A little example to launch an isolated sshd daemon inside a container

contrib/sshd/README

@@ -0,0 +1,50 @@
+This contribution is an example on how to launch a sshd daemon in a
+chroot'ed environment. The script will generate the files need to run
+the container. The script assume there is a bridge which is configured
+on the host.
+
+Check the pre-requisite:
+      * you can run this script as 'root'
+      * your kernel is configured with all the needed container
+        functionnality (check the lxc's README file).
+
+You can log to the sshd daemon only as 'root' with the password 'root'
+
+
+Create the container:
+---------------------
+
+	Generates the configuration files, untar the rootfs and
+	creates the container.
+
+	./lxc-sshd create
+
+Start the container:
+--------------------
+		
+	Launches in background /usr/sbin/sshd in the container.		
+	
+	./lxc-sshd start
+
+Stop the container:
+-------------------
+
+	Kills all the processes belonging to the container, sshd and
+	the connected clients.
+
+	./lxc-sshd stop
+
+Destroy the container:
+----------------------
+
+	Removes the generated files and destroy the container
+
+	./lxc-sshd destroy
+
+Status of the container
+-----------------------
+
+	Give the state of the container, if the container is destroyed, the command will fail.
+
+	./lxc-sshd status
+

contrib/sshd/lxc-sshd

@@ -0,0 +1,129 @@
+#!/bin/bash
+
+SSHDLOG="lxc-sshd.log"
+ROOTFS="rootfs"
+CONFFILE="lxc-sshd.conf"
+FSTABFILE="fstab"
+UTSNAME="virtsshd"
+IPV4="172.20.0.20/24"
+
+create() {
+
+    if [ ! -d "$ROOTFS" ]; then
+	echo "Extracting root file system"
+	tar xvjf $ROOTFS.tar.bz2
+	chown -R root.root $ROOTFS
+    fi
+    
+    echo -n "What hostname do you wish for this container ? [$UTSNAME] "
+    read -t 10 _UTSNAME_
+
+    echo -n "What IP address do you wish for this container ? [$IPV4] "
+    read -t 10 _IPV4_
+
+    if [ ! -z "$_UTSNAME_"]; then
+	UTSNAME=$_UTSNAME
+    fi
+    
+    if [ ! -z "$_IPV4_"]; then
+	IPV4=$_IPV4_
+    fi
+
+    rm -f $CONFFILE
+    echo "lxc.utsname = $UTSNAME" >> $CONFFILE
+    echo "lxc.network.type = veth" >> $CONFFILE
+    echo "lxc.network.flags = up" >> $CONFFILE
+    echo "lxc.network.link = br0" >> $CONFFILE
+    echo "lxc.network.ipv4 = $IPV4" >> $CONFFILE
+    echo "lxc.network.name = eth0" >> $CONFFILE
+    echo "lxc.mount = ./fstab" >> $CONFFILE
+    echo "lxc.rootfs = ./rootfs" >> $CONFFILE
+
+    rm -f $FSTABFILE
+    echo "/lib /var/lxc/sshd/rootfs/lib none ro,bind 0 0" >> $FSTABFILE
+    echo "/bin /var/lxc/sshd/rootfs/bin none ro,bind 0 0" >> $FSTABFILE
+    echo "/usr /var/lxc/sshd/rootfs/usr none ro,bind 0 0" >> $FSTABFILE
+    echo "/sbin /var/lxc/sshd/rootfs/sbin none ro,bind 0 0" >> $FSTABFILE
+
+    lxc-create -n sshd -f ./lxc-sshd.conf
+    return $?
+}
+
+destroy() {
+
+    lxc-destroy -n sshd
+    RETVAL=$?
+    if [ ! $RETVAL -eq 0 ]; then
+	echo "Failed to destroyed 'sshd'"
+	return $RETVAL;
+    fi
+
+    rm -rf rootfs
+    rm -f $CONFFILE
+    rm -f $FSTABFILE
+    rm -f $SSHDLOG
+
+    return 0
+}
+
+status() {
+    return lxc-info -n sshd
+}
+
+start() {
+
+    CGROUP=$(mount | grep cgroup)
+    if [ -z "$CGROUP" ]; then
+	echo "Control Group file system not mounted, mounting it in /cgroup"
+	mkdir -p /cgroup
+	mount -t cgroup cgroup /cgroup
+    fi
+
+    lxc-wait -n sshd -s "ABORTING|RUNNING" &
+    LXCWAIT_PID=$!
+
+    lxc-execute -n sshd /usr/sbin/sshd &
+
+    wait $LXCWAIT_PID
+
+    lxc-info -n sshd | grep -q RUNNING
+    RETVAL=$?
+    if [ ! $RETVAL -eq 0 ]; then
+	echo "'sshd' failed to execute"
+	return 1
+    fi
+
+    echo "'sshd' successfuly executed"
+    return 0
+}
+
+stop() {
+    lxc-stop -n sshd
+    return $?
+}
+
+if [ "$(id -u)" != "0" ]; then
+	echo "This script should be run as 'root'"
+	exit 1
+fi 
+
+case "$1" in
+    start)
+	start
+	;;
+    stop)
+	stop
+	;;
+    create)
+	create
+	;;
+    destroy)
+	destroy
+	;;
+    status)
+	status
+	;;
+    *)
+    echo $"Usage: $0 {create|destroy|start|stop}"
+    exit 1
+esac