News aggregator

Steve Kemp: I've not commented on security for a while

Planet HantsLUG - Tue, 22/04/2014 - 22:14

Unless you've been living under a rock, or in a tent (which would make me slightly jealous) you'll have heard about the recent heartbleed attack many times by now.

The upshot of that attack is that lots of noise was made about hardening things, and there is now a new fork of openssl being developed. Many people have commented about "hardening Debian" in particular, as well as random musing on hardening software. One or two brave souls have even made noises about auditing code.

Once upon a time I tried to setup a project to audit Debian software. You can still see the Debian Security Audit Project webpages if you look hard enough for them.

What did I learn? There are tons of easy security bugs, but finding the hard ones is hard.

(If you get bored some time just pick your favourite Editor, which will be emacs, and look how /tmp is abused during the build-process or in random libraries such as tramp [ tramp-uudecode].)

These days I still poke at source code, and I still report bugs, but my enthusiasm has waned considerably. I tend to only commit to auditing a package if it is a new one I install in production, which limits my efforts considerably, but makes me feel like I'm not taking steps into the dark. It looks like I reported only three security isseus this year, and before that you have to go down to 2011 to find something I bothered to document.

What would I do if I had copious free time? I wouldn't audit code. Instead I'd write test-cases for code.

Many many large projects have rudimentary test-cases at best, and zero coverage at worse. I appreciate writing test-cases is hard, because lots of times it is hard to test things "for real". For example I once wrote a filesystem, using FUSE, there are some built-in unit-tests (I was pretty pleased with that, you could lauch the filesystem with a --test argument and it would invoke the unit-tests on itself. No separate steps, or source code required. If it was installed you could use it and you could test it in-situ). Beyond that I also put together a simple filesystem-stress script, which read/wrote/found random files, computes MD5 hashes of contents, etc. I've since seen similar random-filesystem-stresstest projects, and if they existed then I'd have used them. Testing filesystems is hard.

I've written kernel modules that have only a single implicit test case: It compiles. (OK that's harsh, I'd usually ensure the kernel didn't die when they were inserted, and that a new node in /dev appeared ;)

I've written a mail client, and beyond some trivial test-cases to prove my MIME-handling wasn't horrifically bad there are zero tests. How do you simulate all the mail that people will get, and the funky things they'll do with it?

But that said I'd suggest if you're keen, if you're eager, if you want internet-points, writing test-cases/test-harnesses would be more useful than randomly auditing source code.

Still what would I know, I don't even have a beard..

Categories: LUG Community Blogs

Ubuntu LTSP Video

Planet SurreyLUG - Tue, 22/04/2014 - 15:15

Thought this was an excellent video introduction to LTSP.


Categories: LUG Community Blogs

Adam Trickett: Bog Roll: Hardware Score Card

Planet HantsLUG - Tue, 22/04/2014 - 11:40

Over the years I've had quite a few computers, starting with a Commodore 64 which was an "out of box failure" and had to be replaced straight away.

The next computer I bought was a Dell that had zero defects on delivery, zero defects within it's 3 year warranty and zero defects after that - to the best of my knowledge it's still working if I were to take it out of storage and boot it up!

Next came a Dell laptop (re-manufactured) that had zero faults on delivery, zero faults within it's warranty period but since then the bezel has cracked and there are three dead pixels on the screen. Again like the desktop it's still working today many years after it finished active service.

Then we have a pair of Digital Networks UK desktops (one that I'm using today). Zero faults on delivery, both Iiyama displays failed with the three year warranty and the DVD-ROM on one died and its power-supply has been swapped long after the warranty expired.

Next I have another Digital Networks UK desktop (used as a server), it's had a power-supply fail under warranty, and after the warranty period: one hard disk; the power-supply and the case fan have had to be replaced. It's also been somewhat prone to overheating under full load most of it's life.

Finally I have a Novatech laptop, which had a dead batter shortly after the end of the it's one year warranty period. Which I should have realised by law that it should have been a two year warranty and as such should still have been a warranty swap... Otherwise the laptop has and is still fine.

Categories: LUG Community Blogs

Debian Bits: Debian welcomes its 2014 GSoC students!

Planet HantsLUG - Tue, 22/04/2014 - 10:39

We're excited to announce that 19 students have been selected to work with Debian during the Google Summer of Code this year!

Here is the list of accepted students and projects:

As always, you will be able to follow their progress on the SoC coordination mailing-list

Congratulations to all the students and let's make sure we all have an amazing summer!

Categories: LUG Community Blogs

Debian Bits: Debian welcomes its 2014 GSoC students!

Planet HantsLUG - Tue, 22/04/2014 - 10:00

We're excited to announce that 19 students have been selected to work with Debian during the Google Summer of Code this year!

Here is the list of accepted students and projects:

As always, you will be able to follow their progress on the SoC coordination mailing-list

Congratulations to all the students and let's make sure we all have an amazing summer!

Categories: LUG Community Blogs

Steve Kemp: I was beaten to the punch, but felt nothing

Planet HantsLUG - Sat, 19/04/2014 - 20:03

A while back I mented github-backed DNS hosting.

Turns out NameCast.net does that already, and there is an interesting writeup on the design of something similar, from the same authors in 2009.

Fun to read.

In other news applying for jobs is a painful annoyance.

Should anybody wish to employ an Edinburgh-based system administrator, with a good Debian record, then please do shout at me. Remote work is an option, as is a local office, if you're nearby.

Now I need to go hide from the sun, lest I get burned again...

Good news? Going on holiday to Helsinki in a week or so, for Vappu. Anybody local who wants me should feel free to grab me, via the appropriate channels.

Categories: LUG Community Blogs

Jono Bacon: Ubuntu 14.04 Is Out!

Planet WolvesLUG - Thu, 17/04/2014 - 23:58

My apologies in advance for the shorter blog post about this, but like many other Ubuntu folks, I am absolutely exhausted right now. Everyone, across the board, has been working their collective socks off to make Ubuntu 14.04 LTS a fantastic release on desktop, server, and cloud, and pull together our next iteration of Ubuntu for smart-phones and tablets. Consequently, when the trigger is pulled to share our final product with the world, release day is often less of a blistering and energetic woo-hoo, but more of an exhausted but satisfying oh-yeah (complete with beer firmly clenched in hand).

I am hugely proud of this release. The last six months have arguably been our busiest yet. No longer are we just working on desktop and server editions of Ubuntu, but we are building for the cloud and full convergence across the client. No longer are we “just” pulling together the fruits of upstream software projects but we are building our own platform too; the Ubuntu SDK, developer eco-system, charm store, image-based updates, push notifications, app lifecycle, and more. While the work has been intense and at times frantic, it has always been measured and carefully executed. Much of this has been thanks to many of our most under-thanked people; the members of our tremendous QA and CI teams.

Today, tomorrow, and for weeks to come our users, the press, the industry, and others will assess our work in Ubuntu 14.04 across these different platforms, and I am very confident they will love what they see. Ubuntu 14.04 embodies the true spirit of Ubuntu; innovation, openness, and people.

But as we wait to see the reviews let’s take a moment for each other. Now is a great time to reach out to each other and those Ubuntu folks you know (and don’t know) and share some kudos, some thanks, and some great stories. Until we get to the day where machines make software, today software is made by people and great software is built by great people.

Thanks everyone for every ounce of effort you fed into Ubuntu and our many flavors. We just took another big leap forward towards our future.

Categories: LUG Community Blogs

Adam Trickett: Bog Roll: New Boxes

Planet HantsLUG - Thu, 17/04/2014 - 12:13

At long last I've decided. I've ordered a shiny new DNUK Deskstar, desktop PC to replace my current DNUK Workstar system which has reached the end of it's useful life as a front line system. The new box is at least four times better in every respect: it has four cores compared with one; 8 GiB of RAM instead of 2 GiB; ten times the hard-disk capacity (which is also faster) and a solid state drive; hardware virtualisation and a drastically superior graphics card. It's also a Intel based system, all my previous DNUK boxes have had AMD processors. It will cost more money than the system it replaces, but a system of similar price (accepting inflation) would not have been sufficiently faster or balanced to make it worth buying.

I've also started the process of migrating this server off the current Bytemark virtual server onto their new BigV platform. The new system is faster, more scalable and slightly cheaper. It also allows me a pain-free upgrade to the latest version of Debian.

Categories: LUG Community Blogs

Dick Turpin: Hi-Spec

Planet WolvesLUG - Thu, 17/04/2014 - 10:51
Customer: "I need a Hi-Spec laptop something really stable for our business."
Me: "Well we have another customer who is in your line of work, I supplied them yesterday with one for just under £2K"
Customer: "Yes, the Director was thinking about £1K"
Me: "OK let me get a quote together for that and the other work you want doing."

A few minutes later.

Customer: "The budget for the laptop is £600.00."

And would you like me to throw in a box of crayons, some play-doh and a painting by numbers book? Hi-Spec pfffft
Categories: LUG Community Blogs

Mick Morgan: nsa operation orchestra

Planet ALUG - Wed, 16/04/2014 - 22:30

In February of this year, Poul-Henning Kamp (a.k.a “PHK”) gave what now looks to be a peculiarly prescient presentation as the closing keynote to 2014′s FOSDEM.

In the presentation (PDF), PHK posits an NSA operation called ORCHESTRA which is designed to undermine internet security through a series of “disinformation” or “misinformation”, or “misdirection” sub operations. ORCHESTRA is intended to be cheap, non-technical, completely deniable, but effective. One of the opening slides gives ORCHESTRA’s “operation at a glance” overview as:

* Objective:
- Reduce cost of COMINT collection
* Scope:
- All above board
- No special authorizations
* Means:
- Eliminate/reduce/prevent encryption
- Enable access
- Frustrate players

PHK delivers the presentation as if he were a mid-ranking NSA staffer intending to brief NATO in Brussels. But “being American, he ends up [at FOSDEM] instead”. The truly scary part of this presentation is that it could all be completely true.

What makes the presentation so timely is his commentary on openssl. Watch it and weep.

Categories: LUG Community Blogs

Mick Morgan: more heartbleed

Planet ALUG - Wed, 16/04/2014 - 12:04

For any readers uncertain of exactly how the heartbleed vulberability in openssl might be exploitable, Sean Cassidy over at existential type has a good explanation.

And if you find that difficult to follow, Randall Munroe over at xkcd covers it quite nicely.

My thanks, and appreciation as always, to a great artist.

Of course, Randall foresaw this problem back in 2008 when he published his take on the debian openssl fiasco.

Categories: LUG Community Blogs

Mick Morgan: pulitzer guardian

Planet ALUG - Wed, 16/04/2014 - 11:42

The Guardian and the Washington Post have been jointly awarded the Pulitzer prize for public service for their reporting of Edward Snowden’s whistleblowing on the NSA’s surveillance activities.

The Guardian reports:

The Pulitzer committee praised the Guardian for its “revelation of widespread secret surveillance by the National Security Agency, helping through aggressive reporting to spark a debate about the relationship between the government and the public over issues of security and privacy”.

Unfortunately that debate seems to be taking place in the USA rather than in the UK.

In typical Guardian style, one correspondent to today’s letters page says:

Congratulations to all. Can’t wait for the film. All the President’s Men II? Johnny Depp as Alan Rusbridger?

I’d pay to see that. But I’m not sure how it ends yet.

Categories: LUG Community Blogs

Martin Wimpress: BIP IRC proxy

Planet HantsLUG - Wed, 16/04/2014 - 07:07

BIP is an IRC proxy that maintains a persistent connection(s) to a list of IRC channels. You can then point your IRC client to BIP each time you log in and playback the conversations that took place while you were away.

I've found bBIP to be so useful that I now maintain BIP for Arch Linux, although I now run my BIP proxy on Debian because my new VPS provider doesn't offer Arch Linux as an option.

Installing BIP

Installing BIP is simple for both Arch Linux and Debian.

Debian

I run BIP on Debian Wheezy with the backport repository enabled.

sudo apt-get -t wheezy-backports install bip sudo sed -i 's/ENABLED=0/ENABLED=1/' /etc/default/bip Arch Linux pacman -S bip systemctl enable bip Create a user

The next thing to do is create a username and password and BIP provides it's own utility for doing this called bipmkpw. Replace 'username' with whatever you want your BIP 'username' to be. This name has no relation to any IRC usernames so it can be anything.

bipmkpw username

Enter a password when prompted. The password will then be output as a hash. Make a note of both the hashed and un-hashed values somewhere, you will need them later.

Create a certificate

We don't want the username and password being sent as clear-text, so we will create an SSL certificate for BIP to use.

openssl req -new -newkey rsa:4096 -nodes -x509 -keyout bip.pem -out bip.pem

Move the certificate to /var/lib/bip

sudo mv bip.pem /var/lib/bip

Change ownership and permissions of the certificate to the user bip which was created automatically when the package was installed.

sudo chown bip:bip /var/lib/bip/bip.pem sudo chmod 600 /var/lib/bip/bip.pem Configure BIP

Here is example configuration for BIP. Copy it to /etc/bip.conf, modify it accordingly and then change the ownership and permissions.

sudo chown bip:bip /etc/bip.conf sudo chmod 640 /etc/bip.conf Example configuration # bip default config file. # Thou shoult change thy password ip = "0.0.0.0"; # To connect a client to bip, try the port below, and # be sure to set the password to the value # specified in the network you want to connect to. port = 7778; # If you set this to true, you'll only be able to connect to bip # with a SSL capable IRC client. Be sure to generate a certificate # for bip with 'make cert' client_side_ssl = true; log_level = 3; pid_file="/var/run/bip/bip.pid"; # This is where logs go. Channel and private messages will use that # configuration value as a prefix, and then log_format to determine # full log filename. log_root = "/var/log/bip/"; # Log format allows you to make log filenames depend on the log line's # attributes. Here's a list : # %u -> user name # %n -> network name # %Y -> 4 digit year # %m -> 2 digit month # %d -> 2 digit day # %c -> destination (#chan, privates, ...) #log_format = "%n/%Y-%m/%c.%d.log"; # Sets the frequency (in seconds) of log syncing (real write to kernel) #log_sync_interval = 5; # Makes bip send the log of each channel and privates while # you were not connected to the proxy upon connection. backlog = true; # enable backlog backlog_lines = 0; # number of lines in backlog, 0 means no limit backlog_always = false; # backlog even lines already backlogged # If blreset_on_talk talking on an irc network has the same effect of issuing # /bip blreset, meaning that stuffed logged before the command won't be read # back on backlog blreset_on_talk = true; # Network definition, a name and server info network { name = "freenode"; server { host = "chat.freenode.net"; port = 6667; }; }; network { name = "blitzed"; server { host = "irc.blitzed.org"; port = 6667; }; }; # Configuration example with one user who connects to two irc networks # To use the multi-server feature: # - define the connections # - chose and setup a different login for each connection # on your irc client: # - Use the multi server feature of your client, the server being each time # the server where bip is running. In your client setup server password to: # username:password:connectionname # - do not store the password in clear here, use the bipmkpw util to generate # a hash # User structure is grouping information for a given user user { # The name in bip of the user # This is used by bip only name = "USERNAME; #BIP User account created with bipmkpw password = "00000000000000000000000000000000000000"; # the hash bipmkpw created ssl_check_mode = "none"; # These will be the default for each connections default_nick = "NICKNAME"; #IRC Nick default_user = "IRCUSERNAME"; #IRC User default_realname = "REALNAME"; #IRC Real Name admin = true; backlog_msg_only = true; # When true, # A user can have mutiple connections to irc networks. # define a connection: connection { name = "freenode"; # used by bip only network = "freenode"; # which ircnet to connect to # these will be sent to the real IRC server user = "IRCUSERNAME"; realname = "IRCREALNAME"; password = "serverpassword"; #can be commented out if not needed # Some options: follow_nick = true; ignore_first_nick = false; #on_connect_send = "PRIVMSG NickServ :IDENTIFY nspassword"; # Autojoined channels: channel { name = "#cat"; }; # Join #cat channel { name = "#dog"; backlog = false; }; # Join #dog but don't backlog it. channel { name = "#pig"; key = "01nk01nk"; }; # Join #pig that has a password. }; connection { name = "blitzed"; # used by bip only network = "blitzed"; # which ircnet to connect to # these will be sent to the real IRC server user = "IRCUSERNAME"; realname = "IRCREALNAME"; password = "serverpassword"; #can be commented out if not needed # Some options: follow_nick = true; ignore_first_nick = false; #on_connect_send = "PRIVMSG NickServ :IDENTIFY nspassword"; # Autojoined channels: channel { name = "#bar"; }; channel { name = "#foo"; }; }; };

If you require any clarification about what the configuration options do then man bip.conf is your friend.

Start BIP

Now that BIP is configured, it can be started.

Debian sudo /etc/init.d/bip start Arch Linux sudo systemctl start bip Client configuration

I use HexChat, but other IRC clients are available. I add a new Network to HexChat for each of the IRC networks I defined in /etc/bip.conf. The screen shot below shows how I configure a BIP network in HexChat.

Password format

The Password is the most important and confusing item. This is for BIP, not for any IRC network. Remember the unhashed password? That goes here but with a twist. The format for the password is:

bipusername:unhashedbippassword:bipnetwork

Bipnetwork? What is that? It is from the following section of /etc/bip.conf on the server?

network { name = "freenode"; server { host = "chat.freenode.net"; port = 6667; }; };

A more practical example:

myuser:S3cr3tP@$$w0rd:freenode Conclusion

And that's it! We are now perpetually connected to IRC, can connect to BIP proxy from multiple devices in a completely transparent and seamless manner. Moreover, the logs for all channels are saved and automatically rotated on the server.

If you looking for an alternative to BIP, then try ZNC.

References

Categories: LUG Community Blogs

Mick Morgan: boot and nuke no more

Planet ALUG - Tue, 15/04/2014 - 19:54

I was contacted recently by a guy called Andy Beverley who wrote:

Hope you don’t mind me contacting you about one of your old blog posts “what gives with dban”. Thought I’d let you know that I forked DBAN a while ago, and produced a standalone program (called nwipe) that will run on any Linux OS. That means it will work with any Live CD, meaning much better hardware support.

It’s included in PartedMagic, as well as most other popular distros.

“No I don’t mind at all” is my response. In fact, since DBAN seems to be borked permanently, it is nice to see an alternative out there.

Andy’s nwipe page says that he could do with some assistance. So if anyone feels able to help him out, give him a call.

Categories: LUG Community Blogs

Andy Smith: On attempting to become a customer of Metro Bank

Planet HantsLUG - Tue, 15/04/2014 - 12:51

On the morning of Saturday 12th April 2014 I visited the Kingston Upon Thames store of Metro Bank in an attempt to open a current account.

The store was open — they are open 7 days a week — but largely empty. There was a single member of staff visible, sat down at a desk with a customer.

I walked up to a deserted front desk and heard footsteps behind me. I turned to be greeted by that same member of staff who had obviously spotted I was looking a bit lost and come to greet me. He apologised that no one had greeted me, introduced himself, asked my name and what he could help me with. After explaining that I wanted to open a current account he said that someone would be with me very soon.

Within a few seconds another member of staff greeted me and asked me to come over to her desk. So far so good.

As she started to take my details I could see she was having problems with her computer. She kept saying it was so slow and made various other inaudible curses under her breath. She took my passport and said she was going to scan it, but from what I could see she merely photcopied it. Having no joy with her computer she said that she would fill in paper forms and proceeded to ask me for all of my details, writing them down on the forms. Her writing was probably neater than mine but this kind of dictation was rather tedious and to be quite honest I’d rather have done it myself.

This process took at least half an hour. I was rather disappointed as all their marketing boasts of same day quick online setup, get your bank details and debit card same day and so on.

Finally she went back to her computer, and then said, “oh dear, it’s come back saying it needs head office approval, so we won’t be able to open this right now. Would you be available to come back later today?”

“No, I’m busy for the rest of the day. To be honest I was expecting all this to be done online as I’m not really into visiting banks even if they are open 7 days a week…”

“Oh that’s alright, once it’s sorted out we should be able to post all the things to you.”

“Right.”

“This hardly ever happens. I don’t know why it’s happened. Even if I knew I wouldn’t be able to tell you. It’s rare but I have to wait for head office to approve the account.”

As she went off to sort something else out I overheard the conversation between the customer and staff member on the next table. He was telling the customer how his savings account couldn’t be opened today because it needed head office approval and it was very rare that this would happen.

I left feeling I had not achieved very much, but hopeful that it might get sorted out soon. It wasn’t a very encouraging start to my relationship with Metro Bank.

It’s now Tuesday 15th April, three days after my application was made or two working days, and I haven’t had any further communication from Metro Bank so I have no idea if my account is ever going to be opened. I don’t really have any motivation to chase them up. If I don’t hear soon then I’ll just go somewhere else.

I suppose in theory a bank branch that is open 7 days a week might be useful for technophobes who don’t use the Internet, but if the bank’s systems don’t work then all you’ve achieved is to have a large high street box full of people employed to tell you that everything is broken. Until 8pm seven days a week.

Update 2014-04-15 15:30: After contact on twitter, the Local Director of the Kingston branch called me to apologise and assure me that he is looking into the matter.

About 15 minutes later he called back to explain, roughly:

The reason the account was not approved on the day is that I’ve only been in my current address for 7 months, so none of the proofs of address would have been accepted. Under normal circumstances it is apparently possible to open an account with just a passport. If not then the head office approval or rejection should happen within 24 hours, but their systems are running a bit slowly. Someone should have called me to let me know this, but this did not happen. Apparently approval did in fact come through today – I am told someone was due to call me today with the news that my account has been opened. I should receive the card and cheque book tomorrow.

I’m glad this was so quickly resolved. I’m looking forward to using my account and hopefully everything will be smoother now.

Categories: LUG Community Blogs

Martin Wimpress: LXC on Arch Linux

Planet HantsLUG - Tue, 15/04/2014 - 02:44

At some point last year I was experimenting with Linux Containers (LXC) on Arch Linux. I never finished the blog post but somehow it was briefly published and then unplublished. I have no idea how accurate this blog post is but someone did see it and bookmarked it. They recently emailed me to ask where the blog has disappeared to, so here it is in all its unfinished glory.

Install LXC sudo pacman -Syy --needed --noconfirm arch-install-scripts bridge-utils lxc netctl netctl Bridge

The guest containers will connect to the LAN via a bridged network deviced.

sudo nano /etc/netctl/bridge

Add the following.

Description="Bridge" Interface=br0 Connection=bridge BindsToInterfaces=(eth0) IP=dhcp ## sets forward delay time FwdDelay=0 ## sets max age of hello message #MaxAge=10

Enable and start the bridge.

sudo netctl enable bridge sudo netctl start bridge Creating Containers

I'm only interetsed in running Arch Linux or Debian containers.

Container Configurations

Each container should have a matching configuration file, they look something like this.

lxc.arch = i686 lxc.utsname = myhostname lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 lxc.network.ipv4 = 0.0.0.0 lxc.network.name = eth0
  • lxc.arch Architecture for the container, valid options are x86, i686, x86_64, amd64.
  • lxc.utsman Container name, should also be used when naming the configuration file
  • lxc_network.type Type of network virtualization to be used for the container. The option veth defines a peer network device. It is created with one side assigned to the container and the other side is attached to a bridge by the lxc.network.link option.
  • lxc_network.flags Network actions. The value up in this case activates the network.
  • lxc.network.link Host network interface to be used for the container.
  • lxc.network.ipv4 IPv4 address assigned to the virtualized interface. Use the address 0.0.0.0 to make use of DHCP. Use lxc.network.ipv6 if you need IPv6 support.
  • lxc.network.name Dynamically allocated interface name. This option will rename the interface in the container.

More example files can be found in /usr/share/doc/lxc/examples/. Find details about all options via man lxc.conf.

Arch Linux sudo lxc-create -t archlinux -n arch-01 -f ~/arch-01.conf -- --packages netctl

I am unable to get DHCP to work for a Arch Linux LXC container, therefore my dirty hack is to alway use a statis IP address in the netctl profile. There is also a bug (#35715) was helpful in narrowing down the problem, but wasn't the solution in my case. Use /var/lib/lxc/CONTAIN_NAME/rootfs/etc/netctl/example/ethernet-static as a template.

sudo cp /var/lib/lxc/CONTAIN_NAME/rootfs/etc/netctl/example/ethernet-static /var/lib/lxc/CONTAIN_NAME/rootfs/etc/netctl/static

Modify /var/lib/lxc/CONTAIN_NAME/rootfs/etc/netctl/static accordingly. Now create a hook, with the same name as the netctl profile.

sudo nano /var/lib/lxc/CONTAIN_NAME/rootfs/etc/netctl/hooks/static

Add the following.

1 2 3 4 5 6#!/usr/bin/env bash if [[ $(systemd-detect-virt) != none ]]; then BindsToInterfaces=() ForceConnect=yes fi

Start the container and enable the netctl profile.

netctl enable static netctl start static Debian Containers.

Install debobootstrap and dpkg so that Debian containers can be created.

packer -S --noedit dpkg debootstrap Squeeze

Create a Debian container, squeeze is the default.

sudo lxc-create -t debian -n squeeze-01 -f ~/squeeze-01.conf

Change the root password.

chroot /var/lib/lxc/squeeze/rootfs/ passwd Wheezy

Much the same as the Squeeze exaple above but use the following template.

Using containers

Start a container

sudo lxc-start -d -n CONTAINER_NAME

Connect to the container and log in:

sudo lxc-console -n CONTAINER_NAME

To halt a container cleanly by the containers initv-system:

sudo lxc-halt -n CONTAINER_NAME

Stop and remove your container always with the two steps:

sudo lxc-stop -n CONTAINER_NAME sudo lxc-destroy -n CONTAINER_NAME References
Categories: LUG Community Blogs
Syndicate content