From ecaa7f9c6813127ed93f3bfa3e8ba00a6833e999 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Fri, 14 Jul 2017 13:53:45 +0100 Subject: [PATCH 1/3] Remove the -x from the rungetty script Its annoyingly verbose! Signed-off-by: Justin Cormack --- pkg/getty/usr/bin/rungetty.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/getty/usr/bin/rungetty.sh b/pkg/getty/usr/bin/rungetty.sh index 6b3e709d8..38d389064 100755 --- a/pkg/getty/usr/bin/rungetty.sh +++ b/pkg/getty/usr/bin/rungetty.sh @@ -1,5 +1,4 @@ #!/bin/sh -set -x infinite_loop() { while true; do From 98ed378dbd4cdd45f06d6d75717430e52c859bc9 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Fri, 14 Jul 2017 18:31:44 +0100 Subject: [PATCH 2/3] Add a securetty file Do not copy host securetty file - this one should be comprehensive or bind mount host one in yourself. Signed-off-by: Justin Cormack --- pkg/getty/etc/securetty | 33 +++++++++++++++++++++++++++++++++ pkg/getty/usr/bin/rungetty.sh | 7 ------- 2 files changed, 33 insertions(+), 7 deletions(-) create mode 100644 pkg/getty/etc/securetty diff --git a/pkg/getty/etc/securetty b/pkg/getty/etc/securetty new file mode 100644 index 000000000..57f40c9e2 --- /dev/null +++ b/pkg/getty/etc/securetty @@ -0,0 +1,33 @@ +console +tty1 +tty2 +tty3 +tty4 +tty5 +tty6 +tty7 +tty8 +tty9 +tty10 +tty11 + +# UART serial ports +ttyS0 +ttyS1 +ttyS2 +ttyS3 + +# IBM iSeries/pSeries virtual console, Xen +hvc0 +hvc1 + +#IBM pSeries console ports +hvsi0 +hvsi1 + +# ARM "AMBA" serial ports +ttyAM0 +ttyAM1 + +# s390 and s390x ports in LPAR mode +ttysclp0 diff --git a/pkg/getty/usr/bin/rungetty.sh b/pkg/getty/usr/bin/rungetty.sh index 38d389064..e8ae401f5 100755 --- a/pkg/getty/usr/bin/rungetty.sh +++ b/pkg/getty/usr/bin/rungetty.sh @@ -49,13 +49,6 @@ if [ -f $ROOTSHADOW ]; then echo >> /etc/shadow fi -ROOTSTTY=/hostroot/etc/securetty -if [ -f $ROOTSTTY ]; then - cp $ROOTSTTY /etc/securetty - # just in case someone forgot a newline - echo >> /etc/securetty -fi - for opt in $(cat /proc/cmdline); do case "$opt" in console=*) From b0800cba594eef49a718dfc5aed3e88041587bda Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Fri, 14 Jul 2017 18:38:36 +0100 Subject: [PATCH 3/3] update getty hash Signed-off-by: Justin Cormack --- blueprints/docker-for-mac/base.yml | 2 +- linuxkit.yml | 2 +- projects/kubernetes/kube-master.yml | 2 +- projects/kubernetes/kube-node.yml | 2 +- projects/miragesdk/examples/mirage-dhcp.yml | 2 +- projects/shiftfs/shiftfs.yml | 2 +- test/cases/040_packages/007_getty-containerd/test-ctr.yml | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/blueprints/docker-for-mac/base.yml b/blueprints/docker-for-mac/base.yml index 10baf6e2b..86162f967 100644 --- a/blueprints/docker-for-mac/base.yml +++ b/blueprints/docker-for-mac/base.yml @@ -53,7 +53,7 @@ services: image: linuxkit/acpid:1966310cb75e28ffc668863a6577ee991327f918 # Enable getty for easier debugging - name: getty - image: linuxkit/getty:5ab31289889d61a5d2ecbeea8e36ce74ac54737c + image: linuxkit/getty:deb9332e786e72591bd9be200bcc9c7a534eb754 env: - INSECURE=true # Run ntpd to keep time synchronised in the VM diff --git a/linuxkit.yml b/linuxkit.yml index 806590a25..e0e00e58d 100644 --- a/linuxkit.yml +++ b/linuxkit.yml @@ -16,7 +16,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: linuxkit/getty:5ab31289889d61a5d2ecbeea8e36ce74ac54737c + image: linuxkit/getty:deb9332e786e72591bd9be200bcc9c7a534eb754 env: - INSECURE=true - name: rngd diff --git a/projects/kubernetes/kube-master.yml b/projects/kubernetes/kube-master.yml index 73a38006e..77eeba18d 100644 --- a/projects/kubernetes/kube-master.yml +++ b/projects/kubernetes/kube-master.yml @@ -26,7 +26,7 @@ onboot: - /var:/var:rshared,rbind services: - name: getty - image: linuxkit/getty:5ab31289889d61a5d2ecbeea8e36ce74ac54737c + image: linuxkit/getty:deb9332e786e72591bd9be200bcc9c7a534eb754 env: - INSECURE=true - name: rngd diff --git a/projects/kubernetes/kube-node.yml b/projects/kubernetes/kube-node.yml index 5d2500c67..48c224a1d 100644 --- a/projects/kubernetes/kube-node.yml +++ b/projects/kubernetes/kube-node.yml @@ -26,7 +26,7 @@ onboot: - /var:/var:rshared,rbind services: - name: getty - image: linuxkit/getty:5ab31289889d61a5d2ecbeea8e36ce74ac54737c + image: linuxkit/getty:deb9332e786e72591bd9be200bcc9c7a534eb754 env: - INSECURE=true - name: rngd diff --git a/projects/miragesdk/examples/mirage-dhcp.yml b/projects/miragesdk/examples/mirage-dhcp.yml index 62ca16f3b..e2073e346 100644 --- a/projects/miragesdk/examples/mirage-dhcp.yml +++ b/projects/miragesdk/examples/mirage-dhcp.yml @@ -30,7 +30,7 @@ services: - name: sshd image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb - name: getty - image: linuxkit/getty:5ab31289889d61a5d2ecbeea8e36ce74ac54737c + image: linuxkit/getty:deb9332e786e72591bd9be200bcc9c7a534eb754 env: - INSECURE=true files: diff --git a/projects/shiftfs/shiftfs.yml b/projects/shiftfs/shiftfs.yml index d9d48eccb..531aeae03 100644 --- a/projects/shiftfs/shiftfs.yml +++ b/projects/shiftfs/shiftfs.yml @@ -16,7 +16,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: linuxkit/getty:5ab31289889d61a5d2ecbeea8e36ce74ac54737c + image: linuxkit/getty:deb9332e786e72591bd9be200bcc9c7a534eb754 env: - INSECURE=true - name: rngd diff --git a/test/cases/040_packages/007_getty-containerd/test-ctr.yml b/test/cases/040_packages/007_getty-containerd/test-ctr.yml index dbdba8483..5f4dd1ee0 100644 --- a/test/cases/040_packages/007_getty-containerd/test-ctr.yml +++ b/test/cases/040_packages/007_getty-containerd/test-ctr.yml @@ -12,7 +12,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: linuxkit/getty:5ab31289889d61a5d2ecbeea8e36ce74ac54737c + image: linuxkit/getty:deb9332e786e72591bd9be200bcc9c7a534eb754 files: - path: etc/getty.shadow # sample sets password for root to "abcdefgh" (without quotes)