On certain systems, some binaries needed by the container features (dropbear, openssh), may be placed in non-standard (aka non-distribution-managed locations), such as /usr/local/*, /opt/local/*, etc. Don't copy the respective binaries in the container and return a clear error why.
The user should only use these binaries if they are installed at system-wide locations on the host, such as /{s,}bin or /usr/{s,}bin. v2: - check that binary paths adhere to /{,usr/}{,s}bin only Signed-off-by: Bogdan Purcareata <bogdan.purcare...@freescale.com> --- templates/lxc-busybox.in | 43 ++++++++++++++++++++++++++++--------------- 1 file changed, 28 insertions(+), 15 deletions(-) diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in index 17a3006..c020e66 100644 --- a/templates/lxc-busybox.in +++ b/templates/lxc-busybox.in @@ -38,6 +38,31 @@ am_in_userns() { in_userns=0 [ $(am_in_userns) = "yes" ] && in_userns=1 +copy_binary() +{ + binary_path=`which $1` + if [ $? -ne 0 ]; then + echo "Unable to find $1 binary on the system" + return 1 + fi + + dir_path="${binary_path%/*}" + echo /{,usr/}{,s}bin | grep $dir_path >/dev/null 2>&1 + if [ $? -ne 0 ]; then + echo "Binary $1 is located at $binary_path and will not be copied" + echo "($dir_path not supported)" + return 1 + fi + + cp $binary_path $rootfs/$binary_path + if [ $? -ne 0 ]; then + echo "Failed to copy $binary_path to rootfs" + return 1 + fi + + return 0 +} + install_busybox() { rootfs=$1 @@ -164,11 +189,7 @@ EOF install_dropbear() { # copy dropbear binary - cp $(which dropbear) $rootfs/usr/sbin - if [ $? -ne 0 ]; then - echo "Failed to copy dropbear in the rootfs" - return 1 - fi + copy_binary dropbear || return 1 # make symlinks to various ssh utilities utils="\ @@ -224,19 +245,11 @@ $rootfs/var/run/sshd \ # copy binaries for bin in $server_utils $client_utils; do - tool_path=`which $bin` - cp $tool_path $rootfs/$tool_path - if [ $? -ne 0 ]; then - echo "Unable to copy $tool_path in the rootfs" - return 1 - fi + copy_binary $bin || return 1 done for bin in $client_optional_utils; do - tool_path=`which $bin` - if [ $? -eq 0 ]; then - cp $tool_path $rootfs/$tool_path - fi + tool_path=`which $bin` && copy_binary $bin done # add user and group -- 2.1.4 _______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel