--- lxc-slackware 2022-09-04 11:50:08.541584734 +0200
+++ lxc-my_template 2023-09-06 18:33:39.385133841 +0200
@@ -24,6 +26,7 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+domain=${DOMAIN:-domain.tld}
cache=${cache:-/var/cache/lxc/slackware}
# Use the primary Slackware site by default, but please consider changing
@@ -83,7 +86,7 @@
# /etc/rc.d/rc.inet1.conf and /etc/resolv.conf of the container
# just set the hostname
cat <<EOF > $rootfs/etc/HOSTNAME
-$hostname.example.net
+$hostname.$domain
EOF
cp $rootfs/etc/HOSTNAME $rootfs/etc/hostname
@@ -125,8 +128,8 @@
echo "full path of the container's rootfs if you decide to move it."
cat >$rootfs/etc/fstab <<EOF
lxcpts $rootfs/dev/pts devpts defaults,newinstance 0 0
-none $rootfs/proc proc defaults 0 0
-none $rootfs/sys sysfs defaults 0 0
+#none $rootfs/proc proc defaults 0 0
+#none $rootfs/sys sysfs defaults 0 0
none /dev/shm tmpfs defaults 0 0
none /run tmpfs defaults,mode=0755 0 0
EOF
@@ -134,6 +137,17 @@
# restart rc.inet1 to have routing for the loop device
echo "/etc/rc.d/rc.inet1 restart" >> $rootfs/etc/rc.d/rc.local
+# disable not needed services
+[ -f $rootfs/etc/rc.d/rc.cpufreq ] && chmod -x $rootfs/etc/rc.d/rc.cpufreq
+[ -f $rootfs/etc/rc.d/rc.modules ] && chmod -x $rootfs/etc/rc.d/rc.modules*
+[ -f $rootfs/etc/rc.d/rc.sshd ] && chmod -x $rootfs/etc/rc.d/rc.sshd
+[ -f $rootfs/etc/rc.d/rc.setterm ] && chmod -x $rootfs/etc/rc.d/rc.setterm
+[ -f $rootfs/etc/rc.d/rc.udev ] && chmod -x $rootfs/etc/rc.d/rc.udev
+
+# Set sane defaults for running slackpkg in an unprivileged container, where the dialog interface won't work:
+# Now commented out as the dialog appears to be working again
+#sed -i 's/DIALOG=on/DIALOG=off/' $rootfs/etc/slackpkg/slackpkg.conf
+
# reduce the number of local consoles: two should be enough
sed -i '/^c3\|^c4\|^c5\|^c6/s/^/# /' $rootfs/etc/inittab
@@ -215,7 +229,7 @@
ORIG_BACKUPS=on
ONOFF=on
DOWNLOAD_ALL=on
-DIALOG=off
+DIALOG=on
BATCH=on
DEFAULT_ANSWER=y
USE_INCLUDES=on
@@ -228,7 +242,6 @@
# http://connie.slackware.com/~vbatts/minimal/
cat <<EOF > $CONF/templates/minimal-lxc.template
aaa_base
-aaa_elflibs
aaa_glibc-solibs
aaa_libraries
aaa_terminfo
@@ -274,6 +287,7 @@
libunistring
logrotate
mpfr
+nano
net-tools
nettle
network-scripts
@@ -315,6 +329,14 @@
slackpkg -default_answer=n update
slackpkg install-template $TEMPLATE
+# save a copy of the slackpkg template in the container conf dir
+if [ -f /etc/slackpkg/templates/$TEMPLATE.template ]; then
+ cat /etc/slackpkg/templates/$TEMPLATE.template \
+ > $ROOT/etc/slackpkg/templates/$TEMPLATE.template
+else
+ touch $ROOT/etc/slackpkg/templates/$TEMPLATE
+fi
+
# add a slackpkg default mirror
echo "$MIRROR/$PKGMAIN-$release/" >> $ROOT/etc/slackpkg/mirrors
@@ -341,44 +363,42 @@
rootfs=$2
name=$3
-cat <<EOF >> $path/config
+cat <<EOF > $path/config
+lxc.start.auto = 0
-# Adding a . for LXC 4.0.x
lxc.uts.name = $name
-
-# Adding .fstab for LXC 4.0.x
lxc.mount.fstab = $rootfs/etc/fstab
+lxc.rootfs.path = dir:$rootfs
+
+lxc.include = /etc/lxc/lxc-common.conf
+
+EOF
+
+# configure resolv.conf in the guest
+cp /etc/resolv.conf $rootfs/etc/resolv.conf
+cat <<EOF >> $rootfs/etc/resolv.conf
+nameserver 8.8.8.8
+nameserver 8.8.4.4
+
+EOF
-# Added .max and .path for LXC 4.0.x
-lxc.tty.max = 4
-lxc.pty.max = 1024
-lxc.rootfs.path = $rootfs
-
-lxc.cgroup.devices.deny = a
-# /dev/null and zero
-lxc.cgroup.devices.allow = c 1:3 rwm
-lxc.cgroup.devices.allow = c 1:5 rwm
-# consoles
-lxc.cgroup.devices.allow = c 5:1 rwm
-lxc.cgroup.devices.allow = c 5:0 rwm
-lxc.cgroup.devices.allow = c 4:0 rwm
-lxc.cgroup.devices.allow = c 4:1 rwm
-# /dev/{,u}random
-lxc.cgroup.devices.allow = c 1:9 rwm
-lxc.cgroup.devices.allow = c 1:8 rwm
-lxc.cgroup.devices.allow = c 136:* rwm
-lxc.cgroup.devices.allow = c 5:2 rwm
-# rtc
-lxc.cgroup.devices.allow = c 254:0 rwm
-
-# we don't trust even the root user in the container, better safe than sorry.
-# comment out only if you know what you're doing.
-lxc.cap.drop = sys_module mknod mac_override mac_admin sys_time setfcap setpcap
+# install a couple of suitable aliases...
+cat <<EOF >> $rootfs/etc/profile
+alias rm='rm -I'
+alias ls='ls --color=always'
+alias grep="grep --color=auto"
+alias tree="tree -C"
+alias wget="wget --no-check-certificate"
+export EDITOR=/usr/bin/nano
+export VISUAL=/usr/bin/nano
-# you can try also this alternative to the line above, whatever suits you better.
-# lxc.cap.drop=sys_admin
EOF
+# copy the nano editor config file if it exists
+if [ -f /root/.nanorc ]; then
+ cp /root/.nanorc $rootfs/root/.nanorc
+fi
+
if [ $? -ne 0 ]; then
echo "Failed to add configuration."
return 1
@@ -466,7 +486,7 @@
fi
# If no release version was specified, use current
-release=${release:-current}
+release=${release:-15.0}
if [ -z "$name" ]; then
# no name given? set a default one
@@ -518,6 +538,8 @@
exit 1
fi
+echo
+
if [ ! -z $clean ]; then
clean || exit 1
exit 0