mirror of
https://git.proxmox.com/git/mirror_lxc
synced 2025-07-13 14:53:42 +00:00
lxc-start-ephemeral: Use attach
With this change, systems that support it will use attach to run any provided command. This doesn't change the default behaviour of attaching to tty1, but it does make it much easier to script or even get a quick shell with: lxc-start-ephemeral -o p1 -n p2 -- /bin/bash I'm doing the setgid,initgroups,setuid,setenv magic in python rather than using the attach_wait parameters as I need access to the pwd module in the target namespace to grab the required information. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This commit is contained in:
Stéphane Graber
parent
5693029730
commit
8158c057dc
@ -33,6 +33,7 @@ import argparse
|
|||||||
import gettext
|
import gettext
|
||||||
import lxc
|
import lxc
|
||||||
import os
|
import os
|
||||||
|
import pwd
|
||||||
import sys
|
import sys
|
||||||
import subprocess
|
import subprocess
|
||||||
import tempfile
|
import tempfile
|
||||||
@ -77,10 +78,11 @@ parser.add_argument("--bdir", "-b", type=str,
|
|||||||
help=_("directory to bind mount into container"))
|
help=_("directory to bind mount into container"))
|
||||||
|
|
||||||
parser.add_argument("--user", "-u", type=str,
|
parser.add_argument("--user", "-u", type=str,
|
||||||
help=_("the user to connect to the container as"))
|
help=_("the user to run the command as"))
|
||||||
|
|
||||||
parser.add_argument("--key", "-S", type=str,
|
parser.add_argument("--key", "-S", type=str,
|
||||||
help=_("the path to the SSH key to use to connect"))
|
help=_("the path to the key to use to connect "
|
||||||
|
"(when using ssh)"))
|
||||||
|
|
||||||
parser.add_argument("--daemon", "-d", action="store_true",
|
parser.add_argument("--daemon", "-d", action="store_true",
|
||||||
help=_("run in the background"))
|
help=_("run in the background"))
|
||||||
@ -212,15 +214,15 @@ LXC_NAME="%s"
|
|||||||
if args.union_type == "overlayfs":
|
if args.union_type == "overlayfs":
|
||||||
fd.write("mount -n -t overlayfs"
|
fd.write("mount -n -t overlayfs"
|
||||||
" -oupperdir=%s,lowerdir=%s none %s\n" % (
|
" -oupperdir=%s,lowerdir=%s none %s\n" % (
|
||||||
target,
|
target,
|
||||||
entry[0],
|
entry[0],
|
||||||
entry[1]))
|
entry[1]))
|
||||||
elif args.union_type == "aufs":
|
elif args.union_type == "aufs":
|
||||||
fd.write("mount -n -t aufs "
|
fd.write("mount -n -t aufs "
|
||||||
"-o br=%s=rw:%s=ro,noplink none %s\n" % (
|
"-o br=%s=rw:%s=ro,noplink none %s\n" % (
|
||||||
target,
|
target,
|
||||||
entry[0],
|
entry[0],
|
||||||
entry[1]))
|
entry[1]))
|
||||||
count += 1
|
count += 1
|
||||||
|
|
||||||
if args.bdir:
|
if args.bdir:
|
||||||
@ -297,27 +299,49 @@ if not ips:
|
|||||||
dest.destroy()
|
dest.destroy()
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
# NOTE: To replace by .attach() once the kernel supports it
|
if os.path.exists("/proc/self/ns/pid"):
|
||||||
cmd = ["ssh",
|
def attach_as_user(command):
|
||||||
"-o", "StrictHostKeyChecking=no",
|
try:
|
||||||
"-o", "UserKnownHostsFile=/dev/null"]
|
username = "root"
|
||||||
|
if args.user:
|
||||||
|
username = args.user
|
||||||
|
|
||||||
if args.user:
|
user = pwd.getpwnam(username)
|
||||||
cmd += ["-l", args.user]
|
os.setgid(user.pw_gid)
|
||||||
|
os.initgroups(user.pw_name, user.pw_gid)
|
||||||
|
os.setuid(user.pw_uid)
|
||||||
|
os.chdir(user.pw_dir)
|
||||||
|
os.environ['HOME'] = user.pw_dir
|
||||||
|
except:
|
||||||
|
print(_("Unable to switch to user: %s" % username))
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
if args.key:
|
return lxc.attach_run_command(command)
|
||||||
cmd += ["-i", args.key]
|
|
||||||
|
|
||||||
for ip in ips:
|
retval = dest.attach_wait(attach_as_user, args.command,
|
||||||
ssh_cmd = cmd + [ip] + args.command
|
env_policy=lxc.LXC_ATTACH_CLEAR_ENV)
|
||||||
retval = subprocess.call(ssh_cmd, universal_newlines=True)
|
|
||||||
if retval == 255:
|
|
||||||
print(_("SSH failed to connect, trying next IP address."))
|
|
||||||
continue
|
|
||||||
|
|
||||||
if retval != 0:
|
else:
|
||||||
print(_("Command returned with non-zero return code: %s") % retval)
|
cmd = ["ssh",
|
||||||
break
|
"-o", "StrictHostKeyChecking=no",
|
||||||
|
"-o", "UserKnownHostsFile=/dev/null"]
|
||||||
|
|
||||||
|
if args.user:
|
||||||
|
cmd += ["-l", args.user]
|
||||||
|
|
||||||
|
if args.key:
|
||||||
|
cmd += ["-i", args.key]
|
||||||
|
|
||||||
|
for ip in ips:
|
||||||
|
ssh_cmd = cmd + [ip] + args.command
|
||||||
|
retval = subprocess.call(ssh_cmd, universal_newlines=True)
|
||||||
|
if retval == 255:
|
||||||
|
print(_("SSH failed to connect, trying next IP address."))
|
||||||
|
continue
|
||||||
|
|
||||||
|
if retval != 0:
|
||||||
|
print(_("Command returned with non-zero return code: %s") % retval)
|
||||||
|
break
|
||||||
|
|
||||||
# Shutdown the container
|
# Shutdown the container
|
||||||
if not dest.shutdown(timeout=5):
|
if not dest.shutdown(timeout=5):
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user