glenux-archive/vagrant-lxc-base-boxes
glenux-archive/vagrant-lxc-base-boxes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

debian: fix jessie lxc config to support systemd

Browse source 
The lxc-debian template aready does this, but apparently
the download template does not. We need to adapt the config
for installation as well as provide a version-specific config
for packaging the box.
This commit is contained in:
Michael Adam 2015-01-05 02:25:23 +01:00
parent 022112d019
commit 76cbb0fc89
2 changed files with 70 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
common/download.sh
View file

@ -46,10 +46,14 @@ else
--arch ${ARCH} --arch ${ARCH}
fi fi
if [ ${DISTRIBUTION} = 'fedora' ]; then if [ ${DISTRIBUTION} = 'fedora' -o \
${DISTRIBUTION} = 'debian' -a ${RELEASE} = 'jessie' ]
then
# Improve systemd support: # Improve systemd support:
# - The fedora template does it but the fedora images from the download # - The fedora template does it but the fedora images from the download
# template apparently don't. # template apparently don't.
# - The debian template does it but the debian image from the download
# template apparently not.
utils.lxc.stop utils.lxc.stop
echo >> /var/lib/lxc/${CONTAINER}/config echo >> /var/lib/lxc/${CONTAINER}/config
echo "# settings for systemd with PID 1:" >> /var/lib/lxc/${CONTAINER}/config echo "# settings for systemd with PID 1:" >> /var/lib/lxc/${CONTAINER}/config

65
conf/debian-jessie Normal file
View file

@ -0,0 +1,65 @@
# support systemd as PID 1
lxc.autodev = 1
lxc.kmsg = 0
# Default pivot location
lxc.pivotdir = lxc_putold
# Default mount entries
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs defaults 0 0
# Default console settings
lxc.tty = 4
lxc.pts = 1024
# Default capabilities
lxc.cap.drop = sys_module mac_admin mac_override sys_time
# When using LXC with apparmor, the container will be confined by default.
# If you wish for it to instead run unconfined, copy the following line
# (uncommented) to the container's configuration file.
#lxc.aa_profile = unconfined
# To support container nesting on an Ubuntu host while retaining most of
# apparmor's added security, use the following two lines instead.
#lxc.aa_profile = lxc-container-default-with-nesting
#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
# If you wish to allow mounting block filesystems, then use the following
# line instead, and make sure to grant access to the block device and/or loop
# devices below in lxc.cgroup.devices.allow.
#lxc.aa_profile = lxc-container-default-with-mounting
# Default cgroup limits
lxc.cgroup.devices.deny = a
## Allow any mknod (but not using the node)
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
## /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
## consoles
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
## /dev/{,u}random
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
## /dev/pts/*
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 136:* rwm
## rtc
lxc.cgroup.devices.allow = c 254:0 rm
## fuse
lxc.cgroup.devices.allow = c 10:229 rwm
## tun
lxc.cgroup.devices.allow = c 10:200 rwm
## full
lxc.cgroup.devices.allow = c 1:7 rwm
## hpet
lxc.cgroup.devices.allow = c 10:228 rwm
## kvm
lxc.cgroup.devices.allow = c 10:232 rwm
## To use loop devices, copy the following line to the container's
## configuration file (uncommented).
#lxc.cgroup.devices.allow = b 7:* rwm