 lxc/tty3 lxc/tty4));
+ $self->setup_securetty($conf);
}
sub setup_init {
diff --git a/src/PVE/LXC/Setup/ArchLinux.pm b/src/PVE/LXC/Setup/ArchLinux.pm
index e93293f..60118ef 100644
--- a/src/PVE/LXC/Setup/ArchLinux.pm
+++ b/src/PVE/LXC/Setup/ArchLinux.pm
@@ -39,12 +39,12 @@ sub template_fixup {
'/etc/systemd/system/socket.target.wants/systemd-networkd.socket');
# edit /etc/securetty (enable login on console)
- $self->setup_securetty($conf, qw(console tty1 tty2 tty3 tty4));
+ $self->setup_securetty($conf);
}
sub setup_init {
my ($self, $conf) = @_;
- $self->setup_container_getty_service(1);
+ $self->setup_container_getty_service($conf);
}
sub setup_network {
diff --git a/src/PVE/LXC/Setup/Base.pm b/src/PVE/LXC/Setup/Base.pm
index 32c1491..059d184 100644
--- a/src/PVE/LXC/Setup/Base.pm
+++ b/src/PVE/LXC/Setup/Base.pm
@@ -198,13 +198,21 @@ sub setup_systemd_console {
}
}
+# A few distros as well as unprivileged containers cannot deal with the
+# /dev/lxc/ tty subdirectory.
+sub devttydir {
+ my ($self, $conf) = @_;
+ return $conf->{unprivileged} ? '' : 'lxc/';
+}
+
sub setup_container_getty_service {
- my ($self, $nosubdir) = @_;
+ my ($self, $conf) = @_;
+
my $systemd_dir_rel = $self->ct_is_executable("/lib/systemd/systemd") ?
"/lib/systemd/system" : "/usr/lib/systemd/system";
my $servicefile = "$systemd_dir_rel/container-getty\@.service";
my $raw = $self->ct_file_get_contents($servicefile);
- my $ttyname = ($nosubdir ? '' : 'lxc/') . 'tty%I';
+ my $ttyname = $self->devttydir($conf) . 'tty%I';
if ($raw =~ s at pts/%I|lxc/tty%I@$ttyname at g) {
$self->ct_file_set_contents($servicefile, $raw);
}
@@ -277,6 +285,14 @@ DATA
sub setup_securetty {
my ($self, $conf, @add) = @_;
+ if (!scalar(@add)) {
+ my $count = PVE::LXC::Config->get_tty_count($conf);
+ @add = ('console', map { "tty$_" } 1..$count);
+ if (my $dir = $self->devttydir($conf)) {
+ @add = map { "${dir}$_" } @add;
+ }
+ }
+
my $filename = "/etc/securetty";
# root login is already allowed on every device if no securetty present
return if !$self->ct_file_exists($filename);
diff --git a/src/PVE/LXC/Setup/CentOS.pm b/src/PVE/LXC/Setup/CentOS.pm
index 2becc35..94121ed 100644
--- a/src/PVE/LXC/Setup/CentOS.pm
+++ b/src/PVE/LXC/Setup/CentOS.pm
@@ -106,7 +106,7 @@ sub template_fixup {
$self->ct_file_set_contents($filename, $data);
# edit /etc/securetty (enable login on console)
- $self->setup_securetty($conf, qw(lxc/console lxc/tty1 lxc/tty2 lxc/tty3 lxc/tty4));
+ $self->setup_securetty($conf);
}
}
diff --git a/src/PVE/LXC/Setup/Debian.pm b/src/PVE/LXC/Setup/Debian.pm
index 1cca494..9c7ba9a 100644
--- a/src/PVE/LXC/Setup/Debian.pm
+++ b/src/PVE/LXC/Setup/Debian.pm
@@ -42,7 +42,7 @@ sub setup_init {
my $systemd = $self->ct_readlink('/sbin/init');
if (defined($systemd) && $systemd =~ m@/systemd$@) {
- $self->setup_container_getty_service(1);
+ $self->setup_container_getty_service($conf);
}
my $filename = "/etc/inittab";
diff --git a/src/PVE/LXC/Setup/Gentoo.pm b/src/PVE/LXC/Setup/Gentoo.pm
index c1810bb..f69c099 100644
--- a/src/PVE/LXC/Setup/Gentoo.pm
+++ b/src/PVE/LXC/Setup/Gentoo.pm
@@ -27,9 +27,12 @@ sub new {
return bless $self, $class;
}
+# Gentoo doesn't support the /dev/lxc/ subdirectory.
+sub devttydir { '' }
+
sub template_fixup {
my ($self, $conf) = @_;
- $self->setup_securetty($conf, qw(lxc/console lxc/tty1 lxc/tty2 lxc/tty3 lxc/tty4));
+ $self->setup_securetty($conf);
}
sub setup_init {
diff --git a/src/PVE/LXC/Setup/SUSE.pm b/src/PVE/LXC/Setup/SUSE.pm
index c511ab6..b775378 100644
--- a/src/PVE/LXC/Setup/SUSE.pm
+++ b/src/PVE/LXC/Setup/SUSE.pm
@@ -38,14 +38,14 @@ sub new {
sub template_fixup {
my ($self, $conf) = @_;
- $self->setup_securetty($conf, qw(lxc/console lxc/tty1 lxc/tty2 lxc/tty3 lxc/tty4));
+ $self->setup_securetty($conf);
}
sub setup_init {
my ($self, $conf) = @_;
if ($self->{version} >= 13.2) {
- $self->setup_container_getty_service();
+ $self->setup_container_getty_service($conf);
}
$self->setup_systemd_console($conf);
}
diff --git a/src/PVE/LXC/Setup/Ubuntu.pm b/src/PVE/LXC/Setup/Ubuntu.pm
index be785dd..28eb118 100644
--- a/src/PVE/LXC/Setup/Ubuntu.pm
+++ b/src/PVE/LXC/Setup/Ubuntu.pm
@@ -70,7 +70,7 @@ sub setup_init {
my $version = $self->{version};
if ($version eq '16.10') {
- $self->setup_container_getty_service(0);
+ $self->setup_container_getty_service($conf);
}
if ($version eq '12.04' || $version eq '14.04') {
diff --git a/src/test/test-centos6-001/config b/src/test/test-centos6-001/config
index afe246f..4990c47 100644
--- a/src/test/test-centos6-001/config
+++ b/src/test/test-centos6-001/config
@@ -2,3 +2,4 @@ hostname: test1
net0: bridge=vmbr0,name=eth0,ip=1.2.3.4/24,gw=1.2.3.1
net1: bridge=vmbr0,name=eth1,ip=10.2.3.4/24
net2: bridge=vmbr0,name=eth2
+tty: 4
diff --git a/src/test/test-opensuse-001/etc/securetty.exp b/src/test/test-opensuse-001/etc/securetty.exp
index a0f3062..7aa2e8c 100644
--- a/src/test/test-opensuse-001/etc/securetty.exp
+++ b/src/test/test-opensuse-001/etc/securetty.exp
@@ -8,5 +8,3 @@ console
lxc/console
lxc/tty1
lxc/tty2
-lxc/tty3
-lxc/tty4
diff --git a/src/test/test-opensuse-002/config b/src/test/test-opensuse-002/config
index 75b139d..cb2671c 100644
--- a/src/test/test-opensuse-002/config
+++ b/src/test/test-opensuse-002/config
@@ -3,3 +3,4 @@ net0: bridge=vmbr0,name=eth0,ip6=2001:1::/64,gw6=20ff::1
net1: bridge=vmbr0,name=eth1,ip6=2001:2::/64
net2: bridge=vmbr0,name=eth2,ip6=manual
net3: bridge=vmbr0,name=eth3,ip6=2000::1/64,gw6=fe80::1
+tty: 4
diff --git a/src/test/test-opensuse-003/config b/src/test/test-opensuse-003/config
index cbe2dcd..2327981 100644
--- a/src/test/test-opensuse-003/config
+++ b/src/test/test-opensuse-003/config
@@ -3,3 +3,4 @@ net0: bridge=vmbr0,name=eth0,ip=1.2.3.4/24,gw=4.3.2.1,ip6=2001:1::/64,gw6=2001:1
net1: bridge=vmbr0,name=eth1,ip=dhcp
net2: bridge=vmbr0,name=eth2,ip6=dhcp
net3: bridge=vmbr0,name=eth3,ip=dhcp,ip6=dhcp
+tty: 4
--
2.1.4
More information about the pve-devel
mailing list