added lf and iptables

3 files changed, 215 insertions, 0 deletions

diff --git a/repo/lxc/lxc.confd b/repo/lxc/lxc.confd
new file mode 100644
index 0000000..1badcf8
--- /dev/null
+++ b/repo/lxc/lxc.confd
@@ -0,0 +1,10 @@
+# Configuration for /etc/init.d/lxc[.*]
+
+# Enable cgroup for systemd-based containers.
+#systemd_container=no
+
+# autostart groups (comma separated)
+#lxc_group="onboot"
+
+# Directory for containers' logs (used for symlinked runscripts lxc.*).
+#logdir="/var/log/lxc"
diff --git a/repo/lxc/lxc.initd b/repo/lxc/lxc.initd
new file mode 100644
index 0000000..210a126
--- /dev/null
+++ b/repo/lxc/lxc.initd
@@ -0,0 +1,163 @@
+#!/sbin/openrc-run
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/lxc/files/lxc.initd.2,v 1.5 2012/07/21 05:07:15 flameeyes Exp $
+
+extra_started_commands="reboot"
+
+description="Linux Containers (LXC)"
+description_reboot="Reboot containers"
+
+CONTAINER=${SVCNAME#*.}
+: ${lxc_group:=$LXC_GROUP}
+: ${systemd_container:=no}
+: ${logdir:=/var/log/lxc}
+
+command="/usr/bin/lxc-start"
+pidfile="/var/run/lxc/$CONTAINER.pid"
+
+depend() {
+	need localmount sysfs cgroups
+	after firewall net
+}
+
+lxc_get_configfile() {
+	local i
+	for i in /var/lib/lxc/${CONTAINER}/config \
+			/etc/lxc/${CONTAINER}.conf \
+			/etc/lxc/${CONTAINER}/config; do
+		if [ -f "$i" ]; then
+			echo "$i"
+			return 0
+		fi
+	done
+	eerror "Unable to find a suitable configuration file."
+	eerror "If you set up the container in a non-standard"
+	eerror "location, please set the CONFIGFILE variable."
+	return 1
+}
+
+lxc_get_var() {
+	awk 'BEGIN { FS="[ \t]*=[ \t]*" } $1 == "'$1'" { print $2; exit }' ${CONFIGFILE} | cut -d: -f2
+}
+
+checkconfig() {
+	if [ ${CONTAINER} = ${SVCNAME} ]; then
+		CONTAINER=
+		return 0
+	fi
+	CONFIGFILE=${CONFIGFILE:-$(lxc_get_configfile)}
+
+	# no need to output anything, the function takes care of that.
+	[ -z "${CONFIGFILE}" ] && return 1
+
+	utsname=$(lxc_get_var lxc.uts.name)
+	if [ "${CONTAINER}" != "${utsname}" ]; then
+	    eerror "You should use the same name for the service and the"
+	    eerror "lxc.uts.name : Right now the lxc.uts.name is set to : ${utsname}"
+	    return 1
+	fi
+}
+
+systemd_ctr() {
+	local cmd="$1"
+	# Required for lxc-console and services inside systemd containers.
+	local cgroup=/sys/fs/cgroup/systemd
+	local mnt_opts='rw,nosuid,nodev,noexec,relatime,none,name=systemd'
+
+	case "$cmd" in
+		mount)
+			checkpath -d $cgroup
+			if ! mount | grep $cgroup >/dev/null; then
+				mount -t cgroup -o $mnt_opts cgroup $cgroup
+			fi
+			;;
+		unmount)
+			if mount | grep $cgroup >/dev/null; then
+				umount $cgroup
+			fi
+			;;
+	esac
+}
+
+_autostart() {
+	ebegin "$1 LXC containers"
+	shift
+	lxc-autostart --group "$lxc_group" "$@"
+	eend $?
+}
+
+start() {
+	checkconfig || return 1
+	if yesno "$systemd_container"; then
+		systemd_ctr mount
+	fi
+	if [ -z "$CONTAINER" ]; then
+		_autostart "Starting"
+		return
+	fi
+
+	rm -f "$logdir"/${CONTAINER}.log
+
+	rootpath=$(lxc_get_var lxc.rootfs.path)
+	# verify that container is not on tmpfs
+	dev=$(df -P "${rootpath}" | awk '{d=$1}; END {print d}')
+	type=$(awk -v dev="$dev" '$1 == dev {m=$3}; END {print m}' /proc/mounts)
+	if [ "$type" = tmpfs ] && ! yesno "$ALLOW_TMPFS"; then
+		eerror "${rootpath} is on tmpfs and ALLOW_TMPFS is not set"
+		return 1
+	fi
+
+	checkpath -d -m 750 -o root:wheel $logdir
+
+	checkpath -d ${pidfile%/*}
+	ebegin "Starting container ${CONTAINER}"
+	start-stop-daemon --start $command \
+		--pidfile $pidfile \
+		-- \
+		--daemon \
+		--pidfile $pidfile \
+		--name ${CONTAINER} \
+		--rcfile ${CONFIGFILE} \
+		--logpriority WARN \
+		--logfile $logdir/${CONTAINER}.log \
+		|| eend $? || return $?
+	lxc-wait -n ${CONTAINER} -t 5 -s RUNNING
+	eend $?
+}
+
+stop() {
+	checkconfig || return 1
+	systemd_ctr unmount
+
+	if [ -z "$CONTAINER" ]; then
+		_autostart "Stopping" --shutdown --timeout ${LXC_TIMEOUT:-30}
+		return
+	fi
+	if yesno "$systemd_container"; then
+		: ${POWEROFF_SIGNAL=-38}
+	fi
+
+	ebegin "Stopping container ${CONTAINER}"
+	start-stop-daemon --stop --pidfile ${pidfile} \
+		--retry ${POWEROFF_SIGNAL:-SIGUSR2}/${TIMEOUT:-30} \
+		--progress
+	eend $?
+}
+
+reboot() {
+	checkconfig || return 1
+	if [ -z "$CONTAINER" ]; then
+		_autostart "Rebooting" --reboot
+		return
+	fi
+	if yesno "$systemd_container"; then
+		: ${RESTART_SIG=39}
+	fi
+
+	ebegin "Sending reboot signal to container $CONTAINER"
+	start-stop-daemon --signal ${RESTART_SIG:-SIGTERM} \
+		--pidfile ${pidfile}
+	eend $?
+}
+
diff --git a/repo/lxc/lxc.xibuild b/repo/lxc/lxc.xibuild
new file mode 100644
index 0000000..e50de42
--- /dev/null
+++ b/repo/lxc/lxc.xibuild
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+NAME="lxc"
+DESC="Userspace interface for the Linux kernel containment features"
+
+MAKEDEPS="libcap libseccomp pam linux-headers musl-legacy-compat docbook2x automake autoconf libtool perl-xml-namespacesupport"
+
+PKG_VER=4.0.12
+SOURCE="https://linuxcontainers.org/downloads/lxc/lxc-$PKG_VER.tar.gz"
+
+ADDITIONAL="
+lxc.confd
+lxc.initd
+"
+
+build() {
+	./configure \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--localstatedir=/var \
+		--disable-apparmor \
+		--enable-pam \
+		--with-distro=xi \
+		--disable-werror \
+		--enable-doc
+	make
+}
+
+check() {
+	make check
+}
+
+package() {
+	make DESTDIR="$PKG_DEST" install
+
+	install -Dm755 "$BUILD_ROOT"/lxc.initd "$PKG_DEST"/etc/init.d/lxc
+	install -Dm644 "$BUILD_ROOT"/lxc.confd "$PKG_DEST"/etc/conf.d/lxc
+	install -d "$PKG_DEST"/var/lib/lxc
+
+	# Remove useless config for SysVinit.
+	rm -r "$PKG_DEST"/etc/default
+}