diff --git a/etc/lxc.3.config.in b/etc/lxc.3.config.in new file mode 100644 index 0000000..18a8f53 --- /dev/null +++ b/etc/lxc.3.config.in @@ -0,0 +1,38 @@ +lxc.tty.max = 4 +lxc.pty.max = 1024 +lxc.rootfs.path = ROOTFS +lxc.arch = ARCH +lxc.cgroup.devices.deny = a +# /dev/null and zero +lxc.cgroup.devices.allow = c 1:3 rwm +lxc.cgroup.devices.allow = c 1:5 rwm +# consoles +lxc.cgroup.devices.allow = c 5:1 rwm +lxc.cgroup.devices.allow = c 5:0 rwm +lxc.cgroup.devices.allow = c 4:0 rwm +lxc.cgroup.devices.allow = c 4:1 rwm +# /dev/{,u}random +lxc.cgroup.devices.allow = c 1:9 rwm +lxc.cgroup.devices.allow = c 1:8 rwm +lxc.cgroup.devices.allow = c 136:* rwm +lxc.cgroup.devices.allow = c 5:2 rwm +# rtc +lxc.cgroup.devices.allow = c 254:0 rwm + +# mounts points +lxc.mount.entry=proc ROOTFS/proc proc nodev,noexec,nosuid 0 0 +lxc.mount.entry=sysfs ROOTFS/sys sysfs defaults 0 0 + +# Container with network virtualized using a pre-configured bridge named br0 and +# veth pair virtual network devices +# On the host, run: ifconfig br0 up 10.0.2.2 +# Alternatively, you can use another IP range for the bridge interface, in this case set +# the environment variables GITIAN_HOST_IP and LXC_GUEST_IP appropriately. +lxc.net.0.type = veth +lxc.net.0.flags = up +lxc.net.0.link = GUESTLINK +lxc.net.0.ipv4.address = GUESTIP/24 +lxc.net.0.ipv4.gateway = auto + +lxc.uts.name = gitian + diff --git a/libexec/config-lxc b/libexec/config-lxc index ddeabcf..e858fde 100755 --- a/libexec/config-lxc +++ b/libexec/config-lxc @@ -10,4 +10,15 @@ if [ -z "$LXC_BRIDGE" ]; then LXC_BRIDGE=br0 fi -sed "s;ROOTFS;$wd/target-$LXC_SUITE-$LXC_ARCH;;s;ARCH;$LXC_ARCH;g;;s;GUESTIP;$LXC_GUEST_IP;g;s;GUESTLINK;$LXC_BRIDGE;g" < etc/lxc.config.in > var/lxc.config +OLD_IFS=$IFS +IFS=. +VERSION=($(lxc-start --version)) +IFS=$OLD_IFS + +if [ $VERSION -ge 3 ]; then + LXC_CONFIG=etc/lxc.3.config.in +else + LXC_CONFIG=etc/lxc.config.in +fi + +sed "s;ROOTFS;$wd/target-$LXC_SUITE-$LXC_ARCH;;s;ARCH;$LXC_ARCH;g;;s;GUESTIP;$LXC_GUEST_IP;g;s;GUESTLINK;$LXC_BRIDGE;g" < $LXC_CONFIG > var/lxc.config