[lxc-devel] [lxc/master] template: oci template supports for char user info

ssup2 on Github lxc-bot at linuxcontainers.org
Fri Sep 21 07:40:56 UTC 2018


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 438 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180921/7ca32314/attachment.bin>
-------------- next part --------------
From 6ce4d826de57c53cf0de23504d01116aa567afaf Mon Sep 17 00:00:00 2001
From: Jungsub Shin <supsup5642 at gmail.com>
Date: Fri, 21 Sep 2018 15:29:37 +0900
Subject: [PATCH] template: oci template supports for char user info

oci template changes character user info to uid, gid
according to OCI image spec.

Signed-off-by: Jungsub Shin jungsub_shin at tmax.co.kr
---
 templates/lxc-oci.in | 41 +++++++++++++++++++++++++++++------------
 1 file changed, 29 insertions(+), 12 deletions(-)

diff --git a/templates/lxc-oci.in b/templates/lxc-oci.in
index 2ce1a9385..c8da3a03e 100644
--- a/templates/lxc-oci.in
+++ b/templates/lxc-oci.in
@@ -129,23 +129,40 @@ getenv() {
   return
 }
 
-# FIXME 1: only support numerical values in the configuration file.
-# FIXME 2: from the OCI image spec: "If group/gid is not specified,
-# the default group and supplementary groups of the given user/uid in
-# /etc/passwd from the container are applied."
-getuidgid() {
-  if [ "$#" -eq 0 ]; then
-    echo "0 0"
-    return
+# check var is decimal.
+isdecimal() {
+  var="$1"
+  if [ "${var}" -eq "${var}" ] 2> /dev/null; then
+    return 0
+  else 
+    return 1
   fi
+}
 
+# get uid, gid from oci image.
+getuidgid() {
   configpath="$1"
+  rootpath="$2"
+  passwdpath="${rootpath}/etc/passwd"
+  grouppath="${rootpath}/etc/group"
 
-  uidgid=$(jq -c -r '.config.User // "0:0"' < "${configpath}")
+  usergroup=$(jq -c -r '.config.User' < "${configpath}")
   # shellcheck disable=SC2039
-  uidgid=(${uidgid//:/ })
+  usergroup=(${usergroup//:/ })
+
+  user=${usergroup[0]:-0}
+  if ! isdecimal "${user}" && [ -f ${passwdpath} ]; then
+    user=$(grep "^${user}:" "${passwdpath}" | awk -F: '{print $3}')
+  fi
+
+  group=${usergroup[1]:-}
+  if [ -z "${group}" ] && [ -f "${passwdpath}" ]; then
+    group=$(grep "^[^:]*:[^:]*:${user}:" "${passwdpath}" | awk -F: '{print $4}')
+  elif ! isdecimal "${group}" && [ -f "${grouppath}" ]; then
+    group=$(grep "^${group}:" "${grouppath}" | awk -F: '{print $3}')
+  fi
 
-  printf '%d %d' "${uidgid[0]:-0}" "${uidgid[1]:-0}" 2>/dev/null || true
+  echo "${user:-0} ${group:-0}"
   return
 }
 
@@ -364,7 +381,7 @@ ff02::2 ip6-allrouters
 EOF
 
 # shellcheck disable=SC2039
-uidgid=($(getuidgid "${OCI_CONF_FILE}"))
+uidgid=($(getuidgid "${OCI_CONF_FILE}" "${LXC_ROOTFS}" ))
 # shellcheck disable=SC2039
 echo "lxc.init.uid = ${uidgid[0]}" >> "${LXC_CONF_FILE}"
 # shellcheck disable=SC2039


More information about the lxc-devel mailing list