2022-06-23 14:34:54 +02:00
|
|
|
#!/bin/sh
|
|
|
|
#
|
passt: Relicense to GPL 2.0, or any later version
In practical terms, passt doesn't benefit from the additional
protection offered by the AGPL over the GPL, because it's not
suitable to be executed over a computer network.
Further, restricting the distribution under the version 3 of the GPL
wouldn't provide any practical advantage either, as long as the passt
codebase is concerned, and might cause unnecessary compatibility
dilemmas.
Change licensing terms to the GNU General Public License Version 2,
or any later version, with written permission from all current and
past contributors, namely: myself, David Gibson, Laine Stump, Andrea
Bolognani, Paul Holzinger, Richard W.M. Jones, Chris Kuhn, Florian
Weimer, Giuseppe Scrivano, Stefan Hajnoczi, and Vasiliy Ulyanov.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2023-04-05 20:11:44 +02:00
|
|
|
# SPDX-License-Identifier: GPL-2.0-or-later
|
2022-06-23 14:34:54 +02:00
|
|
|
#
|
|
|
|
# PASST - Plug A Simple Socket Transport
|
|
|
|
# for qemu/UNIX domain socket mode
|
|
|
|
#
|
|
|
|
# test/passt.mbuto - mbuto (https://mbuto.sh) profile for test images
|
|
|
|
#
|
|
|
|
# Copyright (c) 2022 Red Hat GmbH
|
|
|
|
# Author: Stefano Brivio <sbrivio@redhat.com>
|
|
|
|
|
|
|
|
PROGS="${PROGS:-ash,dash,bash ip mount ls insmod mkdir ln cat chmod lsmod
|
2022-07-07 16:39:09 +02:00
|
|
|
modprobe find grep mknod mv rm umount jq iperf3 dhclient hostname
|
2022-09-26 20:43:40 +10:00
|
|
|
sed tr chown sipcalc cut socat dd strace ping tail killall sleep sysctl
|
|
|
|
nproc tcp_rr tcp_crr udp_rr which tee seq bc sshd ssh-keygen cmp}"
|
2022-06-23 14:34:54 +02:00
|
|
|
|
2022-09-12 20:56:22 +10:00
|
|
|
KMODS="${KMODS:- virtio_net virtio_pci vmw_vsock_virtio_transport}"
|
2022-06-23 14:34:54 +02:00
|
|
|
|
|
|
|
LINKS="${LINKS:-
|
|
|
|
ash,dash,bash /init
|
2022-07-15 15:21:24 +10:00
|
|
|
ash,dash,bash /bin/sh}"
|
2022-06-23 14:34:54 +02:00
|
|
|
|
2024-01-15 17:39:42 +11:00
|
|
|
DIRS="${DIRS} /tmp /usr/sbin /usr/share /var/log /var/lib /etc/ssh /run/sshd /root/.ssh"
|
2022-06-23 14:34:54 +02:00
|
|
|
|
2022-09-26 20:43:40 +10:00
|
|
|
COPIES="${COPIES} small.bin,/root/small.bin medium.bin,/root/medium.bin big.bin,/root/big.bin"
|
|
|
|
|
2022-07-07 16:39:09 +02:00
|
|
|
FIXUP="${FIXUP}"'
|
2023-12-14 16:12:19 -05:00
|
|
|
mv /sbin/* /usr/sbin || :
|
|
|
|
rm -rf /sbin
|
|
|
|
ln -s /usr/sbin /sbin
|
2022-07-07 16:39:09 +02:00
|
|
|
cat > /sbin/dhclient-script << EOF
|
|
|
|
#!/bin/sh
|
2022-07-15 15:21:26 +10:00
|
|
|
LOG=/var/log/dhclient-script.log
|
|
|
|
echo \${reason} \${interface} >> \$LOG
|
|
|
|
set >> \$LOG
|
|
|
|
|
2022-07-07 16:39:09 +02:00
|
|
|
[ -n "\${new_interface_mtu}" ] && ip link set dev \${interface} mtu \${new_interface_mtu}
|
|
|
|
|
|
|
|
[ -n "\${new_ip_address}" ] && ip addr add \${new_ip_address}/\${new_subnet_mask} dev \${interface}
|
|
|
|
[ -n "\${new_routers}" ] && for r in \${new_routers}; do ip route add default via \${r} dev \${interface}; done
|
2022-07-15 15:21:30 +10:00
|
|
|
:> /etc/resolv.conf
|
2022-07-07 16:39:09 +02:00
|
|
|
[ -n "\${new_domain_name_servers}" ] && for d in \${new_domain_name_servers}; do echo "nameserver \${d}" >> /etc/resolv.conf; done
|
2022-07-15 15:21:30 +10:00
|
|
|
[ -n "\${new_domain_name}" ] && echo "search \${new_domain_name}" >> /etc/resolf.conf
|
|
|
|
[ -n "\${new_domain_search}" ] && (printf "search"; for d in \${new_domain_search}; do printf " %s" "\${d}"; done; printf "\n") >> /etc/resolv.conf
|
2022-07-07 16:39:09 +02:00
|
|
|
[ -n "\${new_ip6_address}" ] && ip addr add \${new_ip6_address}/\${new_ip6_prefixlen} dev \${interface}
|
|
|
|
[ -n "\${new_dhcp6_name_servers}" ] && for d in \${new_dhcp6_name_servers}; do echo "nameserver \${d}%\${interface}" >> /etc/resolv.conf; done
|
|
|
|
[ -n "\${new_dhcp6_domain_search}" ] && (printf "search"; for d in \${new_dhcp6_domain_search}; do printf " %s" "\${d}"; done; printf "\n") >> /etc/resolv.conf
|
|
|
|
[ -n "\${new_host_name}" ] && hostname "\${new_host_name}"
|
|
|
|
exit 0
|
|
|
|
EOF
|
|
|
|
chmod 755 /sbin/dhclient-script
|
2022-09-12 20:56:22 +10:00
|
|
|
ln -s /bin /usr/bin
|
|
|
|
ln -s /run /var/run
|
2022-06-23 14:34:54 +02:00
|
|
|
:> /etc/fstab
|
2022-09-12 20:56:22 +10:00
|
|
|
|
2024-05-01 18:31:04 +10:00
|
|
|
# sshd via vsock
|
2022-09-12 20:56:22 +10:00
|
|
|
cat > /etc/passwd << EOF
|
|
|
|
root:x:0:0:root:/root:/bin/sh
|
|
|
|
sshd:x:100:100:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
|
|
|
|
EOF
|
|
|
|
cat > /etc/shadow << EOF
|
|
|
|
root:::0:99999:7:::
|
|
|
|
EOF
|
|
|
|
chmod 000 /etc/shadow
|
|
|
|
|
2024-05-01 18:31:04 +10:00
|
|
|
cat > /etc/ssh/sshd_config << EOF
|
|
|
|
Subsystem sftp internal-sftp
|
|
|
|
EOF
|
2022-09-12 20:56:22 +10:00
|
|
|
ssh-keygen -A
|
|
|
|
chmod 700 /root/.ssh
|
|
|
|
chmod 700 /run/sshd
|
|
|
|
# Alternative location for the priv separation dir
|
|
|
|
ln -s /run/sshd /usr/share/empty.sshd
|
|
|
|
|
|
|
|
cat > /root/.ssh/authorized_keys <<EOF
|
2022-09-23 17:55:10 +02:00
|
|
|
'"$(cat guest-key.pub 2>/dev/null || :)"'
|
2022-09-12 20:56:22 +10:00
|
|
|
EOF
|
|
|
|
chmod 600 /root/.ssh/authorized_keys
|
|
|
|
chmod 700 /root
|
|
|
|
socat VSOCK-LISTEN:22,fork EXEC:"sshd -i -e" 2> /var/log/vsock-ssh.log &
|
2022-06-23 14:34:54 +02:00
|
|
|
sh +m
|
2022-07-07 16:39:09 +02:00
|
|
|
'
|
2022-06-23 14:34:54 +02:00
|
|
|
|
|
|
|
OUTPUT="KERNEL=__KERNEL__
|
|
|
|
INITRD=__INITRD__
|
|
|
|
"
|