joker
/
script-dump
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

lxc: Move remap-uid-and-gid-for-lv to fuidshift

Browse Source 
Instead of my custom-baked implementation, that doesn't support
file system ACLs and is quite slow, we switch to `fuidshift` from the
`lxd-tools` Debian package.
main
MasterofJOKers 10 months ago
parent ec3618d5f7
commit ae52d4962a
1 changed files with 14 additions and 48 deletions
Show Stats Download Patch File Download Diff File

62
lxc/remap-uid-and-gid-for-lv
Unescape View File

@ -1,9 +1,8 @@
#!/bin/sh
# Remap all files uid/gid to a new range
# Remap all files uid/gid to a new range using fuidshift
#
# This is a wrapper around `fuidshift` from `lxd-tools` Debian package for my use-case of LVM based root disks.
#
# This is an inferior version of `fuidshift` from the `lxd-tools` Debian package, as it only handles uid/gid and
# doesn't handle ACLs and thus journalctl's files and by that hinders updating systemd inside the container. It's also
# quite slow.
usage () {
echo "remap-uid-and-gid <container-name> [<target-lv>]"
@ -11,8 +10,13 @@ usage () {
exit 1
}
if [ "$(which fuidshift)" = "" ]; then
echo "fuidshift binary not found. Please install lxd-tools package."
exit 1
fi
CONTAINER_NAME="${1}"
if [ "${CONTAINER_NAME}" = "" ]; then
if [ "${CONTAINER_NAME}" = "" ] || [ "${CONTAINER_NAME}" = "--help" ] || [ "${CONTAINER_NAME}" = "-h" ]; then
usage
fi
@ -33,51 +37,13 @@ if mount | grep -qF " on /mnt"; then
fi
mount "${TARGET_LV}" /mnt
cd /mnt
ROOT_USER_ID=$(get-lxc-idmap-config u $CONTAINER_NAME | cut -d ' ' -f 5)
ROOT_GROUP_ID=$(get-lxc-idmap-config g $CONTAINER_NAME | cut -d ' ' -f 5)
printf "uid: %s gid: %s\n" $ROOT_USER_ID $ROOT_GROUP_ID
# We ignore links here, because they might not point to a valid location and would make our program fail. They are also
# owned by whoever mounted the filesystem it seems, so don't need a chown.
# Funny enough, the above statement is not true. I see symlinks in the container that are not owned by a valid user
# inside the container ...
# chown
# -h, --no-dereference
# affect symbolic links instead of any referenced file (useful only on systems
# that can change the ownership of a symlink)
#
# --from=CURRENT_OWNER:CURRENT_GROUP
# change the owner and/or group of each file only if its current owner and/or
# group match those specified here. Either may be omitted, in which case a
# match is not required for the omitted attribute
#
find . -xdev -printf "%U %G %p\n" | \
while read F; do
U=$(echo $F | cut -d ' ' -f 1)
if [ ${U} -lt ${ROOT_USER_ID} ] || [ ${U} -gt $(( ${ROOT_USER_ID} + 65535 )) ]; then
NEW_U=$(( ${U} + ${ROOT_USER_ID} ))
else
NEW_U=${U}
fi
G=$(echo $F | cut -d ' ' -f 2)
if [ ${G} -lt ${ROOT_GROUP_ID} ] || [ ${G} -gt $(( ${ROOT_GROUP_ID} + 65535 )) ]; then
NEW_G=$(( ${G} + ${ROOT_GROUP_ID} ))
else
NEW_G=${G}
fi
if [ "${U}" = "${NEW_U}" ] && [ "${G}" = "${NEW_G}" ]; then
continue
fi
# we get e.g. lxc.idmap = u 0 1000000 65535 and want u:0:1000000:65535
USER_NAMESPACE=$(get-lxc-idmap-config u $CONTAINER_NAME | sed -r -e 's/.*= (.*)/\1/' -e 's/ /:/g')
GROUP_NAMESPACE=$(get-lxc-idmap-config g $CONTAINER_NAME | sed -r -e 's/.*= (.*)/\1/' -e 's/ /:/g')
P=$(echo $F | cut -d ' ' -f 3-)
printf "chown --no-dereference %s:%s %s\n" ${NEW_U} ${NEW_G} "${P}"
# chown --no-dereference ${NEW_U}:${NEW_G} "${P}"
done
printf "fuidshift %s %s %s\n" /mnt $USER_NAMESPACE $GROUP_NAMESPACE
# fuidshift /mnt $USER_NAMESPACE $GROUP_NAMESPACE
cd /
umount /mnt

Write Preview
Loading…
Cancel
Save