diff options
| author | Christian Rößler | 2013-11-21 17:38:48 +0100 |
|---|---|---|
| committer | Christian Rößler | 2013-11-21 17:38:48 +0100 |
| commit | d8e77f3affcc11af0dec6c7bb96a7b53576da519 (patch) | |
| tree | 3e7f30d4a6e42a9fff2969c629f48cba56b6c483 | |
| parent | [systemd] systemd.build: Corrected pkg_config-Path to own kmod (diff) | |
| parent | [stage4-blacklist] Remove links to shell, poweroff/reboot/shutdown, whitelist... (diff) | |
| download | tm-scripts-d8e77f3affcc11af0dec6c7bb96a7b53576da519.tar.gz tm-scripts-d8e77f3affcc11af0dec6c7bb96a7b53576da519.tar.xz tm-scripts-d8e77f3affcc11af0dec6c7bb96a7b53576da519.zip | |
Merge branch 'master' of git.openslx.org:openslx-ng/tm-scripts
9 files changed, 53 insertions, 37 deletions
diff --git a/remote/modules/consolekit/consolekit.conf.ubuntu b/remote/modules/consolekit/consolekit.conf.ubuntu index 3b160bc9..e7f5e47d 100644 --- a/remote/modules/consolekit/consolekit.conf.ubuntu +++ b/remote/modules/consolekit/consolekit.conf.ubuntu @@ -1,3 +1,6 @@ +REQUIRED_INSTALLED_PACKAGES=" + consolekit +" REQUIRED_CONTENT_PACKAGES=" consolekit libpam-ck-connector diff --git a/remote/modules/vmchooser/data/opt/openslx/scripts/vmchooser-run_virt b/remote/modules/vmchooser/data/opt/openslx/scripts/vmchooser-run_virt index 2c48218c..eb284192 100755 --- a/remote/modules/vmchooser/data/opt/openslx/scripts/vmchooser-run_virt +++ b/remote/modules/vmchooser/data/opt/openslx/scripts/vmchooser-run_virt @@ -244,11 +244,6 @@ else vmpath="${imgpath}/${imgname}" fi -# Check if virtual machine container file exists -if ! [ -e "${vmpath}" ]; then - writelog "Virtual machine image ${vmpath} not found!" - exit 1 -fi # Name of the virt machine, sed because of Windows formatting vm_name=$(grep -o 'short_description param=.*"' "${xmlfile}" \ @@ -470,17 +465,18 @@ cp "/opt/openslx/etc/vmchooser/openslx.exe" "/opt/openslx/etc/vmchooser/fd-loop/ unset vm_diskfile unset vm_revision unset dnbd3 -if [ -n "$SLX_DNBD3_SERVERS" -a "x$SLX_VM_DNBD3" = "xyes" ]; then +if [ -n "$SLX_DNBD3_SERVERS" -o -n "$SLX_DNBD3_PRIO_SERVERS" ] && [ "x$SLX_VM_DNBD3" = "xyes" ]; then if [ -e "/dev/dnbd0" -a -e "/var/run/dnbd3.socket" ]; then # Shuffle server list - TMP_SERVERS=$(for SRV in $SLX_DNBD3_SERVERS; do echo "$RANDOM $SRV"; done | sort -u | sed -r 's/^[0-9]+ //') - for SRV in $TMP_SERVERS; do + [ -n "$SLX_DNBD3_SERVERS" ] && TMP_SERVERS=$(for SRV in $SLX_DNBD3_SERVERS; do echo "$RANDOM $SRV"; done | sort -u | sed -r 's/^[0-9]+ //') + for SRV in $SLX_DNBD3_PRIO_SERVERS $TMP_SERVERS; do dnbd3=$(dnbd3-client -h "$SRV" -i "${vmpath#/mnt/vmstore/}" -r 0) RET=$? if [ "$RET" = "0" ]; then - vm_diskfile="$dnbd3" vm_revision=$(cat "/sys/block/${dnbd3#/dev/}/net/rid") writelog "DNBD3: $vm_diskfile on $dnbd3 with rid $vm_revision" + vm_diskfile="$dnbd3" + vmpath="$vm_diskfile" break fi done @@ -491,7 +487,18 @@ if [ -n "$SLX_DNBD3_SERVERS" -a "x$SLX_VM_DNBD3" = "xyes" ]; then else writelog "Won't use dnbd3 as no servers are given in config" fi -[ -z "$vm_diskfile" ] && vm_diskfile="$vmpath" + +if [ -z "$vm_diskfile" ]; then + vmpath=$(ls "${vmpath}.r"* | grep -E '\.r[0-9]+$' | sort --version-sort | tail -1) + vm_diskfile="$vmpath" +fi + +# Check if virtual machine container file exists +if ! [ -e "${vmpath}" ]; then + writelog "Virtual machine image ${vmpath} not found!" + exit 1 +fi + writelog "Used diskfile: $vm_diskfile" # Get all virtual machine specific stuff from the respective include file @@ -503,7 +510,7 @@ fi self="${xmlvirt}" . "/opt/openslx/etc/${xmlvirt}/run-virt.include" || writelog "Erroneous run-virt.include for $xmlvirt" # start a windowmanager for easier handling -# (expect problems /w windows opening in background /w vmware without wm) +# (expect problems w/ windows opening in background w/ vmware without wm) for dm in twm xfwm4 metacity openbox blackbox kwin fvwm2 ; do if which $dm >/dev/null 2>&1 ; then if [ "$dm" = "fvwm2" ] ; then diff --git a/remote/modules/vmchooser/data/opt/openslx/scripts/vmchooser-xml_filter b/remote/modules/vmchooser/data/opt/openslx/scripts/vmchooser-xml_filter index 4faea740..960d1358 100755 --- a/remote/modules/vmchooser/data/opt/openslx/scripts/vmchooser-xml_filter +++ b/remote/modules/vmchooser/data/opt/openslx/scripts/vmchooser-xml_filter @@ -59,9 +59,9 @@ function handlePersistentVM() { grep -i -q "<active param=.*true.*" "$FILE" || continue # HACK: filter all virtualbox images, as vbox is not ready yet grep -i -q "<virtualmachine param=.*virtualbox.*" "$FILE" && continue - if [ -n "${vmchooser_env}" ]; then + if [ -n "${SLX_VM_POOL_FILTER}" ]; then # filter all xmls with pool-param not equal to vmchooser::env - if [ $(grep "<pools param=\"${vmchooser_env}\"" "$FILE" | wc -l) -eq 1 ]; then + if [ $(grep "<pools param=\"${SLX_VM_POOL_FILTER}\"" "$FILE" | wc -l) -eq 1 ]; then handlePersistentVM "$FILE" echo "$FILE" fi diff --git a/remote/modules/vmware/data/opt/openslx/scripts/systemd-vmware_env b/remote/modules/vmware/data/opt/openslx/scripts/systemd-vmware_env index 175f3bef..bf7bfc5e 100755 --- a/remote/modules/vmware/data/opt/openslx/scripts/systemd-vmware_env +++ b/remote/modules/vmware/data/opt/openslx/scripts/systemd-vmware_env @@ -1,4 +1,4 @@ -#!/bin/sh +#!/opt/openslx/bin/ash # Copyright (c) 2009 - OpenSLX GmbH # # This program is free software distributed under the GPL version 2. @@ -10,8 +10,6 @@ # General information about OpenSLX can be found at http://openslx.org/ # ----------------------------------------------------------------------------- -export PATH=$PATH:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin - VMWARE_CONF_DIR=/opt/openslx/etc/vmware for wait in 1 1 2 2 3 end; do @@ -117,23 +115,23 @@ setup_network() { -e "s,LEASEFILE,/var/run/vmware/udhcpd-vmnet8.leases," \ ${VMWARE_CONF_DIR}/udhcpd.conf >/etc/vmware/udhcpd/udhcpd-vmnet8.conf # might be not needed any more ... - echo -e "# Linux NAT configuration file" \ + echo "# Linux NAT configuration file" \ > /etc/vmware/nat.conf - echo -e "[host]" \ + echo "[host]" \ >> /etc/vmware/nat.conf - echo -e "ip = $vmnet/$vmpx" \ + echo "ip = $vmnet/$vmpx" \ >> /etc/vmware/nat.conf - echo -e "device = /dev/vmnet8" \ + echo "device = /dev/vmnet8" \ >> /etc/vmware/nat.conf - echo -e "activeFTP = 1" \ + echo "activeFTP = 1" \ >> /etc/vmware/nat.conf - echo -e "[udp]" \ + echo "[udp]" \ >> /etc/vmware/nat.conf - echo -e "timeout = 60" \ + echo "timeout = 60" \ >> /etc/vmware/nat.conf - echo -e "[incomingtcp]" \ + echo "[incomingtcp]" \ >> /etc/vmware/nat.conf - echo -e "[incomingudp]" \ + echo "[incomingudp]" \ >> /etc/vmware/nat.conf echo "00:50:56:F1:30:50" > /etc/vmware/vmnet-natd-8.mac fi diff --git a/remote/rootfs/rootfs-stage32/data/opt/openslx/bin/penv b/remote/rootfs/rootfs-stage32/data/opt/openslx/bin/penv index ca5a23ac..47a055ef 100755 --- a/remote/rootfs/rootfs-stage32/data/opt/openslx/bin/penv +++ b/remote/rootfs/rootfs-stage32/data/opt/openslx/bin/penv @@ -1,7 +1,7 @@ #!/bin/sh -[ "x$UID" != "x0" ] && echo "You need to be root." && exit 1 [ "$#" -ne "1" ] && echo "Usage: $0 PID" && exit 1 -[ ! -d "/proc/$1/environ" ] && echo "No such process: $1" && exit 1 +[ ! -e "/proc/$1/environ" ] && echo "No such process: $1" && exit 1 +[ ! -r "/proc/$1/environ" ] && echo "Cannot open process: $1" && exit 1 sed 's/\x0/\n/g' "/proc/$1/environ" | grep -E --color=auto '^[^=]*' diff --git a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export index fd3e1b0a..c71dc9f6 100755 --- a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export +++ b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export @@ -9,18 +9,19 @@ mkdir -p "$MOUNTPOINT" if [[ "$SLX_STAGE4" == dnbd3* ]]; then # dnbd3 it is - [ -z "${SLX_DNBD3_SERVERS}" ] && { echo "SLX_DNBD3_SERVERS empty or not set in /opt/openslx/config." && exit 1; } + [ -z "${SLX_DNBD3_SERVERS}${SLX_DNBD3_PRIO_SERVERS}" ] && { echo "SLX_DNBD3(_PRIO)_SERVERS empty or not set in /opt/openslx/config." && exit 1; } # Randomize list SERVERS=$(for SERVER in $SLX_DNBD3_SERVERS; do echo "$RANDOM $SERVER"; done | sort -u | sed -r 's/^[0-9]+ //') IMAGE=$(echo $SLX_STAGE4 | awk '{printf $2}') [ -e /var/run/dnbd3.socket ] || sleep 2 # Ugly, service should only start when dnbd3 daemon is up and running RET=1337 - for SRV in $SERVERS; do + for SRV in $SLX_DNBD3_PRIO_SERVERS $SERVERS; do echo "Requesting $IMAGE from $SRV" dnbd3=$(dnbd3-client -h "$SRV" -i "$IMAGE" -r 0) RET=$? [ "$RET" -eq "0" ] && break echo "... didn't work ($RET)" + sleep 2 done [ "$RET" -ne "0" ] && exit $RET echo "Mounting $dnbd3 to $MOUNTPOINT" diff --git a/server/blacklists/desktop-sessions/filter b/server/blacklists/desktop-sessions/filter index 66d3589a..aafd1156 100644 --- a/server/blacklists/desktop-sessions/filter +++ b/server/blacklists/desktop-sessions/filter @@ -2,3 +2,4 @@ + /usr/share/xsessions/gnome.desktop + /usr/share/xsessions/kde-plasma.desktop + /usr/share/xsessions/ubuntu.desktop ++ /usr/share/xsessions/xfce.desktop diff --git a/server/blacklists/essential/linux-base b/server/blacklists/essential/linux-base index 4f58b6c9..f83ef1ac 100644 --- a/server/blacklists/essential/linux-base +++ b/server/blacklists/essential/linux-base @@ -32,5 +32,11 @@ - /initrd.img.old - /vmlinuz - /vmlinuz.old +# Interfering binaries/links +- /sbin/shutdown +- /sbin/reboot +- /sbin/poweroff +- /sbin/halt +- /bin/sh # This is where the bind-mount of mltk resides... - /export/build diff --git a/server/modules/pam-freiburg/etc/pam.d/common-session b/server/modules/pam-freiburg/etc/pam.d/common-session index 9a8b73e1..26ff89a3 100644 --- a/server/modules/pam-freiburg/etc/pam.d/common-session +++ b/server/modules/pam-freiburg/etc/pam.d/common-session @@ -13,26 +13,26 @@ # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) -session [default=1] pam_permit.so +session [default=1] pam_permit.so # here's the fallback if no module succeeds -session requisite pam_deny.so +session requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around -session required pam_permit.so +session required pam_permit.so # The pam_umask module will set the umask according to the system default in # /etc/login.defs and user settings, solving the problem of different # umask settings with different shells, display managers, remote sessions etc. # See "man pam_umask". session optional pam_umask.so # and here are more per-package modules (the "Additional" block) -session required pam_systemd.so -session optional pam_ck_connector.so +session required pam_systemd.so +session optional pam_ck_connector.so nox11 session optional pam_env.so readenv=1 session optional pam_env.so readenv=1 envfile=/etc/default/locale -session optional pam_krb5.so minimum_uid=1000 -session [success=1] pam_unix.so +session optional pam_krb5.so minimum_uid=1000 +session [success=1] pam_unix.so session [success=ok] pam_ldap.so -session sufficient pam_script.so +session sufficient pam_script.so session optional pam_mkhomedir.so skel=/etc/skel umask=0022 # end of pam-auth-update config |