Hi LXC dev mailing list, I've been using LXC for a few days now and so far I'm pretty happy with the near instant deployment of VMs, so thank you for all the work.
I've stumbled upon few minor bugs and I would at least submit a patch for lxc-destroy to perform a bit more sanity check before trying to kill random LV and directories by accident. The following patch tries to address a few problems: - validity of the container name, no "../../../etc/" - checking for config file read existence - sane actions if $rootdev is undef - non interactive lvremove call - and a few aesthetic and minor fixes It also contains a patch submited by Andrea Rota in his "lxc-destroy crosses filesystem boundaries - ID: 3463349" ticket, addressing potential problems if the container contains other (remote) mounted filesytems. Don't hesitate to rewrite this or give any feedback you'll find necessary. PS: sorry for the repost but it looks my first attempt was detected as an html email ... Thanks, -- Rémi Laurent Phone: +352 26 10 30 61 General Support: [email protected] GPG FP: 27F4 6810 2RIP 1AA0 CMAU RICE 2012 085A 0FA0 0601
From a65d4219245ba09a508f99b054c612ff4a24038f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20Laurent?= <[email protected]> Date: Thu, 5 Jan 2012 16:49:42 +0100 Subject: [PATCH] lxc-destroy sanity checks and precautions --- src/lxc/lxc-destroy.in | 65 ++++++++++++++++++++++++++++++----------------- 1 files changed, 41 insertions(+), 24 deletions(-) diff --git a/src/lxc/lxc-destroy.in b/src/lxc/lxc-destroy.in index dda48e6..e769bad 100644 --- a/src/lxc/lxc-destroy.in +++ b/src/lxc/lxc-destroy.in @@ -41,50 +41,67 @@ lxc_path=@LXCPATH@ getopt=$(getopt -o $shortoptions --longoptions $longoptions -- "$@") if [ $? != 0 ]; then - usage $0 + usage exit 1; fi eval set -- "$getopt" while true; do - case "$1" in - -n|--name) - shift - lxc_name=$1 - shift - ;; - --) - shift - break;; - *) - echo $1 - usage $0 - exit 1 - ;; - esac + case "$1" in + -n|--name) + shift + lxc_name="$1" + shift + ;; + --) + shift + break;; + *) + echo "$1" + usage + exit 1 + ;; + esac done if [ -z "$lxc_name" ]; then echo "no container name specified" - usage $0 + usage exit 1 fi +if ! expr "$lxc_name" : "^[-_\. a-zA-Z]"; then + echo "invalid container name" + exit 1 +fi + if [ ! -d "$lxc_path/$lxc_name" ]; then echo "'$lxc_name' does not exist" exit 1 fi +if [ ! -r "$lxc_path/$lxc_name/config" ]; then + echo "can't read configuration file" + exit 1 +fi + # Deduce the type of rootfs # If LVM partition, destroy it. If anything else, ignore it. We'll support # deletion of others later. -rootdev=`grep lxc.rootfs $lxc_path/$lxc_name/config | awk -F= '{ print $2 '}` -if [ -b $rootdev -o -h $rootdev ]; then - lvdisplay $rootdev > /dev/null 2>&1 - if [ $? -eq 0 ]; then - lvremove $rootdev - fi +rootdev=`awk -F'=' \ + '/^[ \t]*lxc\.rootfs[ \t]*=/ { + gsub(/^[ \t]/,"",$2); + gsub(/[ \t]*$/,"",$2); + print $2; + }' "$lxc_path/$lxc_name/config"` + +if [ -b "$rootdev" -o -h "$rootdev" ]; then + lvdisplay "$rootdev" > /dev/null 2>&1 + if [ $? -eq 0 ]; then + echo lvremove --force "$rootdev" + fi fi + # recursively remove the container to remove old container configuration -rm -rf --preserve-root $lxc_path/$lxc_name +rm -rf --preserve-root --one-file-system "$lxc_path/$lxc_name" -- 1.7.2.5
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________ Lxc-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lxc-devel
