wbrawner/toolbox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Run the entry point as root:root

Browse source 
A subsequent commit will add a new command to configure a toolbox
container after it has been created. This command is meant to be the
container's entry point, and will need to do things as root:root
relative to the user namespace.

Even though root:root is the default in 'podman create', explicitly
specifying it overrides any other value inherited from the
user-specific customized image. eg., older images had $USER as the
default user.

https://github.com/debarshiray/toolbox/pull/160
This commit is contained in:
Debarshi Ray 2019-05-14 15:16:21 +02:00
parent fd08a98bd9
commit f74400f450
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
toolbox
View file

@ -382,6 +382,7 @@ copy_etc_profile_d_toolbox_to_container()
echo "$base_toolbox_command: looking for /etc/profile.d/toolbox.sh in container $toolbox_container" >&3 echo "$base_toolbox_command: looking for /etc/profile.d/toolbox.sh in container $toolbox_container" >&3
if $prefix_sudo podman exec \ if $prefix_sudo podman exec \
--user "$USER" \
"$container" \ "$container" \
sh -c 'mount | grep /etc/profile.d/toolbox.sh >/dev/null 2>/dev/null' 2>&3; then sh -c 'mount | grep /etc/profile.d/toolbox.sh >/dev/null 2>/dev/null' 2>&3; then
echo "$base_toolbox_command: /etc/profile.d/toolbox.sh already mounted in container $toolbox_container" >&3 echo "$base_toolbox_command: /etc/profile.d/toolbox.sh already mounted in container $toolbox_container" >&3
@ -936,7 +937,7 @@ create()
--uidmap "$user_id_real":0:1 \ --uidmap "$user_id_real":0:1 \
--uidmap 0:1:"$user_id_real" \ --uidmap 0:1:"$user_id_real" \
--uidmap "$uid_plus_one":"$uid_plus_one":"$max_minus_uid" \ --uidmap "$uid_plus_one":"$uid_plus_one":"$max_minus_uid" \
--user "$USER" \ --user root:root \
$kcm_socket_bind \ $kcm_socket_bind \
$toolbox_path_bind \ $toolbox_path_bind \
$toolbox_profile_bind \ $toolbox_profile_bind \
@ -1094,7 +1095,10 @@ run()
echo "$base_toolbox_command: looking for $program in container $toolbox_container" >&3 echo "$base_toolbox_command: looking for $program in container $toolbox_container" >&3
# shellcheck disable=SC2016 # shellcheck disable=SC2016
if ! $prefix_sudo podman exec "$toolbox_container" sh -c 'command -v "$1"' sh "$program" >/dev/null 2>&3; then if ! $prefix_sudo podman exec \
--user "$USER" \
"$toolbox_container" \
sh -c 'command -v "$1"' sh "$program" >/dev/null 2>&3; then
if $fallback_to_bash; then if $fallback_to_bash; then
echo "$base_toolbox_command: $program not found in $toolbox_container; using /bin/bash instead" >&3 echo "$base_toolbox_command: $program not found in $toolbox_container; using /bin/bash instead" >&3
program=/bin/bash program=/bin/bash
@ -1116,6 +1120,7 @@ run()
$prefix_sudo podman exec \ $prefix_sudo podman exec \
--interactive \ --interactive \
--tty \ --tty \
--user "$USER" \
$set_environment \ $set_environment \
"$toolbox_container" \ "$toolbox_container" \
capsh --caps="" -- -c 'cd "$1"; shift; exec "$@"' /bin/sh "$PWD" "$program" "$@" 2>&3 capsh --caps="" -- -c 'cd "$1"; shift; exec "$@"' /bin/sh "$PWD" "$program" "$@" 2>&3