[Devel] [PATCH v2 1/2] allow for distro-specific fix ups at creation time.
Glauber Costa
glommer at openvz.org
Mon May 20 12:59:06 PDT 2013
From: Glauber Costa <glommer at parallels.com>
We will need that infrastucture when running with Linux upstream, since some
support is very unlikely to ever land in the Kernel. This will be done by
running a vps script that will be run shortly before we call exec() on
/sbin/init.
To demonstrate what such script should do, this patch uses the script to
override the loginuid PAM module. This is called only for the distributions in
which I have verified the need and tested that the fixup works. We should look
into expanding this.
Signed-off-by: Glauber Costa <glommer at parallels.com>
---
etc/dists/debian.conf | 1 +
etc/dists/redhat.conf | 1 +
etc/dists/scripts/prestart.sh | 41 +++++++++++++++++++++++++++++++++++++++++
etc/dists/suse.conf | 1 +
include/dist.h | 2 ++
src/lib/dist.c | 10 +++++++++-
src/lib/env.c | 18 ++++++++++++++++++
7 files changed, 73 insertions(+), 1 deletion(-)
create mode 100755 etc/dists/scripts/prestart.sh
diff --git a/etc/dists/debian.conf b/etc/dists/debian.conf
index c09edad..fdb9df4 100644
--- a/etc/dists/debian.conf
+++ b/etc/dists/debian.conf
@@ -25,3 +25,4 @@ SET_DNS=set_dns.sh
SET_USERPASS=set_userpass.sh
SET_UGID_QUOTA=set_ugid_quota.sh
POST_CREATE=postcreate.sh
+PRE_START=prestart.sh
diff --git a/etc/dists/redhat.conf b/etc/dists/redhat.conf
index 727461d..92947bc 100644
--- a/etc/dists/redhat.conf
+++ b/etc/dists/redhat.conf
@@ -25,3 +25,4 @@ SET_DNS=set_dns.sh
SET_USERPASS=set_userpass.sh
SET_UGID_QUOTA=set_ugid_quota.sh
POST_CREATE=postcreate.sh
+PRE_START=prestart.sh
diff --git a/etc/dists/scripts/prestart.sh b/etc/dists/scripts/prestart.sh
new file mode 100755
index 0000000..1f28b13
--- /dev/null
+++ b/etc/dists/scripts/prestart.sh
@@ -0,0 +1,41 @@
+#!/bin/sh
+# Copyright (C) 2013, Parallels, Inc. All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+#
+# Most distributions will need some kind of adjustment when running under
+# user namespaces. One example is overriding the loginuid PAM module, that
+# is, so far, meaningless inside a container. This script will apply various
+# fixups if needed.
+
+fixup_loginuid()
+{
+ local pam_permit="security/pam_permit.so"
+ local pam_loginuid="security/pam_loginuid.so"
+
+ for dir in lib lib64 lib/x86_64-linux-gnu lib/i386-linux-gnu; do
+ [ -f $dir/$pam_loginuid ] || continue
+ mount --bind $dir/$pam_permit $dir/$pam_loginuid
+ break
+ done
+}
+
+[ "x$VZ_KERNEL" = "xyes" ] && exit 0
+[ "x$USERNS" = "xno" ] && exit 0
+
+fixup_loginuid
+
+exit 0
diff --git a/etc/dists/suse.conf b/etc/dists/suse.conf
index eaa621e..c0ab9af 100644
--- a/etc/dists/suse.conf
+++ b/etc/dists/suse.conf
@@ -25,4 +25,5 @@ SET_DNS=set_dns.sh
SET_USERPASS=set_userpass.sh
SET_UGID_QUOTA=set_ugid_quota.sh
POST_CREATE=postcreate.sh
+PRE_START=prestart.sh
diff --git a/include/dist.h b/include/dist.h
index 1f6a5a6..a676998 100644
--- a/include/dist.h
+++ b/include/dist.h
@@ -29,6 +29,7 @@
#define SET_USERPASS 5
#define SET_UGID_QUOTA 6
#define POST_CREATE 7
+#define PRE_START 8
typedef struct {
char *def_ostmpl;
@@ -46,6 +47,7 @@ typedef struct dist_actions {
char *set_userpass; /**< setup user password. */
char *set_ugid_quota; /**< setup 2level quota. */
char *post_create; /**< sostcreate actions. */
+ char *pre_start; /**< pre start actions. */
} dist_actions;
/* Read distribution specific actions configuration file.
diff --git a/src/lib/dist.c b/src/lib/dist.c
index bde94ab..f536076 100644
--- a/src/lib/dist.c
+++ b/src/lib/dist.c
@@ -36,7 +36,8 @@ static struct distr_conf {
{"SET_DNS", SET_DNS},
{"SET_USERPASS", SET_USERPASS},
{"SET_UGID_QUOTA", SET_UGID_QUOTA},
- {"POST_CREATE", POST_CREATE}
+ {"POST_CREATE", POST_CREATE},
+ {"PRE_START", PRE_START},
};
static int get_action_id(char *name)
@@ -100,6 +101,12 @@ static int add_dist_action(dist_actions *d_actions, char *name, char *action,
break;
d_actions->post_create = strdup(file);
break;
+ case PRE_START:
+ if (d_actions->pre_start != NULL)
+ break;
+ d_actions->pre_start = strdup(file);
+ break;
+
}
return 0;
}
@@ -115,6 +122,7 @@ void free_dist_actions(dist_actions *d_actions)
free(d_actions->set_userpass);
free(d_actions->set_ugid_quota);
free(d_actions->post_create);
+ free(d_actions->pre_start);
}
static int get_dist_conf_name(char *dist_name, char *dir, char *file, int len)
diff --git a/src/lib/env.c b/src/lib/env.c
index 6923b33..acf0e53 100644
--- a/src/lib/env.c
+++ b/src/lib/env.c
@@ -659,6 +659,24 @@ int vps_start_custom(vps_handler *h, envid_t veid, vps_param *param,
goto err;
}
if (!(skip & SKIP_ACTION_SCRIPT)) {
+
+ if (!is_vz_kernel(h) && actions.pre_start) {
+ char buf[32];
+ char buf_ns[32];
+ char *envp[3];
+
+ snprintf(buf, sizeof(buf), "VZ_KERNEL=%s", is_vz_kernel(h) ? "yes" : "no");
+ envp[0] = buf;
+ snprintf(buf_ns, sizeof(buf_ns), "USERNS=%s", h->can_join_userns ? "yes" : "no");
+ envp[1] = buf_ns;
+ envp[2] = NULL;
+ if (vps_exec_script(h, veid, res->fs.root, NULL, envp,
+ actions.pre_start, NULL, 0)) {
+ ret = VZ_ACTIONSCRIPT_ERROR;
+ goto err;
+ }
+ }
+
snprintf(buf, sizeof(buf), VPS_CONF_DIR "%d.%s", veid,
START_PREFIX);
if (stat_file(buf)) {
--
1.7.11.7
More information about the Devel
mailing list