December 18, 2022 Roberto Puzzanghera 0 comments
This is an overview of my LXC
scripts. As already said they are mostly wrappers of the LXC
commands, that I wrote to execute common tasks both with privileged and unprivileged containers. All these scripts are able to guess if a container is unprivileged or not, to eventually determine its owner, and run the command accordingly with the correct syntax.
my_lxc-common
It defines common variables and functions to be imported in the following scripts.
lxu
(lxc-start
wrapper)It starts a container. The usage is simple. You put UP a container in this way:
lxu <name>
If you want to pass the -F
parameter to run the container in the foregroud and see the logs (you may want to do so when you have cgroups
errors), use like this:
lxu -n <name> -F
lxd
(lxc-stop
wrapper)It stops (puts DOWN) a running container. Usage:
lxd <name>
lxr
It's just a combination of lxd
and lxu
, as it simply restarts a container. Usage:
lxr <name>
lxa
(lxc-attach
wrapper)It runs a command in the container. If the container is stopped it will be started, then <command>
will be executed. Usage:
lxa <name> [<command>]
If <command>
is not provided the /bin/bash --rcfile /etc/profile
shell will be executed.
It's worth to specify what it does behind the scene. The actual default command that will be run for an unprivileged container is:
sudo -u <user> lxc-attach -n <name> \ --keep-env \ --set-var HOSTNAME=<name>.<domain> \ --set-var USER=root \ --set-var HOME=/root \ -- /bin/bash --rcfile /etc/profile
where:
--keep-env
will keep all the host's environment variables (eventually modify it for security reasons).
After that it passes some variables that we don't want to keep with respect to the host (adjust to your needs):
--set-var HOSTNAME=<name>.<domain>
which sets the HOSTNAME
--set-var USER=root
the shell will know that the current user is root
--set-var HOME=/root
when you type cd
, the shell will know where is your home dir, /root
in this case, and you'll get no errors
-- /bin/bash --rcfile /etc/profile
all the aliases and variables defined in /etc/profile will be loaded. Without this line, you would have a very bad prompt, and the ls
command will be shown with no colours at all, for instance.
lxo
(lxc-console
wrapper)It provides a console login for the specified container. Usage:
lxo <name>
lxi
(lxc-info
wrapper)It queries informations about a container. Usage:
lxi <name>
lxe
(lxc-execute
wrapper)It runs an application inside a container. Usage:
lxe -n <name> -- command
lxcctl
This is a symbolic link of the /etc/rc.d/rc.lxc startup script, which is runned at boot time to launch the containers with the flag lxc.start.auto=1
. It is a modification of the original script shipped with Slackware
by Matteo Bernardini, but now it can start both unprivileged and privileged containers.
Usage:
lxcctl start|stop|restart
my_lxc-create
This is my lxc-create
wrapper script that I use to create my Slackware
containers. Its usage was covered in the previous page.
my_lxc-destroy
Wrapper script for lxc-destroy
. Usage:
my_lxc-destroy <name>
my_lxc-container-userns-convert
It is a modification of the original script by Serge Hallyn, that changes the lxcpath
of the container, already defined in my_lxc-common
.
It converts a container to use user namespaces. In particular:
lxc.uidmap
lines to the config fileuids
in the rootfs
by calling uidmapshift
Usage:
my_lxc-container-userns-convert <name> base-uid range
For example, to make the container c1
's root be uid
100000 on the host, and a have a range of 10000 ids
, you would use:
my_lxc-container-userns-convert c1 100000 10000
More info at http://bazaar.launchpad.net/~serge-hallyn/+junk/nsexec/files.
This program is called by my_lxc-turn_into_unprivileged
to convert a given container to unprivileged. It can be used in standalone mode as well.
my_lxc-turn_into_unprivileged
It converts a privileged to an unprivileged container. In particular:
my_lxc-container-userns-convert
to convert a container to use user namespaces;cgroups
and lxc-usernet
.This program is called by my_lxc-create
in case the container to be created has to be unprivileged. You can also use it in standalone mode if you already have a privileged container and you want to convert it to unprivileged.
my_lxc-copy
Wrapper script for lxc-copy
. Usage:
my_lxc-copy -n <name> -N <newname> [-R] [-i <ip> | -d] [-u <user>] [-h]
my_lxc-copy
takes the following options:
-n <name> Name of the source container -N <newname> Name of the new container -R Rename the original container. If -R is provided the following options will be ignored. -d Use DHCP -i <ip> IP address of the container. Ignored if -d was declared -u <user> Set the system user that will own the container. <user> will be created if not existing yet. If not declared the container will be owned by the user who owns the source container and eventually remains privileged just like the source container. -h Print this help
You can rename a container like this:
my_lxc-copy -n <name> -N <newname> -R
my_lxc-freeze
/ my_lxc-unfreeze
lxc-freeze
and lxc-unfreeze
wrapper scripts. Usage:
my_lxc-freeze -n <name> my_lxc-unfreeze -n <name>
lxc-my_template
This is my LXC
template for Slackware
containers. It is derived from the one shipped with Slackware
itself. Look at the previous page for more info.
qq_temporary_problem_(#4.3.0)
June 2, 2023 06:32
qq_temporary_problem_(#4.3.0)
June 1, 2023 21:18
qq_temporary_problem_(#4.3.0)
May 31, 2023 18:22
qq_temporary_problem_(#4.3.0)
May 31, 2023 14:42
qq_temporary_problem_(#4.3.0)
May 31, 2023 14:33
Thank you! for all the documentation, patches and support
May 26, 2023 08:42
free(): double free detected in tcache 2: /var/www/qmail/cgi-bin/qmailadmin
May 17, 2023 15:25
free(): double free detected in tcache 2: /var/www/qmail/cgi-bin/qmailadmin
May 17, 2023 07:46
Tags
apache clamav dkim dovecot ezmlm fail2ban hacks lamp letsencrypt linux linux-vserver lxc mariadb mediawiki mozilla mysql openboard owncloud patches php proftpd qmail qmail to postfix qmail-spp qmailadmin rbl roundcube rsync sieve simscan slackware solr spamassassin spf ssh ssl surbl tcprules tex ucspi-tcp vpopmail vqadmin