Kind reminder - any comments / feedback on this patchset?
Thank you, Bogdan P. On 27.04.2015 12:37, Bogdan Purcareata wrote:
On some systems, some binaries needed by the container features (dropbear, openssh), may be placed in /usr/local/* directories. Since semantically they are destined for the local machine only, and it can further imply the associated libraries are also available in /usr/local/lib* directories, prevent them from being copied in the container rootfs. The user should only use these binaries if they are installed at system-wide locations on the host, such as /{s,}bin or /usr/{s,}bin. Signed-off-by: Bogdan Purcareata <bogdan.purcare...@freescale.com> --- templates/lxc-busybox.in | 42 +++++++++++++++++++++++++++--------------- 1 file changed, 27 insertions(+), 15 deletions(-) diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in index 4f27bd8..6cd570a 100644 --- a/templates/lxc-busybox.in +++ b/templates/lxc-busybox.in @@ -38,6 +38,30 @@ am_in_userns() { in_userns=0 [ $(am_in_userns) = "yes" ] && in_userns=1 +copy_binary() +{ + binary_path=`which $1` + if [ $? -ne 0 ]; then + echo "Unable to find $1 binary on the system" + return 1 + fi + + echo $binary_path | grep "/usr/local" >/dev/null 2>&1 + if [ $? -eq 0 ]; then + echo "Binary $1 is located at $binary_path and will not be copied" + echo "(/usr/local path not supported)" + return 1 + fi + + cp $binary_path $rootfs/$binary_path + if [ $? -ne 0 ]; then + echo "Failed to copy $binary_path to rootfs" + return 1 + fi + + return 0 +} + install_busybox() { rootfs=$1 @@ -172,11 +196,7 @@ EOF install_dropbear() { # copy dropbear binary - cp $(which dropbear) $rootfs/usr/sbin - if [ $? -ne 0 ]; then - echo "Failed to copy dropbear in the rootfs" - return 1 - fi + copy_binary dropbear || return 1 # make symlinks to various ssh utilities utils="\ @@ -232,19 +252,11 @@ $rootfs/var/run/sshd \ # copy binaries for bin in $server_utils $client_utils; do - tool_path=`which $bin` - cp $tool_path $rootfs/$tool_path - if [ $? -ne 0 ]; then - echo "Unable to copy $tool_path in the rootfs" - return 1 - fi + copy_binary $bin || return 1 done for bin in $client_optional_utils; do - tool_path=`which $bin` - if [ $? -eq 0 ]; then - cp $tool_path $rootfs/$tool_path - fi + tool_path=`which $bin` && copy_binary $bin done # add user and group
_______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel