X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=scripts%2Fvuseradd;h=2c25cad0661fa85c430e484fc18233c9cb1ca302;hb=dd58f46bd15a24e743caea18993799e28a5c2126;hp=f77d58b3bb7f32f2f0165762493956c8367e17d4;hpb=e42b91ff38049501d06ec043cf2d49ee43881fb9;p=util-vserver-pl.git diff --git a/scripts/vuseradd b/scripts/vuseradd index f77d58b..2c25cad 100755 --- a/scripts/vuseradd +++ b/scripts/vuseradd @@ -78,20 +78,25 @@ if [ ! -d $__CONFDIR/$NAME ] ; then fi $_VSERVER $NAME build -m skeleton --context $USERID \ - --interface nodev:0.0.0.0/0 \ - --flags persistent,~info_init,sched_hard + --interface nodev:`hostname -i` \ + --interface nodev:127.0.0.1 \ + --flags persistent,~info_init RETVAL=$? DIR=$__CONFDIR/$NAME if [ $RETVAL -ne 0 ] ; then echo "Error $RETVAL building $DIR" rm -rf $DIR $__DEFAULT_VSERVERDIR/$NAME fi - mkdir -p $DIR/apps/init $DIR/rlimits $DIR/sched $DIR/dlimits/0 + mkdir -p $DIR/apps/init $DIR/rlimits $DIR/sched $DIR/cgroup $DIR/dlimits/0 $DIR/sysctl/0 echo default > $DIR/apps/init/mark echo 1000 > $DIR/rlimits/nproc.hard # Set persistent for the network context - echo persistent > $DIR/nflags + echo persistent,lback_allow > $DIR/nflags + + # Set default capabilities + echo "CAP_NET_RAW" > $DIR/bcapabilities + touch $DIR/ccapabilities # Set up the scheduler echo 100 > $DIR/sched/interval @@ -103,14 +108,20 @@ if [ ! -d $__CONFDIR/$NAME ] ; then echo 50 > $DIR/sched/tokens-min echo 100 > $DIR/sched/tokens-max - # Set up disk limits (unlimited) + echo 1024 > $DIR/cgroup/cpu.shares + + # Set up disk limits (10 GB) echo `$_READLINK $DIR/vdir` > $DIR/dlimits/0/directory echo 2 > $DIR/dlimits/0/reserved echo -1 > $DIR/dlimits/0/inodes_total - echo -1 > $DIR/dlimits/0/space_total - - # Disable mount namespaces - touch $DIR/nonamespace + echo 10000000 > $DIR/dlimits/0/space_total + + # Set up sysctl variables + echo net.ipv4.ip_forward > $DIR/sysctl/0/setting + echo 1 > $DIR/sysctl/0/value + + # Add spaces directory + mkdir -p $DIR/spaces # Remove the basically empty guest directory rm -rf $__DEFAULT_VSERVERDIR/$NAME