Hi LXC dev mailing list, I've been using LXC for a few days now and so far I'm pretty happy with the near instant deployment of VMs, so thank you for all the work.
I've stumbled upon few minor bugs and I would at least submit a patch for lxc-destroy to perform a bit more sanity check before trying to kill random LV and directories by accident. The following patch tries to address a few problems: - validity of the container name, no "../../../etc/" - checking for config file read existence - sane actions if $rootdev is undef - non interactive lvremove call - and a few aesthetic and minor fixes It also contains a patch submited by Andrea Rota in his "lxc-destroy crosses filesystem boundaries - ID: 3463349" ticket, addressing potential problems if the container contains other (remote) mounted filesytems. Don't hesitate to rewrite this or give any feedback you'll find necessary. Thanks, -- Rémi Laurent Phone: +352 26 10 30 61 General Support: supp...@conostix.com GPG FP: 27F4 6810 2B0E 1AA0 CDAE 7C7B 3DC9 085A 0FA0 0601
From a65d4219245ba09a508f99b054c612ff4a24038f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20Laurent?= <remi.laur...@conostix.com>
Date: Thu, 5 Jan 2012 16:49:42 +0100
Subject: [PATCH] lxc-destroy sanity checks and precautions
---
src/lxc/lxc-destroy.in | 65 ++++++++++++++++++++++++++++++-----------------
1 files changed, 41 insertions(+), 24 deletions(-)
diff --git a/src/lxc/lxc-destroy.in b/src/lxc/lxc-destroy.in
index dda48e6..e769bad 100644
--- a/src/lxc/lxc-destroy.in
+++ b/src/lxc/lxc-destroy.in
@@ -41,50 +41,67 @@ lxc_path=@LXCPATH@
getopt=$(getopt -o $shortoptions --longoptions $longoptions -- "$@")
if [ $? != 0 ]; then
- usage $0
+ usage
exit 1;
fi
eval set -- "$getopt"
while true; do
- case "$1" in
- -n|--name)
- shift
- lxc_name=$1
- shift
- ;;
- --)
- shift
- break;;
- *)
- echo $1
- usage $0
- exit 1
- ;;
- esac
+ case "$1" in
+ -n|--name)
+ shift
+ lxc_name="$1"
+ shift
+ ;;
+ --)
+ shift
+ break;;
+ *)
+ echo "$1"
+ usage
+ exit 1
+ ;;
+ esac
done
if [ -z "$lxc_name" ]; then
echo "no container name specified"
- usage $0
+ usage
exit 1
fi
+if ! expr "$lxc_name" : "^[-_\. a-zA-Z]"; then
+ echo "invalid container name"
+ exit 1
+fi
+
if [ ! -d "$lxc_path/$lxc_name" ]; then
echo "'$lxc_name' does not exist"
exit 1
fi
+if [ ! -r "$lxc_path/$lxc_name/config" ]; then
+ echo "can't read configuration file"
+ exit 1
+fi
+
# Deduce the type of rootfs
# If LVM partition, destroy it. If anything else, ignore it. We'll support
# deletion of others later.
-rootdev=`grep lxc.rootfs $lxc_path/$lxc_name/config | awk -F= '{ print $2 '}`
-if [ -b $rootdev -o -h $rootdev ]; then
- lvdisplay $rootdev > /dev/null 2>&1
- if [ $? -eq 0 ]; then
- lvremove $rootdev
- fi
+rootdev=`awk -F'=' \
+ '/^[ \t]*lxc\.rootfs[ \t]*=/ {
+ gsub(/^[ \t]/,"",$2);
+ gsub(/[ \t]*$/,"",$2);
+ print $2;
+ }' "$lxc_path/$lxc_name/config"`
+
+if [ -b "$rootdev" -o -h "$rootdev" ]; then
+ lvdisplay "$rootdev" > /dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ echo lvremove --force "$rootdev"
+ fi
fi
+
# recursively remove the container to remove old container configuration
-rm -rf --preserve-root $lxc_path/$lxc_name
+rm -rf --preserve-root --one-file-system "$lxc_path/$lxc_name"
--
1.7.2.5
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
