lxc-debian-userns: Handle uid-mapping with lxc-create

lxc-create will pass "--mapped-uid" and "--mapped-gid" into the
template, if there's an "lxc.idmap" option in the config file. We now
support getting these parameters as options.

Since an "lxc.idmap" option in the config makes lxc-create already
change the userns, we cannot support it. Therefore, we error out if we
see these options. Instead, we write the "lxc.idmap" options ourselves
based on the "--uidmap" and "--gidmap" options passed by the user.
This commit is contained in:
MasterofJOKers 2023-03-08 00:29:02 +01:00
parent b5243aaa2b
commit 73fdc6b27a
1 changed files with 12 additions and 1 deletions

View File

@ -64,7 +64,7 @@ parse_args() {
prog="${0}" prog="${0}"
shift shift
options=$(getopt -o h -l help,path:,name:,rootfs:,mirror:,security-mirror:,auth-key:,release:,uidmap:,gidmap: -- "${@}") options=$(getopt -o h -l help,path:,name:,rootfs:,mirror:,security-mirror:,auth-key:,release:,uidmap:,gidmap:,mapped-uid:,mapped-gid: -- "${@}")
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
usage "${prog}" usage "${prog}"
exit 1 exit 1
@ -86,6 +86,8 @@ parse_args() {
--auth-key) auth_key=${2}; shift 2;; --auth-key) auth_key=${2}; shift 2;;
--uidmap) uidmap=${2}; shift 2;; --uidmap) uidmap=${2}; shift 2;;
--gidmap) gidmap=${2}; shift 2;; --gidmap) gidmap=${2}; shift 2;;
--mapped-uid) echo "Cannot run with lxc.idmap set in config. Use --uidmap/--gidmap template options instead."; exit 1; shift 2;;
--mapped-gid) echo "Cannot run with lxc.idmap set in config. Use --uidmap/--gidmap template options instead."; exit 1; shift 2;;
*) echo "programming error: found unknown opt ${1}"; exit 1; break;; *) echo "programming error: found unknown opt ${1}"; exit 1; break;;
esac esac
done done
@ -143,6 +145,13 @@ install_debian() (
) )
write_userns_to_config() (
# uses $path, $uidmap, $gidmap
printf "lxc.idmap = %s\n" "$(printf "%s" "${uidmap}" | tr ':' ' ')" >> "${path}/config"
printf "lxc.idmap = %s\n" "$(printf "%s" "${gidmap}" | tr ':' ' ')" >> "${path}/config"
)
parse_args "${0}" "${@}" parse_args "${0}" "${@}"
check_required_binary "${0}" mmdebstrap || exit 1 check_required_binary "${0}" mmdebstrap || exit 1
@ -151,3 +160,5 @@ check_required_binary "${0}" lxc-usernsexec || exit 1
chown_mountpoint || exit 1 chown_mountpoint || exit 1
install_debian install_debian
write_userns_to_config