Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

main: Fix systemd-generator #445

Merged
merged 6 commits into from
Jun 1, 2021
Merged

main: Fix systemd-generator #445

merged 6 commits into from
Jun 1, 2021

Conversation

monstermunchkin
Copy link
Member

No description provided.

@monstermunchkin monstermunchkin marked this pull request as draft June 1, 2021 09:33
@monstermunchkin monstermunchkin changed the title main: Fix typo in systemd-generator main: Fix systemd-generator Jun 1, 2021
@stgraber
Copy link
Member

stgraber commented Jun 1, 2021

  • Let's use sed -r everywhere then (@simondeziel FYI busybox doesn't support -E).
  • Let's make a function to do the BindReadOnly thing and call it for both networkd and resolved

@stgraber
Copy link
Member

stgraber commented Jun 1, 2021

Additional bits for privileged containers:

	if grep -q 4294967295 /proc/self/uid_map; then
		echo "ProtectHome=no" >> "${dropin_dir}/lxc-service.conf"
		echo "ProtectSystem=no" >> "${dropin_dir}/lxc-service.conf"
		echo "PrivateDevices=no" >> "${dropin_dir}/lxc-service.conf"
		echo "PrivateTmp=no" >> "${dropin_dir}/lxc-service.conf"
		echo "ProtectKernelLogs=no" >> "${dropin_dir}/lxc-service.conf"
		echo "ProtectKernelModules=no" >> "${dropin_dir}/lxc-service.conf"
		echo "ReadWritePaths=" >> "${dropin_dir}/lxc-service.conf"
	fi

@stgraber
Copy link
Member

stgraber commented Jun 1, 2021

All return calls need to be changed to return 0

@simondeziel
Copy link
Contributor 

* Let's use `sed -r` everywhere then (@simondeziel FYI busybox doesn't support `-E`).

There is no extended regex in there so I'd simply drop '-r'/'-E' and maybe use a more compact form like:

sed 's#/\(etc\|run\|usr/lib\)/systemd/##g'

@monstermunchkin
main: Fix typos in systemd-generator
3155d9e 
Signed-off-by: Thomas Hipp <thomas.hipp@canonical.com>
@monstermunchkin
main: Refactor networkd/resolved fixes
c9e314c 
Signed-off-by: Thomas Hipp <thomas.hipp@canonical.com>
@monstermunchkin
main: Simplify sed call
cc27d35 
Signed-off-by: Thomas Hipp <thomas.hipp@canonical.com>
@monstermunchkin
main: s/which/type/ in systemd generator
3ef10df 
At least on Oracle Linux 8 there is no `which`. Instead, we should use
`type` which is POSIX.

Signed-off-by: Thomas Hipp <thomas.hipp@canonical.com>
@monstermunchkin
main: Make sure to return 0
f5b65cc 
Signed-off-by: Thomas Hipp <thomas.hipp@canonical.com>
@monstermunchkin
main: Add settings for privileged containers
be87201 
Signed-off-by: Thomas Hipp <thomas.hipp@canonical.com>
@stgraber stgraber marked this pull request as ready for review June 1, 2021 22:37
@stgraber stgraber merged commit cd9e8fe into lxc:master Jun 1, 2021
@hugotrsd hugotrsd mentioned this pull request Dec 24, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@monstermunchkin @stgraber @simondeziel