From e6fc134111c8fc207f0e1a75974a1e1a4d5a3bff Mon Sep 17 00:00:00 2001
From: Jan Pazdziora <jpazdziora@redhat.com>
Date: Wed, 17 Feb 2016 17:43:23 +0100
Subject: [PATCH] Using container-ipa.target to better isolate from the default
 .wants.

---
 Dockerfile                                | 19 +++++++++++++------
 container-ipa.target                      |  6 ++++++
 ipa-server-configure-first.service        |  2 +-
 ipa-server-update-self-ip-address.service |  2 +-
 ipa-server-upgrade.service                |  2 +-
 5 files changed, 22 insertions(+), 9 deletions(-)
 create mode 100644 container-ipa.target

diff --git a/Dockerfile b/Dockerfile
index dbff9cbd..5cdb40a4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,18 +9,27 @@ RUN patch /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py < /ro
 
 # Workaround https://fedorahosted.org/spin-kickstarts/ticket/60
 RUN [ -L /etc/systemd/system/syslog.service ] && ! [ -f /etc/systemd/system/syslog.service ] && rm -f /etc/systemd/system/syslog.service
-RUN for d in systemd/system tmpfiles.d ; do ( cd /etc/$d && grep -R -L '\.include /usr/lib/systemd/system' | while read i ; do rm -f /usr/lib/$d/$i ; mkdir -p $( dirname /usr/lib/$d/$i ) ; mv -v $i /usr/lib/$d/$i ; done ) ; done
-RUN ( cd /etc/systemd/system && find . -name '*.service' | while read i ; do mkdir -p /usr/lib/systemd/system/$i.d && mv $i /usr/lib/systemd/system/$i.d/abc.conf && sed -i '\|include /usr/lib/systemd/system|d' /usr/lib/systemd/system/$i.d/abc.conf ; done )
+
+RUN echo 'd0a98590c74bfe36af0ce006f7b25fa60246aecb /etc/tmpfiles.d/opendnssec.conf' | sha1sum --quiet -c && mv -v /etc/tmpfiles.d/opendnssec.conf /usr/lib/tmpfiles.d/opendnssec.conf
+RUN echo '0b6f62258de66f74328b0cf45cc937fae6a30e62 /etc/systemd/system/dbus.service' | sha1sum --quiet -c && rm -vf /etc/systemd/system/dbus.service
+RUN echo '5a70f1f3db0608c156d5b6629d4cbc3b304fc045 /etc/systemd/system/sssd.service.d/journal.conf' | sha1sum --quiet -c && rm -vf /etc/systemd/system/sssd.service.d/journal.conf
+RUN find /etc/systemd/system/* '!' -name '*.wants' | xargs rm -rvf
+RUN for i in basic.target sysinit.target network.service netconsole.service ; do rm -f /usr/lib/systemd/system/$i && ln -s /dev/null /usr/lib/systemd/system/$i ; done
 
 RUN echo LANG=C > /etc/locale.conf
 
-RUN for i in swap.target local-fs.target rhel-autorelabel-mark.service systemd-update-done.service rpcbind.socket rhel-dmesg.service systemd-user-sessions.service network.service rhsmcertd.service proc-fs-nfsd.mount nfs-config.service nfs-client.target systemd-hwdb-update.service ldconfig.service slices.target dnf-makecache.service dnf-makecache.timer fedora-autorelabel-mark.service named.service auditd.service ; do rm -f /usr/lib/systemd/system/$i && ln -s /dev/null /usr/lib/systemd/system/$i ; done
 RUN /sbin/ldconfig -X
 
 COPY init-data ipa-server-configure-first ipa-server-status-check exit-with-status ipa-volume-upgrade-* /usr/sbin/
 RUN chmod -v +x /usr/sbin/init-data /usr/sbin/ipa-server-configure-first /usr/sbin/ipa-server-status-check /usr/sbin/exit-with-status /usr/sbin/ipa-volume-upgrade-*
-COPY ipa-server-configure-first.service ipa-server-upgrade.service ipa-server-update-self-ip-address.service /usr/lib/systemd/system/
+COPY container-ipa.target ipa-server-configure-first.service ipa-server-upgrade.service ipa-server-update-self-ip-address.service /usr/lib/systemd/system/
+RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
+	&& mkdir /etc/systemd/system/container-ipa.target.wants \
+	&& ln -s /etc/systemd/system/container-ipa.target.wants /etc/systemd/system/multi-user.target.wants
+
+RUN systemctl set-default container-ipa.target
 RUN systemctl enable ipa-server-configure-first.service
+
 RUN mkdir -p /usr/lib/systemd/system/systemd-poweroff.service.d && ( echo '[Service]' ; echo 'ExecStartPre=/usr/bin/systemctl switch-root /usr /sbin/exit-with-status' ) > /usr/lib/systemd/system/systemd-poweroff.service.d/exit-via-chroot.conf
 
 RUN groupadd -g 389 dirsrv ; useradd -u 389 -g 389 -c 'DS System User' -d '/var/lib/dirsrv' --no-create-home -s '/sbin/nologin' dirsrv
@@ -40,8 +49,6 @@ RUN for i in /usr/lib/systemd/system/*-domainname.service ; do sed -i 's#^ExecSt
 
 RUN sed -i 's/^UUID=/# UUID=/' /etc/fstab
 
-RUN rm -f /etc/rc.d/init.d/netconsole
-
 ENV container docker
 
 EXPOSE 53/udp 53 80 443 389 636 88 464 88/udp 464/udp 123/udp 7389 9443 9444 9445
diff --git a/container-ipa.target b/container-ipa.target
new file mode 100644
index 00000000..c8538814
--- /dev/null
+++ b/container-ipa.target
@@ -0,0 +1,6 @@
+[Unit]
+Description=Minimal target for containerized FreeIPA server
+DefaultDependencies=false
+AllowIsolate=yes
+Requires=systemd-tmpfiles-setup.service systemd-journald.service dbus.service
+After=systemd-tmpfiles-setup.service systemd-journald.service dbus.service
diff --git a/ipa-server-configure-first.service b/ipa-server-configure-first.service
index 0e333158..b6bd86a7 100644
--- a/ipa-server-configure-first.service
+++ b/ipa-server-configure-first.service
@@ -8,4 +8,4 @@ ExecStartPost=/usr/sbin/ipa-server-status-check
 FailureAction=poweroff
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=container-ipa.target
diff --git a/ipa-server-update-self-ip-address.service b/ipa-server-update-self-ip-address.service
index 00dee86d..1d565dac 100644
--- a/ipa-server-update-self-ip-address.service
+++ b/ipa-server-update-self-ip-address.service
@@ -9,4 +9,4 @@ Type=oneshot
 ExecStart=/usr/sbin/ipa-server-configure-first update-self-ip-address
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=container-ipa.target
diff --git a/ipa-server-upgrade.service b/ipa-server-upgrade.service
index fc889e70..0f40ed39 100644
--- a/ipa-server-upgrade.service
+++ b/ipa-server-upgrade.service
@@ -9,4 +9,4 @@ ExecStartPost=/usr/sbin/ipa-server-status-check
 FailureAction=poweroff
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=container-ipa.target