diff --git a/contrib/sshd/README b/contrib/sshd/README new file mode 100644 index 000000000..f89de28f5 --- /dev/null +++ b/contrib/sshd/README @@ -0,0 +1,50 @@ +This contribution is an example on how to launch a sshd daemon in a +chroot'ed environment. The script will generate the files need to run +the container. The script assume there is a bridge which is configured +on the host. + +Check the pre-requisite: + * you can run this script as 'root' + * your kernel is configured with all the needed container + functionnality (check the lxc's README file). + +You can log to the sshd daemon only as 'root' with the password 'root' + + +Create the container: +--------------------- + + Generates the configuration files, untar the rootfs and + creates the container. + + ./lxc-sshd create + +Start the container: +-------------------- + + Launches in background /usr/sbin/sshd in the container. + + ./lxc-sshd start + +Stop the container: +------------------- + + Kills all the processes belonging to the container, sshd and + the connected clients. + + ./lxc-sshd stop + +Destroy the container: +---------------------- + + Removes the generated files and destroy the container + + ./lxc-sshd destroy + +Status of the container +----------------------- + + Give the state of the container, if the container is destroyed, the command will fail. + + ./lxc-sshd status + diff --git a/contrib/sshd/lxc-sshd b/contrib/sshd/lxc-sshd new file mode 100755 index 000000000..de55a7f79 --- /dev/null +++ b/contrib/sshd/lxc-sshd @@ -0,0 +1,129 @@ +#!/bin/bash + +SSHDLOG="lxc-sshd.log" +ROOTFS="rootfs" +CONFFILE="lxc-sshd.conf" +FSTABFILE="fstab" +UTSNAME="virtsshd" +IPV4="172.20.0.20/24" + +create() { + + if [ ! -d "$ROOTFS" ]; then + echo "Extracting root file system" + tar xvjf $ROOTFS.tar.bz2 + chown -R root.root $ROOTFS + fi + + echo -n "What hostname do you wish for this container ? [$UTSNAME] " + read -t 10 _UTSNAME_ + + echo -n "What IP address do you wish for this container ? [$IPV4] " + read -t 10 _IPV4_ + + if [ ! -z "$_UTSNAME_"]; then + UTSNAME=$_UTSNAME + fi + + if [ ! -z "$_IPV4_"]; then + IPV4=$_IPV4_ + fi + + rm -f $CONFFILE + echo "lxc.utsname = $UTSNAME" >> $CONFFILE + echo "lxc.network.type = veth" >> $CONFFILE + echo "lxc.network.flags = up" >> $CONFFILE + echo "lxc.network.link = br0" >> $CONFFILE + echo "lxc.network.ipv4 = $IPV4" >> $CONFFILE + echo "lxc.network.name = eth0" >> $CONFFILE + echo "lxc.mount = ./fstab" >> $CONFFILE + echo "lxc.rootfs = ./rootfs" >> $CONFFILE + + rm -f $FSTABFILE + echo "/lib /var/lxc/sshd/rootfs/lib none ro,bind 0 0" >> $FSTABFILE + echo "/bin /var/lxc/sshd/rootfs/bin none ro,bind 0 0" >> $FSTABFILE + echo "/usr /var/lxc/sshd/rootfs/usr none ro,bind 0 0" >> $FSTABFILE + echo "/sbin /var/lxc/sshd/rootfs/sbin none ro,bind 0 0" >> $FSTABFILE + + lxc-create -n sshd -f ./lxc-sshd.conf + return $? +} + +destroy() { + + lxc-destroy -n sshd + RETVAL=$? + if [ ! $RETVAL -eq 0 ]; then + echo "Failed to destroyed 'sshd'" + return $RETVAL; + fi + + rm -rf rootfs + rm -f $CONFFILE + rm -f $FSTABFILE + rm -f $SSHDLOG + + return 0 +} + +status() { + return lxc-info -n sshd +} + +start() { + + CGROUP=$(mount | grep cgroup) + if [ -z "$CGROUP" ]; then + echo "Control Group file system not mounted, mounting it in /cgroup" + mkdir -p /cgroup + mount -t cgroup cgroup /cgroup + fi + + lxc-wait -n sshd -s "ABORTING|RUNNING" & + LXCWAIT_PID=$! + + lxc-execute -n sshd /usr/sbin/sshd & + + wait $LXCWAIT_PID + + lxc-info -n sshd | grep -q RUNNING + RETVAL=$? + if [ ! $RETVAL -eq 0 ]; then + echo "'sshd' failed to execute" + return 1 + fi + + echo "'sshd' successfuly executed" + return 0 +} + +stop() { + lxc-stop -n sshd + return $? +} + +if [ "$(id -u)" != "0" ]; then + echo "This script should be run as 'root'" + exit 1 +fi + +case "$1" in + start) + start + ;; + stop) + stop + ;; + create) + create + ;; + destroy) + destroy + ;; + status) + status + ;; + *) + echo $"Usage: $0 {create|destroy|start|stop}" + exit 1 +esac \ No newline at end of file diff --git a/contrib/sshd/rootfs.tar.bz2 b/contrib/sshd/rootfs.tar.bz2 new file mode 100644 index 000000000..327272e05 Binary files /dev/null and b/contrib/sshd/rootfs.tar.bz2 differ