Run the entry point as root:root

A subsequent commit will add a new command to configure a toolbox container after it has been created. This command is meant to be the container's entry point, and will need to do things as root:root relative to the user namespace. Even though root:root is the default in 'podman create', explicitly specifying it overrides any other value inherited from the user-specific customized image. eg., older images had $USER as the default user. https://github.com/debarshiray/toolbox/pull/160
2019-05-14 15:16:21 +02:00 · 2019-05-14 15:16:21 +02:00 · f74400f450
commit f74400f450
parent fd08a98bd9
1 changed files with 7 additions and 2 deletions
--- a/9
+++ b/9
@ -382,6 +382,7 @@ copy_etc_profile_d_toolbox_to_container()
    echo "$base_toolbox_command: looking for /etc/profile.d/toolbox.sh in container $toolbox_container" >&3

    if $prefix_sudo podman exec \
+               --user "$USER" \
               "$container" \
               sh -c 'mount | grep /etc/profile.d/toolbox.sh >/dev/null 2>/dev/null' 2>&3; then
        echo "$base_toolbox_command: /etc/profile.d/toolbox.sh already mounted in container $toolbox_container" >&3
@ -936,7 +937,7 @@ create()
            --uidmap "$user_id_real":0:1 \
            --uidmap 0:1:"$user_id_real" \
            --uidmap "$uid_plus_one":"$uid_plus_one":"$max_minus_uid" \
-            --user "$USER" \
+            --user root:root \
            $kcm_socket_bind \
            $toolbox_path_bind \
            $toolbox_profile_bind \
@ -1094,7 +1095,10 @@ run()
    echo "$base_toolbox_command: looking for $program in container $toolbox_container" >&3

    # shellcheck disable=SC2016
-    if ! $prefix_sudo podman exec "$toolbox_container" sh -c 'command -v "$1"' sh "$program" >/dev/null 2>&3; then
+    if ! $prefix_sudo podman exec \
+                 --user "$USER" \
+                 "$toolbox_container" \
+                 sh -c 'command -v "$1"' sh "$program" >/dev/null 2>&3; then
        if $fallback_to_bash; then
            echo "$base_toolbox_command: $program not found in $toolbox_container; using /bin/bash instead" >&3
            program=/bin/bash
@ -1116,6 +1120,7 @@ run()
    $prefix_sudo podman exec \
            --interactive \
            --tty \
+            --user "$USER" \
            $set_environment \
            "$toolbox_container" \
            capsh --caps="" -- -c 'cd "$1"; shift; exec "$@"' /bin/sh "$PWD" "$program" "$@" 2>&3