--- lxc-slackware	2022-09-04 11:50:08.541584734 +0200
+++ lxc-my_template	2023-09-06 18:33:39.385133841 +0200
@@ -24,6 +26,7 @@
 # License along with this library; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
+domain=${DOMAIN:-domain.tld}
 cache=${cache:-/var/cache/lxc/slackware}
 
 # Use the primary Slackware site by default, but please consider changing
@@ -83,7 +86,7 @@
 # /etc/rc.d/rc.inet1.conf and /etc/resolv.conf of the container
 # just set the hostname
 cat <<EOF > $rootfs/etc/HOSTNAME
-$hostname.example.net
+$hostname.$domain
 EOF
 cp $rootfs/etc/HOSTNAME $rootfs/etc/hostname
 
@@ -125,8 +128,8 @@
 echo "full path of the container's rootfs if you decide to move it."
 cat >$rootfs/etc/fstab <<EOF
 lxcpts $rootfs/dev/pts devpts defaults,newinstance 0 0
-none $rootfs/proc    proc   defaults 0 0
-none $rootfs/sys     sysfs  defaults 0 0
+#none $rootfs/proc    proc   defaults 0 0
+#none $rootfs/sys     sysfs  defaults 0 0
 none /dev/shm tmpfs defaults 0 0
 none /run tmpfs defaults,mode=0755 0 0
 EOF
@@ -134,6 +137,17 @@
 # restart rc.inet1 to have routing for the loop device
 echo "/etc/rc.d/rc.inet1 restart" >> $rootfs/etc/rc.d/rc.local
 
+# disable not needed services
+[ -f $rootfs/etc/rc.d/rc.cpufreq ] && chmod -x $rootfs/etc/rc.d/rc.cpufreq
+[ -f $rootfs/etc/rc.d/rc.modules ] && chmod -x $rootfs/etc/rc.d/rc.modules*
+[ -f $rootfs/etc/rc.d/rc.sshd ]    && chmod -x $rootfs/etc/rc.d/rc.sshd
+[ -f $rootfs/etc/rc.d/rc.setterm ] && chmod -x $rootfs/etc/rc.d/rc.setterm
+[ -f $rootfs/etc/rc.d/rc.udev ]    && chmod -x $rootfs/etc/rc.d/rc.udev
+
+# Set sane defaults for running slackpkg in an unprivileged container, where the dialog interface won't work:
+# Now commented out as the dialog appears to be working again
+#sed -i 's/DIALOG=on/DIALOG=off/' $rootfs/etc/slackpkg/slackpkg.conf
+
 # reduce the number of local consoles: two should be enough
 sed -i '/^c3\|^c4\|^c5\|^c6/s/^/# /' $rootfs/etc/inittab
 
@@ -215,7 +229,7 @@
 ORIG_BACKUPS=on
 ONOFF=on
 DOWNLOAD_ALL=on
-DIALOG=off
+DIALOG=on
 BATCH=on
 DEFAULT_ANSWER=y
 USE_INCLUDES=on
@@ -228,7 +242,6 @@
 # http://connie.slackware.com/~vbatts/minimal/
 cat <<EOF > $CONF/templates/minimal-lxc.template
 aaa_base
-aaa_elflibs
 aaa_glibc-solibs
 aaa_libraries
 aaa_terminfo
@@ -274,6 +287,7 @@
 libunistring
 logrotate
 mpfr
+nano
 net-tools
 nettle
 network-scripts
@@ -315,6 +329,14 @@
 slackpkg -default_answer=n update
 slackpkg install-template $TEMPLATE
 
+# save a copy of the slackpkg template in the container conf dir
+if [ -f /etc/slackpkg/templates/$TEMPLATE.template ]; then
+  cat /etc/slackpkg/templates/$TEMPLATE.template \
+    > $ROOT/etc/slackpkg/templates/$TEMPLATE.template
+else
+  touch $ROOT/etc/slackpkg/templates/$TEMPLATE
+fi
+
 # add a slackpkg default mirror
 echo "$MIRROR/$PKGMAIN-$release/" >> $ROOT/etc/slackpkg/mirrors
 
@@ -341,44 +363,42 @@
 rootfs=$2
 name=$3
 
-cat <<EOF >> $path/config
+cat <<EOF > $path/config
+lxc.start.auto = 0
 
-# Adding a . for LXC 4.0.x
 lxc.uts.name = $name
-
-# Adding .fstab for LXC 4.0.x
 lxc.mount.fstab = $rootfs/etc/fstab
+lxc.rootfs.path = dir:$rootfs
+
+lxc.include = /etc/lxc/lxc-common.conf
+
+EOF
+
+# configure resolv.conf in the guest
+cp /etc/resolv.conf $rootfs/etc/resolv.conf
+cat <<EOF >> $rootfs/etc/resolv.conf
+nameserver 8.8.8.8
+nameserver 8.8.4.4
+
+EOF
 
-# Added .max and .path for LXC 4.0.x
-lxc.tty.max = 4
-lxc.pty.max = 1024
-lxc.rootfs.path = $rootfs
-
-lxc.cgroup.devices.deny = a
-# /dev/null and zero
-lxc.cgroup.devices.allow = c 1:3 rwm
-lxc.cgroup.devices.allow = c 1:5 rwm
-# consoles
-lxc.cgroup.devices.allow = c 5:1 rwm
-lxc.cgroup.devices.allow = c 5:0 rwm
-lxc.cgroup.devices.allow = c 4:0 rwm
-lxc.cgroup.devices.allow = c 4:1 rwm
-# /dev/{,u}random
-lxc.cgroup.devices.allow = c 1:9 rwm
-lxc.cgroup.devices.allow = c 1:8 rwm
-lxc.cgroup.devices.allow = c 136:* rwm
-lxc.cgroup.devices.allow = c 5:2 rwm
-# rtc
-lxc.cgroup.devices.allow = c 254:0 rwm
-
-# we don't trust even the root user in the container, better safe than sorry.
-# comment out only if you know what you're doing.
-lxc.cap.drop = sys_module mknod mac_override mac_admin sys_time setfcap setpcap
+# install a couple of suitable aliases...
+cat <<EOF >> $rootfs/etc/profile
+alias rm='rm -I'
+alias ls='ls --color=always'
+alias grep="grep --color=auto"
+alias tree="tree -C"
+alias wget="wget --no-check-certificate"
+export EDITOR=/usr/bin/nano
+export VISUAL=/usr/bin/nano
 
-# you can try also this alternative to the line above, whatever suits you better.
-# lxc.cap.drop=sys_admin
 EOF
 
+# copy the nano editor config file if it exists
+if [ -f /root/.nanorc ]; then
+  cp /root/.nanorc $rootfs/root/.nanorc
+fi
+
 if [ $? -ne 0 ]; then
 	echo "Failed to add configuration."
 	return 1
@@ -466,7 +486,7 @@
 fi
 
 # If no release version was specified, use current
-release=${release:-current}
+release=${release:-15.0}
 
 if [ -z "$name" ]; then
 	# no name given? set a default one
@@ -518,6 +538,8 @@
 	exit 1
 fi
 
+echo
+
 if [ ! -z $clean ]; then
 	clean || exit 1
 	exit 0