[lxc-devel] [lxc/master] lxc-oci misc improvements

[flx42 on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20171209/9fe89aa7/attachment.bin>
-------------- next part --------------
From b31040ff278790c107c12fec88ad288cdf42c729 Mon Sep 17 00:00:00 2001
From: Felix Abecassis <fabecassis at nvidia.com>
Date: Fri, 8 Dec 2017 16:58:08 -0800
Subject: [PATCH 1/3] lxc-oci: add basic handling of numerical uid/gid values

---
 templates/lxc-oci.in | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/templates/lxc-oci.in b/templates/lxc-oci.in
index 5bd8edbf4..a213f7d56 100755
--- a/templates/lxc-oci.in
+++ b/templates/lxc-oci.in
@@ -121,6 +121,25 @@ getenv() {
 	return
 }
 
+# FIXME 1: only support numerical values in the configuration file.
+# FIXME 2: from the OCI image spec: "If group/gid is not specified,
+# the default group and supplementary groups of the given user/uid in
+# /etc/passwd from the container are applied."
+getuidgid() {
+	if [ "$#" -eq 0 ]; then
+		echo "0 0"
+		return
+	fi
+
+	configpath="$1"
+
+	uidgid=`cat "${configpath}" | jq -c -r '.config.User // "0:0"'`
+	uidgid=(${uidgid//:/ })
+
+	printf '%d %d' ${uidgid[0]:-0} ${uidgid[1]:-0} 2>/dev/null || true
+	return
+}
+
 usage() {
     cat <<EOF
 LXC container template for OCI images
@@ -291,6 +310,10 @@ cat <<EOF > ${LXC_ROOTFS}/etc/hosts
 127.0.1.1   ${LXC_NAME}
 EOF
 
+uidgid=($(getuidgid ${OCI_CONF_FILE}))
+echo "lxc.init.uid = ${uidgid[0]}" >> "${LXC_CONF_FILE}"
+echo "lxc.init.gid = ${uidgid[1]}" >> "${LXC_CONF_FILE}"
+
 if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
     chown $LXC_MAPPED_UID $LXC_PATH/config $LXC_PATH/fstab >/dev/null 2>&1 || true
 fi

From 21514a74b44bfed519703a5e2e7231eda5454b12 Mon Sep 17 00:00:00 2001
From: Felix Abecassis <fabecassis at nvidia.com>
Date: Fri, 8 Dec 2017 16:58:41 -0800
Subject: [PATCH 2/3] lxc-oci: add IPv6 support to /etc/hosts

Signed-off-by: Felix Abecassis <fabecassis at nvidia.com>
---
 templates/lxc-oci.in | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/templates/lxc-oci.in b/templates/lxc-oci.in
index a213f7d56..3348745a0 100755
--- a/templates/lxc-oci.in
+++ b/templates/lxc-oci.in
@@ -308,6 +308,11 @@ EOF
 cat <<EOF > ${LXC_ROOTFS}/etc/hosts
 127.0.0.1   localhost
 127.0.1.1   ${LXC_NAME}
+::1     localhost ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
 EOF
 
 uidgid=($(getuidgid ${OCI_CONF_FILE}))

From cae6c0ff311a6eaa79e136829d6c87cc197046ba Mon Sep 17 00:00:00 2001
From: Felix Abecassis <fabecassis at nvidia.com>
Date: Fri, 8 Dec 2017 17:13:01 -0800
Subject: [PATCH 3/3] lxc-oci: add support for WorkingDir

Signed-off-by: Felix Abecassis <fabecassis at nvidia.com>
---
 templates/lxc-oci.in | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/templates/lxc-oci.in b/templates/lxc-oci.in
index 3348745a0..875adaafa 100755
--- a/templates/lxc-oci.in
+++ b/templates/lxc-oci.in
@@ -140,6 +140,20 @@ getuidgid() {
 	return
 }
 
+getcwd() {
+	if [ "$#" -eq 0 ]; then
+		echo "/"
+		return
+	fi
+
+	configpath="$1"
+
+	cwd=`cat "${configpath}" | jq -c -r '.config.WorkingDir // "/"'`
+
+	echo "${cwd}"
+	return
+}
+
 usage() {
     cat <<EOF
 LXC container template for OCI images
@@ -319,6 +333,9 @@ uidgid=($(getuidgid ${OCI_CONF_FILE}))
 echo "lxc.init.uid = ${uidgid[0]}" >> "${LXC_CONF_FILE}"
 echo "lxc.init.gid = ${uidgid[1]}" >> "${LXC_CONF_FILE}"
 
+cwd=$(getcwd ${OCI_CONF_FILE})
+echo "lxc.init.cwd = ${cwd}" >> "${LXC_CONF_FILE}"
+
 if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
     chown $LXC_MAPPED_UID $LXC_PATH/config $LXC_PATH/fstab >/dev/null 2>&1 || true
 fi