From 8021d61ac4dc85c0615b9e837dc65daac2b64cf2 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Sat, 11 Nov 2023 18:04:49 +0100 Subject: [PATCH] sync lxc-helpers 529f2049d039091f4a5b4d8f42c335c7c65ab115 --- lxc-helpers-lib.sh | 167 ++++++++++++++++++++++++++++++++++++++------- 1 file changed, 141 insertions(+), 26 deletions(-) diff --git a/lxc-helpers-lib.sh b/lxc-helpers-lib.sh index f9fbfd4..da71f88 100755 --- a/lxc-helpers-lib.sh +++ b/lxc-helpers-lib.sh @@ -1,11 +1,16 @@ #!/bin/bash # SPDX-License-Identifier: MIT +export DEBIAN_FRONTEND=noninteractive + LXC_SELF_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" LXC_BIN=/usr/local/bin +LXC_CONTAINER_CONFIG_ALL="unprivileged lxc libvirt docker k8s" +LXC_CONTAINER_CONFIG_DEFAULT="lxc libvirt docker" : ${LXC_SUDO:=} : ${LXC_CONTAINER_RELEASE:=bookworm} +: ${LXC_CONTAINER_CONFIG:=$LXC_CONTAINER_CONFIG_DEFAULT} : ${LXC_HOME:=/home} : ${LXC_VERBOSE:=false} @@ -92,7 +97,7 @@ EOF function lxc_maybe_sudo() { if test $(id -u) != 0 ; then - LXC_SUDO=sudo + LXC_SUDO=sudo fi } @@ -103,42 +108,138 @@ function lxc_prepare_environment() { fi } -function lxc_container_configure() { - local name="$1" - - $LXC_SUDO tee -a $(lxc_config $name) > /dev/null <<'EOF' -security.nesting = true -lxc.cap.drop = -lxc.apparmor.profile = unconfined +function lxc_container_config_nesting() { + echo 'security.nesting = true' +} + +function lxc_container_config_cap() { + echo 'lxc.cap.drop =' +} + +function lxc_container_config_net() { + cat <> /etc/default/lxc-net <