}
# Get options
-while getopts "t:" opt ; do
+ISOLATE=false
+while getopts "it:" opt ; do
case $opt in
t)
TYPE="$OPTARG"
;;
+ i)
+ ISOLATE=true
+ ;;
*)
usage
;;
HAS_VSERVERDIR=0
fi
- $_VSERVER $NAME build -m skeleton --context $USERID \
- --interface nodev:0.0.0.0/0 \
- --flags persistent,~info_init,sched_hard
+ if [ "$ISOLATE" = "true" ] ; then
+ $_VSERVER $NAME build -m skeleton --context $USERID \
+ --interface nodev:`hostname -i` \
+ --flags persistent,~info_init
+ else
+ $_VSERVER $NAME build -m skeleton --context $USERID \
+ --interface nodev:`hostname -i` \
+ --interface nodev:127.0.0.1 \
+ --flags persistent,~info_init
+ fi
+
RETVAL=$?
DIR=$__CONFDIR/$NAME
if [ $RETVAL -ne 0 ] ; then
echo "Error $RETVAL building $DIR"
rm -rf $DIR $__DEFAULT_VSERVERDIR/$NAME
fi
- mkdir -p $DIR/apps/init $DIR/rlimits $DIR/sched $DIR/dlimits/0
+ mkdir -p $DIR/apps/init $DIR/rlimits $DIR/sched $DIR/cgroup $DIR/dlimits/0 $DIR/sysctl/0
echo default > $DIR/apps/init/mark
- echo 1000 > $DIR/rlimits/nproc
# Set persistent for the network context
- echo persistent > $DIR/nflags
+ if [ "$ISOLATE" = "true" ]; then
+ echo persistent,lback_allow,hide_lback,lback_remap > $DIR/nflags
+ else
+ echo persistent,lback_allow > $DIR/nflags
+ fi
+
+ # Set default capabilities
+ echo "CAP_NET_RAW" > $DIR/bcapabilities
+ touch $DIR/ccapabilities
# Set up the scheduler
- echo 1000 > $DIR/sched/interval
+ echo 100 > $DIR/sched/interval
echo 1000 > $DIR/sched/interval2
echo 0 > $DIR/sched/fill-rate
- echo 32 > $DIR/sched/fill-rate2
+ echo 1 > $DIR/sched/fill-rate2
touch $DIR/sched/idle-time
echo 100 > $DIR/sched/tokens
echo 50 > $DIR/sched/tokens-min
echo 100 > $DIR/sched/tokens-max
- # Set up disk limits (unlimited)
+ echo 1024 > $DIR/cgroup/cpu.shares
+
+ # Set up disk limits (10 GB)
echo `$_READLINK $DIR/vdir` > $DIR/dlimits/0/directory
echo 2 > $DIR/dlimits/0/reserved
echo -1 > $DIR/dlimits/0/inodes_total
- echo -1 > $DIR/dlimits/0/space_total
+ echo 10000000 > $DIR/dlimits/0/space_total
- # Disable mount namespaces
- touch $DIR/nonamespace
+ # Set up sysctl variables
+ echo net.ipv4.ip_forward > $DIR/sysctl/0/setting
+ echo 1 > $DIR/sysctl/0/value
+
+ # Add spaces directory
+ mkdir -p $DIR/spaces
# Remove the basically empty guest directory
rm -rf $__DEFAULT_VSERVERDIR/$NAME
chmod 755 "$__DEFAULT_VSERVERDIR/$NAME"
# Add user in vserver
- $_VSERVER ----insecure $NAME suexec root sh -c \
- "groupadd -g $GROUPID $GROUPNAME ; useradd -u $USERID -g $GROUPID -p '' $NAME"
+ $_VSERVER $NAME start --rescue sh -c \
+ "groupadd -g $GROUPID $GROUPNAME ; useradd -m -u $USERID -g $GROUPID -p '' $NAME"
+
+ # Stop the guest (since it's persistent)
+ $_VSERVER $NAME stop
# Add an unrestricted entry to /etc/sudoers file
if [ -f "$__DEFAULT_VSERVERDIR/$NAME/etc/sudoers" ] && \
! grep -q "^$NAME" "$__DEFAULT_VSERVERDIR/$NAME/etc/sudoers" ; then
echo "$NAME ALL=(ALL) ALL" >> "$__DEFAULT_VSERVERDIR/$NAME/etc/sudoers"
fi
+
+ cp -a /dev/fuse $__DEFAULT_VSERVERDIR/$NAME/dev/
+
fi
exit 0
git://git.onelab.eu / util-vserver-pl.git / blobdiff