lxc-debian-userns: Handle uid-mapping with lxc-create
lxc-create will pass "--mapped-uid" and "--mapped-gid" into the template, if there's an "lxc.idmap" option in the config file. We now support getting these parameters as options. Since an "lxc.idmap" option in the config makes lxc-create already change the userns, we cannot support it. Therefore, we error out if we see these options. Instead, we write the "lxc.idmap" options ourselves based on the "--uidmap" and "--gidmap" options passed by the user.
This commit is contained in:
parent
b5243aaa2b
commit
73fdc6b27a
|
@ -64,7 +64,7 @@ parse_args() {
|
||||||
prog="${0}"
|
prog="${0}"
|
||||||
shift
|
shift
|
||||||
|
|
||||||
options=$(getopt -o h -l help,path:,name:,rootfs:,mirror:,security-mirror:,auth-key:,release:,uidmap:,gidmap: -- "${@}")
|
options=$(getopt -o h -l help,path:,name:,rootfs:,mirror:,security-mirror:,auth-key:,release:,uidmap:,gidmap:,mapped-uid:,mapped-gid: -- "${@}")
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
usage "${prog}"
|
usage "${prog}"
|
||||||
exit 1
|
exit 1
|
||||||
|
@ -86,6 +86,8 @@ parse_args() {
|
||||||
--auth-key) auth_key=${2}; shift 2;;
|
--auth-key) auth_key=${2}; shift 2;;
|
||||||
--uidmap) uidmap=${2}; shift 2;;
|
--uidmap) uidmap=${2}; shift 2;;
|
||||||
--gidmap) gidmap=${2}; shift 2;;
|
--gidmap) gidmap=${2}; shift 2;;
|
||||||
|
--mapped-uid) echo "Cannot run with lxc.idmap set in config. Use --uidmap/--gidmap template options instead."; exit 1; shift 2;;
|
||||||
|
--mapped-gid) echo "Cannot run with lxc.idmap set in config. Use --uidmap/--gidmap template options instead."; exit 1; shift 2;;
|
||||||
*) echo "programming error: found unknown opt ${1}"; exit 1; break;;
|
*) echo "programming error: found unknown opt ${1}"; exit 1; break;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
@ -143,6 +145,13 @@ install_debian() (
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
write_userns_to_config() (
|
||||||
|
# uses $path, $uidmap, $gidmap
|
||||||
|
printf "lxc.idmap = %s\n" "$(printf "%s" "${uidmap}" | tr ':' ' ')" >> "${path}/config"
|
||||||
|
printf "lxc.idmap = %s\n" "$(printf "%s" "${gidmap}" | tr ':' ' ')" >> "${path}/config"
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
parse_args "${0}" "${@}"
|
parse_args "${0}" "${@}"
|
||||||
|
|
||||||
check_required_binary "${0}" mmdebstrap || exit 1
|
check_required_binary "${0}" mmdebstrap || exit 1
|
||||||
|
@ -151,3 +160,5 @@ check_required_binary "${0}" lxc-usernsexec || exit 1
|
||||||
chown_mountpoint || exit 1
|
chown_mountpoint || exit 1
|
||||||
|
|
||||||
install_debian
|
install_debian
|
||||||
|
|
||||||
|
write_userns_to_config
|
||||||
|
|
Loading…
Reference in New Issue