[meta-virtualization] [PATCH 1/2] containers - lxc-template: enable chroot + chpasswd functionality for Busybox hosts

Bogdan Purcareata bogdan.purcareata at freescale.com
Fri Apr 12 07:21:58 PDT 2013


This patch enables installation of Buysbox containers on Busybox hosts.
Please see patch message for detailed information.

The patch has been submitted and accepted upstream by LXC maintainers.
The functionality hasn't made it to LXC 0.9.0, but will (most probably)
be included upstream in future releases of LXC.

Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
---
 ...-chpasswd-functionality-for-busybox-hosts.patch | 70 ++++++++++++++++++++++
 recipes-containers/lxc/lxc_0.9.0.bb                |  1 +
 2 files changed, 71 insertions(+)
 create mode 100644 recipes-containers/lxc/files/lxc-0.9.0-enable-chroot-chpasswd-functionality-for-busybox-hosts.patch

diff --git a/recipes-containers/lxc/files/lxc-0.9.0-enable-chroot-chpasswd-functionality-for-busybox-hosts.patch b/recipes-containers/lxc/files/lxc-0.9.0-enable-chroot-chpasswd-functionality-for-busybox-hosts.patch
new file mode 100644
index 0000000..d07c658
--- /dev/null
+++ b/recipes-containers/lxc/files/lxc-0.9.0-enable-chroot-chpasswd-functionality-for-busybox-hosts.patch
@@ -0,0 +1,70 @@
+From 4ddc14bd0866ff769421857044dd14867f1944d5 Mon Sep 17 00:00:00 2001
+From: Bogdan Purcareata <bogdan.purcareata at freescale.com>
+Date: Thu, 11 Apr 2013 16:15:43 +0300
+Subject: [PATCH v2] lxc-template: enable chroot + chpasswd functionality for
+ Busybox hosts
+
+This patch supports the scenario where a user wants to install a
+busybox container on a busybox host.
+
+When running the template, in order to change the root password,
+the template needs to do the chroot. On busybox-powered hosts, chroot
+is not part of the coreutils package - it's part of busybox. And the
+busybox implementation or chroot only works if it has /lib in the new
+root populated with the right binaries (or at least that's the
+solution I found to make it work).
+
+The temporarily bind-mounts /lib in the NEWROOT, chroots there,
+changes the password, goes back and unmounts. This set of operations
+is contained in a new MOUNT namespace, using the lxc-unshare call.
+
+Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
+---
+ templates/lxc-busybox.in | 30 ++++++++++++++++++++++++++++--
+ 1 file changed, 28 insertions(+), 2 deletions(-)
+
+diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
+index cb425ec..2ca2bfd 100644
+--- a/templates/lxc-busybox.in
++++ b/templates/lxc-busybox.in
+@@ -189,9 +189,35 @@ configure_busybox()
+     # passwd exec must be setuid
+     chmod +s $rootfs/bin/passwd
+     touch $rootfs/etc/shadow
+-    echo "setting root passwd to root"
+-    echo "root:root" | chroot $rootfs chpasswd
+ 
++    # setting passwd for root
++    CHPASSWD_FILE=$rootfs/root/chpasswd.sh
++
++    cat <<EOF >$CHPASSWD_FILE
++echo "setting root password to \"root\""
++
++mount --bind /lib $rootfs/lib
++if [ \$? -ne 0 ]; then
++    echo "Failed bind-mounting /lib at $rootfs/lib"
++    exit 1
++fi
++
++chroot $rootfs chpasswd <<EOFF 2>/dev/null
++root:root
++EOFF
++
++
++if [ \$? -ne 0 ]; then
++    echo "Failed to change root password"
++    exit 1
++fi
++
++umount $rootfs/lib
++
++EOF
++
++    lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE
++    rm $CHPASSWD_FILE
+ 
+     # add ssh functionality if dropbear package available on host
+     which dropbear >/dev/null 2>&1
+-- 
+1.7.11.7
+
diff --git a/recipes-containers/lxc/lxc_0.9.0.bb b/recipes-containers/lxc/lxc_0.9.0.bb
index fcda0ba..63ce2d6 100644
--- a/recipes-containers/lxc/lxc_0.9.0.bb
+++ b/recipes-containers/lxc/lxc_0.9.0.bb
@@ -23,6 +23,7 @@ RDEPENDS_${PN} = " \
 
 SRC_URI = "http://lxc.sourceforge.net/download/lxc/${PN}-${PV}.tar.gz \
 	file://lxc-0.9.0-disable-udhcp-from-busybox-template.patch \
+	file://lxc-0.9.0-enable-chroot-chpasswd-functionality-for-busybox-hosts.patch \
 	"
 SRC_URI[md5sum] = "8552a4479090616f4bc04d8473765fc9"
 SRC_URI[sha256sum] = "1e1767eae6cc5fbf892c0e193d25da420ba19f2db203716c38f7cdea3b654120"
-- 
1.7.11.7





More information about the meta-virtualization mailing list