add "--mask-tmp" to lxc-fedora, plus some template script fixes]

Hi Michael, do you have any concerns with the attached patch to the fedora template that adds an option --mask-tmp that prevents fedora/systemd from over-mounting /tmp with tmpfs, which is useful in some cases? Thanks - Michael ----- Forwarded message from Michael Adam <obnox@samba.org> ----- Date: Sat, 10 Jan 2015 13:12:06 +0100 From: Michael Adam <obnox@samba.org> To: LXC development mailing-list <lxc-devel@lists.linuxcontainers.org> Subject: Re: [lxc-devel] [PATCHES] add "--mask-tmp" to lxc-fedora, plus some template script fixes User-Agent: Mutt/1.5.23 (2014-03-12) On 2015-01-10 at 13:08 +0100, Michael Adam wrote: > On 2015-01-10 at 04:05 +0000, Serge Hallyn wrote: > > > The less controversial one is adding mask-tmp to the fedora template. > > It looks fine to me, but that should go separately to mwarfield, our > > fedora template maintainer :) > > I had notified mhw of my patches on irc, but apparently he is > currently very busy. > > For a start, following is an update of the uncontroversial fix > patches, i.e. the fix patche without the path ones, and without > the mask-tmp patch. And here comes the mask-tmp patch. It needs to be applied onto the previous fix-patchset. From 9589dca Mon Sep 17 00:00:00 2001 From: Michael Adam <obnox@samba.org> Date: Thu, 8 Jan 2015 10:25:24 +0100 Subject: [PATCH] lxc-fedora: add a new option --mask-tmp This will configure the container to prevent the standard behaviour of over-mounting /tmp with tmpfs, which can be undesirable in some cases. My personal use case is vagrant-lxc in combination with vagrant-cachier. Signed-off-by: Michael Adam <obnox@samba.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
lxc · Jan 21, 2015 · c2af308 · c2af308
1 parent 6b1aa94
commit c2af308
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in
@@ -372,6 +372,12 @@ configure_fedora_systemd()
     chroot ${rootfs_path} ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
     # Make systemd honor SIGPWR
     chroot ${rootfs_path} ln -s /usr/lib/systemd/system/halt.target /etc/systemd/system/sigpwr.target
+
+    # if desired, prevent systemd from over-mounting /tmp with tmpfs
+    if [ $masktmp -eq 1 ]; then
+        chroot ${rootfs_path} ln -s /dev/null /etc/systemd/system/tmp.mount
+    fi
+
     #dependency on a device unit fails it specially that we disabled udev
     # sed -i 's/After=dev-%i.device/After=/' ${rootfs_path}/lib/systemd/system/getty\@.service
     #
@@ -1175,6 +1181,7 @@ usage:
     $1 -n|--name=<container_name>
         [-p|--path=<path>] [-c|--clean] [-R|--release=<Fedora_release>]
         [--fqdn=<network name of container>] [-a|--arch=<arch of the container>]
+        [--mask-tmp]
         [-h|--help]
 Mandatory args:
   -n,--name         container name, used to as an identifier for that container
@@ -1187,18 +1194,21 @@ Optional args:
                     Defaults to host's release if the host is Fedora.
      --fqdn         fully qualified domain name (FQDN) for DNS and system naming
   -a,--arch         Define what arch the container will be [i686,x86_64]
+  --mask-tmp        Prevent systemd from over-mounting /tmp with tmpfs.
   -h,--help         print this help
 EOF
     return 0
 }
 
-options=$(getopt -o a:hp:n:cR: -l help,path:,rootfs:,name:,clean,release:,arch:,fqdn: -- "$@")
+options=$(getopt -o a:hp:n:cR: -l help,path:,rootfs:,name:,clean,release:,arch:,fqdn:,mask-tmp -- "$@")
 if [ $? -ne 0 ]; then
     usage $(basename $0)
     exit 1
 fi
 
 arch=$(uname -m)
+masktmp=0
+
 eval set -- "$options"
 while true
 do
@@ -1211,6 +1221,7 @@ do
         -R|--release)   release=$2; shift 2;;
         -a|--arch)      newarch=$2; shift 2;;
         --fqdn)         utsname=$2; shift 2;;
+        --mask-tmp)     masktmp=1; shift 1;;
         --)             shift 1; break ;;
         *)              break ;;
     esac