Create default /etc/sub{uid,gid} files to use for unprivileged
containers.
Appearently these file are not generated/owned by any other OpenWRT
package or buildroot configuration setting.
If such a setting or package exists this commit should probably be
reverted an modified in an extra dependency for that setting/package.
In these default the range 100000-165535 is assigned to root
sub{uid,gid}.
Fix an issue that cause unprivileged containers to not boot if /proc and
/sys are mounted with the `noatime` option.
At boot time /proc and /sys are remounted with the `relatime` option
using a dedicated init.d script.
If the user defines a $max_timeout of 30, the service will wait 30 seconds
before it considers lxc-stop complete even though lxc-stop might actually
finish much sooner. This introduces an unneeded delay.
This commit changes the behavior to check once per second to see when lxc-stop
actually stops doing so up to $max_timeout. It also slightly simplifies the
code with logic to append the -t $max_timeout to the script.
Signed-off-by: John Audia <graysky@archlinux.us>
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Marijan Svalina <marijan.svalina@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
LXC requires newuidmap and newguidmap with SUID to run unprivileged
containers. This package should help users make sure they are available.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Normally LXC uses /var/lib, but due to hack OpenWRT employs this is not an
option. But instead of introducing new top-level directory, FSH compatible /srv
can be used.
Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
Standard LXC autostart is currently not working in OpenWrt,
therefore add our own autostart mechanism for now.
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
Zolfa
John Audia
Martin Hammer
Robert Marko
Rafał Miłecki
Michal Hrusecky
Daniel Dickinson
Luka Perkov