github.com/schwarzm/garden-linux@v0.0.0-20150507151835-33bca2147c47/old/linux_backend/skeleton/setup.sh (about) 1 #!/bin/bash 2 3 set -o xtrace 4 set -o nounset 5 set -o errexit 6 shopt -s nullglob 7 8 cd $(dirname $0) 9 10 # Defaults for debugging the setup script 11 iface_name_prefix="${GARDEN_NETWORK_INTERFACE_PREFIX}" 12 max_id_len=$(expr 16 - ${#iface_name_prefix} - 2) 13 iface_name=$(tail -c ${max_id_len} <<< ${id}) 14 id=${id:-test} 15 network_cidr=${network_cidr:-10.0.0.0/30} 16 container_iface_mtu=${container_iface_mtu:-1500} 17 network_host_ip=${network_host_ip:-10.0.0.1} 18 network_host_iface="${iface_name_prefix}${iface_name}-0" 19 network_container_ip=${network_container_ip:-10.0.0.2} 20 network_container_iface="${iface_name_prefix}${iface_name}-1" 21 bridge_iface="${bridge_iface}" 22 network_cidr_suffix=${network_cidr_suffix:-30} 23 user_uid=${user_uid:-10000} 24 root_uid=${root_uid:-10000} 25 rootfs_path=$(readlink -f $rootfs_path) 26 27 if [ ! -d $rootfs_path/tmp ]; then 28 mkdir $rootfs_path/tmp 29 fi 30 chmod 1777 $rootfs_path/tmp 31 32 if [ ! -d $rootfs_path/etc ]; then 33 mkdir $rootfs_path/etc 34 chmod 0755 $rootfs_path/etc 35 fi 36 37 # Write configuration 38 cat > etc/config <<-EOS 39 id=$id 40 network_host_ip=$network_host_ip 41 network_host_iface=$network_host_iface 42 network_container_ip=$network_container_ip 43 network_container_iface=$network_container_iface 44 bridge_iface=$bridge_iface 45 network_cidr_suffix=$network_cidr_suffix 46 container_iface_mtu=$container_iface_mtu 47 network_cidr=$network_cidr 48 root_uid=$root_uid 49 user_uid=$user_uid 50 rootfs_path=$rootfs_path 51 external_ip=$external_ip 52 EOS 53 54 if [ ! -d $rootfs_path/proc ]; then 55 mkdir -p $rootfs_path/proc 56 chown $root_uid:$root_uid $rootfs_path/proc 57 chmod 0755 $rootfs_path/proc 58 fi 59 60 #chown $root:0 $rootfs_path/proc 61 62 if [ ! -d $rootfs_path/dev ]; then 63 mkdir -p $rootfs_path/dev 64 chown $root_uid:$root_uid $rootfs_path/dev 65 chmod 0755 $rootfs_path/dev 66 fi 67 68 # Strip /dev down to the bare minimum 69 rm -rf $rootfs_path/dev/* 70 71 if [ ! -d $rootfs_path/dev/shm ]; then 72 mkdir $rootfs_path/dev/shm 73 chown $root_uid:$root_uid $rootfs_path/dev/shm 74 chmod 1777 $rootfs_path/dev/shm 75 fi 76 77 # add device: adddev <owner> <device-file-path> <mknod-1> <mknod-2> 78 function adddev() 79 { 80 local own=${1} 81 local file=${2} 82 local opts="c ${3} ${4}" 83 84 mknod -m 666 ${file} ${opts} 85 chown root:${own} ${file} 86 } 87 88 89 # /dev/tty 90 adddev tty $rootfs_path/dev/tty 5 0 91 # /dev/random, /dev/urandom 92 adddev root $rootfs_path/dev/random 1 8 93 adddev root $rootfs_path/dev/urandom 1 9 94 # /dev/null, /dev/zero, /dev/full 95 adddev root $rootfs_path/dev/null 1 3 96 adddev root $rootfs_path/dev/zero 1 5 97 adddev root $rootfs_path/dev/full 1 7 98 99 # /dev/fd, /dev/std{in,out,err} 100 pushd $rootfs_path/dev > /dev/null 101 ln -s /proc/self/fd 102 ln -s fd/0 stdin 103 ln -s fd/1 stdout 104 ln -s fd/2 stderr 105 popd > /dev/null 106 107 # Add fuse group and device, so fuse can work inside the container 108 mknod -m 666 $rootfs_path/dev/fuse c 10 229 109 chown $root_uid:$root_uid $rootfs_path/dev/fuse 110 chmod ugo+rw $rootfs_path/dev/fuse 111 112 cat > $rootfs_path/etc/hostname <<-EOS 113 $id 114 EOS 115 116 cat > $rootfs_path/etc/hosts <<-EOS 117 127.0.0.1 localhost 118 $network_container_ip $id 119 EOS 120 121 # By default, inherit the nameserver from the host container. 122 # 123 # Exception: When the host's nameserver is set to localhost (127.0.0.1), it is 124 # assumed to be running its own DNS server and listening on all interfaces. 125 # In this case, the container must use the network_host_ip address 126 # as the nameserver. 127 if [[ "$(cat /etc/resolv.conf)" == "nameserver 127.0.0.1" ]] 128 then 129 cat > $rootfs_path/etc/resolv.conf <<-EOS 130 nameserver $network_host_ip 131 EOS 132 else 133 # some images may have something set up here; the host's should be the source 134 # of truth 135 rm -f $rootfs_path/etc/resolv.conf 136 137 cp /etc/resolv.conf $rootfs_path/etc/ 138 fi 139 140 141 # Add vcap user if not already present 142 if ! chroot $rootfs_path id vcap >/dev/null 2>&1; then 143 mkdir -p $rootfs_path/home 144 145 shell=/bin/sh 146 if [ -f $rootfs_path/bin/bash ]; then 147 shell=/bin/bash 148 fi 149 150 touch $rootfs_path/etc/passwd 151 touch $rootfs_path/etc/group 152 useradd -R $rootfs_path -m -u 10001 -U -s $shell vcap 153 vcap_uid=$(($root_uid + 10001)) 154 chown $vcap_uid:$vcap_uid $rootfs_path/home/vcap 155 fi 156 157 # workaround aufs limitations by copying /root directory out and back 158 # in order to get it a new inode. This is the only way to prevent the 159 # ownership in the read-only layer affecting the read-write layer. Later 160 # versions of aufs support a dirperm1 mount option which should allow us 161 # to remove this workaround. 162 rm -rf "$rootfs_path/tmp/root" || true # just in case 163 [ -d "$rootfs_path/root" ] && cp -r "$rootfs_path/root" "$rootfs_path/tmp/root" 164 if rm -r "$rootfs_path/root" 2>&1; then 165 mv "$rootfs_path/tmp/root" "$rootfs_path/root" 166 fi 167 rm -rf "$rootfs_path/tmp/root" 168 169 # change the root user id in the rootfs /root dir to the container root uid if they 170 # differ and if /root exists 171 if [ -d "$rootfs_path/root" ] && [ "$root_uid" -ne 0 ]; then 172 chown -R --from=0:0 $root_uid:$root_uid "$rootfs_path/root" || true # ignore failures 173 fi 174 175 exit 0