[lxc-devel] [lxc/master] template: oci template supports for char user info
ssup2 on Github
lxc-bot at linuxcontainers.org
Fri Sep 21 07:40:56 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 438 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180921/7ca32314/attachment.bin>
-------------- next part --------------
From 6ce4d826de57c53cf0de23504d01116aa567afaf Mon Sep 17 00:00:00 2001
From: Jungsub Shin <supsup5642 at gmail.com>
Date: Fri, 21 Sep 2018 15:29:37 +0900
Subject: [PATCH] template: oci template supports for char user info
oci template changes character user info to uid, gid
according to OCI image spec.
Signed-off-by: Jungsub Shin jungsub_shin at tmax.co.kr
---
templates/lxc-oci.in | 41 +++++++++++++++++++++++++++++------------
1 file changed, 29 insertions(+), 12 deletions(-)
diff --git a/templates/lxc-oci.in b/templates/lxc-oci.in
index 2ce1a9385..c8da3a03e 100644
--- a/templates/lxc-oci.in
+++ b/templates/lxc-oci.in
@@ -129,23 +129,40 @@ getenv() {
return
}
-# FIXME 1: only support numerical values in the configuration file.
-# FIXME 2: from the OCI image spec: "If group/gid is not specified,
-# the default group and supplementary groups of the given user/uid in
-# /etc/passwd from the container are applied."
-getuidgid() {
- if [ "$#" -eq 0 ]; then
- echo "0 0"
- return
+# check var is decimal.
+isdecimal() {
+ var="$1"
+ if [ "${var}" -eq "${var}" ] 2> /dev/null; then
+ return 0
+ else
+ return 1
fi
+}
+# get uid, gid from oci image.
+getuidgid() {
configpath="$1"
+ rootpath="$2"
+ passwdpath="${rootpath}/etc/passwd"
+ grouppath="${rootpath}/etc/group"
- uidgid=$(jq -c -r '.config.User // "0:0"' < "${configpath}")
+ usergroup=$(jq -c -r '.config.User' < "${configpath}")
# shellcheck disable=SC2039
- uidgid=(${uidgid//:/ })
+ usergroup=(${usergroup//:/ })
+
+ user=${usergroup[0]:-0}
+ if ! isdecimal "${user}" && [ -f ${passwdpath} ]; then
+ user=$(grep "^${user}:" "${passwdpath}" | awk -F: '{print $3}')
+ fi
+
+ group=${usergroup[1]:-}
+ if [ -z "${group}" ] && [ -f "${passwdpath}" ]; then
+ group=$(grep "^[^:]*:[^:]*:${user}:" "${passwdpath}" | awk -F: '{print $4}')
+ elif ! isdecimal "${group}" && [ -f "${grouppath}" ]; then
+ group=$(grep "^${group}:" "${grouppath}" | awk -F: '{print $3}')
+ fi
- printf '%d %d' "${uidgid[0]:-0}" "${uidgid[1]:-0}" 2>/dev/null || true
+ echo "${user:-0} ${group:-0}"
return
}
@@ -364,7 +381,7 @@ ff02::2 ip6-allrouters
EOF
# shellcheck disable=SC2039
-uidgid=($(getuidgid "${OCI_CONF_FILE}"))
+uidgid=($(getuidgid "${OCI_CONF_FILE}" "${LXC_ROOTFS}" ))
# shellcheck disable=SC2039
echo "lxc.init.uid = ${uidgid[0]}" >> "${LXC_CONF_FILE}"
# shellcheck disable=SC2039
More information about the lxc-devel
mailing list