OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	11/10/2024 09:42:49 AM	rwxr-xr-x
📄 lxc.mount.hook	2.63 KB	06/07/2022 04:31:21 PM	rwxr-xr-x
📄 lxc.reboot.hook	26 bytes	06/07/2022 04:31:21 PM	rwxr-xr-x

Editing: lxc.mount.hook

#!/bin/sh -e

# We're dealing with mount entries, so expand any symlink
LXC_ROOTFS_MOUNT=$(readlink -f ${LXC_ROOTFS_MOUNT})

# /proc files
if [ -d /var/lib/lxcfs/proc/ ]; then
    for entry in /var/lib/lxcfs/proc/*; do
        [ -e "${LXC_ROOTFS_MOUNT}/proc/$(basename $entry)" ] || continue
        mount -n --bind $entry ${LXC_ROOTFS_MOUNT}/proc/$(basename $entry)
    done
fi

# Allow nesting lxcfs
if [ -d ${LXC_ROOTFS_MOUNT}/var/lib/lxcfs/ ]; then
    mount -n --bind /var/lib/lxcfs ${LXC_ROOTFS_MOUNT}/var/lib/lxcfs/
fi

# no need for lxcfs cgroups if we have cgroup namespaces
[ -n "$LXC_CGNS_AWARE" ] && [ -f /proc/self/ns/cgroup ] && exit 0

# Don't mess with containers that don't have /sys/fs/cgroup configured
# (lxc.mount.auto = cgroup:mixed)
if touch ${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/lxcfs; then
    rm ${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/lxcfs
else
    exit 0
fi

# /sys/fs/cgroup files
if [ -d "${LXC_ROOTFS_MOUNT}/sys/fs/cgroup" ]; then
    if [ -d /var/lib/lxcfs/cgroup ]; then
        # Cleanup existing mounts
        for entry in ${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/*; do
            DEST=$(basename $entry)

if [ "${DEST}" = "cgmanager" ]; then
                continue
            fi

if [ ! -d "${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/${DEST}" ]; then
                continue
            fi

while grep -q "${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/${DEST}" /proc/self/mountinfo; do
                grep "${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/${DEST}" /proc/self/mountinfo | cut -d' ' -f5 | while read line; do
                     [ -e "${line}" ] && umount -l "${line}" || true
                done
            done

rm -Rf ${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/${DEST}
        done

# Mount the new entries
        for entry in /var/lib/lxcfs/cgroup/*; do
            DEST=$(basename $entry)
            if [ "$DEST" = "name=systemd" ]; then
                DEST="systemd"
            fi

if [ ! -d ${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/${DEST} ]; then
                mkdir ${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/${DEST}
            fi

mount -n --bind $entry ${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/$DEST

# make sure that cpu,cpuacct shows up as cpu and cpuacct
            # separately, else systemd is unhappy
            if echo $DEST | grep -q ","; then
                arr=$(echo $DEST | tr "," "\n")
                for single in $arr
                do
                    if [ ! -L ${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/$single ]; then
                        ln -s $DEST ${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/$single
                    fi
                done
            fi
        done
    fi
fi

exit 0