Compare commits
No commits in common. "ae52d4962a8f3015e88c06028ab981be33153e29" and "73fdc6b27a72394fbaaa2ff92fdbde3a422fd386" have entirely different histories.
ae52d4962a
...
73fdc6b27a
|
|
@ -56,7 +56,7 @@ usage () {
|
||||||
|
|
||||||
|
|
||||||
TYPE="${1}"
|
TYPE="${1}"
|
||||||
if [ "${TYPE}" = "" ] || [ "${TYPE}" = "--help" ] || [ "${TYPE}" = "-h" ]; then
|
if [ "${TYPE}" = "" || "${TYPE}" == "--help" || "${TYPE}" == "-h" ]; then
|
||||||
usage
|
usage
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,9 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# Remap all files uid/gid to a new range using fuidshift
|
# Remap all files uid/gid to a new range
|
||||||
#
|
|
||||||
# This is a wrapper around `fuidshift` from `lxd-tools` Debian package for my use-case of LVM based root disks.
|
|
||||||
#
|
#
|
||||||
|
# This is an inferior version of `fuidshift` from the `lxd-tools` Debian package, as it only handles uid/gid and
|
||||||
|
# doesn't handle ACLs and thus journalctl's files and by that hinders updating systemd inside the container. It's also
|
||||||
|
# quite slow.
|
||||||
|
|
||||||
usage () {
|
usage () {
|
||||||
echo "remap-uid-and-gid <container-name> [<target-lv>]"
|
echo "remap-uid-and-gid <container-name> [<target-lv>]"
|
||||||
|
|
@ -10,13 +11,8 @@ usage () {
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
if [ "$(which fuidshift)" = "" ]; then
|
|
||||||
echo "fuidshift binary not found. Please install lxd-tools package."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
CONTAINER_NAME="${1}"
|
CONTAINER_NAME="${1}"
|
||||||
if [ "${CONTAINER_NAME}" = "" ] || [ "${CONTAINER_NAME}" = "--help" ] || [ "${CONTAINER_NAME}" = "-h" ]; then
|
if [ "${CONTAINER_NAME}" = "" ]; then
|
||||||
usage
|
usage
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
@ -37,13 +33,39 @@ if mount | grep -qF " on /mnt"; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
mount "${TARGET_LV}" /mnt
|
mount "${TARGET_LV}" /mnt
|
||||||
|
cd /mnt
|
||||||
|
|
||||||
# we get e.g. lxc.idmap = u 0 1000000 65535 and want u:0:1000000:65535
|
ROOT_USER_ID=$(get-lxc-idmap-config u $CONTAINER_NAME | cut -d ' ' -f 5)
|
||||||
USER_NAMESPACE=$(get-lxc-idmap-config u $CONTAINER_NAME | sed -r -e 's/.*= (.*)/\1/' -e 's/ /:/g')
|
ROOT_GROUP_ID=$(get-lxc-idmap-config g $CONTAINER_NAME | cut -d ' ' -f 5)
|
||||||
GROUP_NAMESPACE=$(get-lxc-idmap-config g $CONTAINER_NAME | sed -r -e 's/.*= (.*)/\1/' -e 's/ /:/g')
|
|
||||||
|
|
||||||
printf "fuidshift %s %s %s\n" /mnt $USER_NAMESPACE $GROUP_NAMESPACE
|
printf "uid: %s gid: %s\n" $ROOT_USER_ID $ROOT_GROUP_ID
|
||||||
# fuidshift /mnt $USER_NAMESPACE $GROUP_NAMESPACE
|
|
||||||
|
# We ignore links here, because they might not point to a valid location and would make our program fail. They are also
|
||||||
|
# owned by whoever mounted the filesystem it seems, so don't need a chown.
|
||||||
|
find . -xdev -not -type l -printf "%U %G %p\n" | \
|
||||||
|
while read F; do
|
||||||
|
U=$(echo $F | cut -d ' ' -f 1)
|
||||||
|
if [ ${U} -lt ${ROOT_USER_ID} ] || [ ${U} -gt $(( ${ROOT_USER_ID} + 65535 )) ]; then
|
||||||
|
NEW_U=$(( ${U} + ${ROOT_USER_ID} ))
|
||||||
|
else
|
||||||
|
NEW_U=${U}
|
||||||
|
fi
|
||||||
|
|
||||||
|
G=$(echo $F | cut -d ' ' -f 2)
|
||||||
|
if [ ${G} -lt ${ROOT_GROUP_ID} ] || [ ${G} -gt $(( ${ROOT_GROUP_ID} + 65535 )) ]; then
|
||||||
|
NEW_G=$(( ${G} + ${ROOT_GROUP_ID} ))
|
||||||
|
else
|
||||||
|
NEW_G=${G}
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "${U}" = "${NEW_U}" ] && [ "${G}" = "${NEW_G}" ]; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
P=$(echo $F | cut -d ' ' -f 3-)
|
||||||
|
printf "chown %s:%s %s\n" ${NEW_U} ${NEW_G} "${P}"
|
||||||
|
# chown ${NEW_U}:${NEW_G} "${P}"
|
||||||
|
done
|
||||||
|
|
||||||
cd /
|
cd /
|
||||||
umount /mnt
|
umount /mnt
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue