lxc 1.0.10-0ubuntu1.1 / usr / bin / lxc-checkconfig

This file is indexed.

/usr/bin/lxc-checkconfig is in lxc 1.0.10-0ubuntu1.1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
#!/bin/sh

# Allow environment variables to override config
: ${CONFIG:=/proc/config.gz}
: ${MODNAME:=configs}

CAT="cat"

if [ -t 1 ]; then
    SETCOLOR_SUCCESS="printf \\033[1;32m"
    SETCOLOR_FAILURE="printf \\033[1;31m"
    SETCOLOR_WARNING="printf \\033[1;33m"
    SETCOLOR_NORMAL="printf \\033[0;39m"
else
    SETCOLOR_SUCCESS=":"
    SETCOLOR_FAILURE=":"
    SETCOLOR_WARNING=":"
    SETCOLOR_NORMAL=":"
fi

is_set() {
    $CAT $CONFIG | grep "$1=[y|m]" > /dev/null
    return $?
}

is_enabled() {
    mandatory=$2

    is_set $1
    RES=$?

    if [ $RES -eq 0 ]; then
        $SETCOLOR_SUCCESS && echo "enabled" && $SETCOLOR_NORMAL
    else
        if [ ! -z "$mandatory" ] && [ "$mandatory" = yes ]; then
            $SETCOLOR_FAILURE && echo "required" && $SETCOLOR_NORMAL
        else
            $SETCOLOR_WARNING && echo "missing" && $SETCOLOR_NORMAL
        fi
    fi
}

if [ ! -f $CONFIG ]; then
    echo "Kernel configuration not found at $CONFIG; searching..."
    KVER="`uname -r`"
    HEADERS_CONFIG="/lib/modules/$KVER/build/.config"
    BOOT_CONFIG="/boot/config-$KVER"
    [ -f "${HEADERS_CONFIG}" ] && CONFIG=${HEADERS_CONFIG}
    [ -f "${BOOT_CONFIG}" ] && CONFIG=${BOOT_CONFIG}
    if [ ! -f "$CONFIG" ]; then
        MODULEFILE=$(modinfo -k $KVER -n $MODNAME 2> /dev/null)
        # don't want to modprobe, so give user a hint
        # although scripts/extract-ikconfig could be used to extract contents without loading kernel module
        # http://svn.pld-linux.org/trac/svn/browser/geninitrd/trunk/geninitrd?rev=12696#L327
    fi
    if [ ! -f $CONFIG ]; then
        echo "$(basename $0): unable to retrieve kernel configuration" >&2
        echo >&2
        if [ -f "$MODULEFILE" ]; then
            echo "Try modprobe $MODNAME module, or" >&2
        fi
        echo "Try recompiling with IKCONFIG_PROC, installing the kernel headers," >&2
        echo "or specifying the kernel configuration path with:" >&2
        echo "  CONFIG=<path> $(basename $0)" >&2
        exit 1
    else
        echo "Kernel configuration found at $CONFIG"
    fi
fi

if gunzip -tq < $CONFIG 2>/dev/null; then
    CAT="zcat"
fi

echo "--- Namespaces ---"
echo -n "Namespaces: " && is_enabled CONFIG_NAMESPACES yes
echo -n "Utsname namespace: " && is_enabled CONFIG_UTS_NS
echo -n "Ipc namespace: " && is_enabled CONFIG_IPC_NS yes
echo -n "Pid namespace: " && is_enabled CONFIG_PID_NS yes
echo -n "User namespace: " && is_enabled CONFIG_USER_NS
if is_set CONFIG_USER_NS; then
	if type newuidmap > /dev/null 2>&1; then
		f=`type -P newuidmap`
		if [ ! -u "${f}" ]; then
			echo "Warning: newuidmap is not setuid-root"
		fi
	else
		echo "newuidmap is not installed"
	fi
	if type newgidmap > /dev/null 2>&1; then
		f=`type -P newgidmap`
		if [ ! -u "${f}" ]; then
			echo "Warning: newgidmap is not setuid-root"
		fi
	else
		echo "newgidmap is not installed"
	fi
fi
echo -n "Network namespace: " && is_enabled CONFIG_NET_NS
echo -n "Multiple /dev/pts instances: " && is_enabled DEVPTS_MULTIPLE_INSTANCES
echo
echo "--- Control groups ---"

print_cgroups() {
  # print all mountpoints for cgroup filesystems
  awk '$1 !~ /#/ && $3 == mp { print $2; } ; END { exit(0); } '  "mp=$1" "$2" ;
}

CGROUP_MNT_PATH=`print_cgroups cgroup /proc/self/mounts | head -n 1`
KVER_MAJOR=$($CAT $CONFIG | grep '^# Linux.*Kernel Configuration' | \
    sed -r 's/.* ([0-9])\.[0-9]{1,2}\.[0-9]{1,3}.*/\1/')
if [ "$KVER_MAJOR" = "2" ]; then
KVER_MINOR=$($CAT $CONFIG | grep '^# Linux.*Kernel Configuration' | \
    sed -r 's/.* 2.6.([0-9]{2}).*/\1/')
else
KVER_MINOR=$($CAT $CONFIG | grep '^# Linux.*Kernel Configuration' | \
    sed -r 's/.* [0-9]\.([0-9]{1,3})\.[0-9]{1,3}.*/\1/')
fi

echo -n "Cgroup: " && is_enabled CONFIG_CGROUPS yes

if [ -f $CGROUP_MNT_PATH/cgroup.clone_children ]; then
    echo -n "Cgroup clone_children flag: " &&
    $SETCOLOR_SUCCESS && echo "enabled" && $SETCOLOR_NORMAL
else
    echo -n "Cgroup namespace: " && is_enabled CONFIG_CGROUP_NS yes
fi
echo -n "Cgroup device: " && is_enabled CONFIG_CGROUP_DEVICE
echo -n "Cgroup sched: " && is_enabled CONFIG_CGROUP_SCHED
echo -n "Cgroup cpu account: " && is_enabled CONFIG_CGROUP_CPUACCT
echo -n "Cgroup memory controller: "
if ([ $KVER_MAJOR -ge 3 ] && [ $KVER_MINOR -ge 6 ]) || ([ $KVER_MAJOR -gt 3 ]); then
    is_enabled CONFIG_MEMCG
else
    is_enabled CONFIG_CGROUP_MEM_RES_CTLR
fi
is_set CONFIG_SMP && echo -n "Cgroup cpuset: " && is_enabled CONFIG_CPUSETS
echo
echo "--- Misc ---"
echo -n "Veth pair device: " && is_enabled CONFIG_VETH
echo -n "Macvlan: " && is_enabled CONFIG_MACVLAN
echo -n "Vlan: " && is_enabled CONFIG_VLAN_8021Q
echo -n "Bridges: " && is_enabled CONFIG_BRIDGE
echo -n "Advanced netfilter: " && is_enabled CONFIG_NETFILTER_ADVANCED
echo -n "CONFIG_NF_NAT_IPV4: " && is_enabled CONFIG_NF_NAT_IPV4
echo -n "CONFIG_NF_NAT_IPV6: " && is_enabled CONFIG_NF_NAT_IPV6
echo -n "CONFIG_IP_NF_TARGET_MASQUERADE: " && is_enabled CONFIG_IP_NF_TARGET_MASQUERADE
echo -n "CONFIG_IP6_NF_TARGET_MASQUERADE: " && is_enabled CONFIG_IP6_NF_TARGET_MASQUERADE
echo -n "CONFIG_NETFILTER_XT_TARGET_CHECKSUM: " && is_enabled CONFIG_NETFILTER_XT_TARGET_CHECKSUM

echo
echo "--- Checkpoint/Restore ---"
echo -n "checkpoint restore: " && is_enabled CONFIG_CHECKPOINT_RESTORE
echo -n "CONFIG_FHANDLE: " && is_enabled CONFIG_FHANDLE
echo -n "CONFIG_EVENTFD: " && is_enabled CONFIG_EVENTFD
echo -n "CONFIG_EPOLL: " && is_enabled CONFIG_EPOLL
echo -n "CONFIG_UNIX_DIAG: " && is_enabled CONFIG_UNIX_DIAG
echo -n "CONFIG_INET_DIAG: " && is_enabled CONFIG_INET_DIAG
echo -n "CONFIG_PACKET_DIAG: " && is_enabled CONFIG_PACKET_DIAG
echo -n "CONFIG_NETLINK_DIAG: " && is_enabled CONFIG_NETLINK_DIAG

echo -n "File capabilities: " && \
    ( [ "${KVER_MAJOR}" = 2 ] && [ ${KVER_MINOR} -lt 33 ] && \
       is_enabled CONFIG_SECURITY_FILE_CAPABILITIES ) || \
    ( ( [ "${KVER_MAJOR}" = "2" ] && [ ${KVER_MINOR} -gt 32 ] ) || \
         [ ${KVER_MAJOR} -gt 2 ] && $SETCOLOR_SUCCESS && \
         echo "enabled" && $SETCOLOR_NORMAL )

echo
echo "Note : Before booting a new kernel, you can check its configuration"
echo "usage : CONFIG=/path/to/config $0"
echo

APT Browse - Built by Thomas Orozco.