Mirror/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-07-21 10:15:12 +03:00
Code Issues Wiki Activity
aports/community/lxcfs/lxcfs.initd
Dominique Martinet e4a5012ac8 community/lxcfs: modprobe requires -a for multiple modules 
'modprobe fuse autofs4' will pass autofs4 as an argument to fuse
module loading, which is not what was intended here.
Using modprobe with -a properly loads both modules, or skips if
they were built-in, and fails if one of those was neither
built-in nor a module.

Not actually using lxc so not tested, found by manually looking at the
PR looking at autofs or fuse: both actually should be loaded
automatically by the kernel when a pre-created device is opened,
but alpine does not seem to have a way of pre-creating such devices,
so keeping the modprobe here.

Link: https://github.com/alpinelinux/aports/pull/4991
2023-02-28 06:53:30 +00:00

135 lines
2.7 KiB
Bash
Raw Blame History

#!/sbin/openrc-run
# Init script for lxcfs
# Copyright (C) 2016 Stuart Cardall
# Licensed under the terms of the GPL2
DAEMON=/usr/bin/lxcfs
PIDFILE=/run/lxcfs.pid
VARDIR=/var/lib/lxcfs
RUNDIR=/run/lxcfs
MAPPER=/usr/bin/uidmapshift
description="FUSE filesystem for LXC unprivileged containers"
description_setup="Setup unprivileged container permissions"
description_info="Unprivileged container config file settings"
extra_commands="setup info"
depend() {
before lxc
}
start_pre() {
checkpath --directory ${VARDIR}
modprobe -a fuse autofs4
}
find_perms() {
local file= path= tmp=
for file in subuid subgid; do
path=/etc/$file
if [ -f $path ]; then
tmp=$(root_id $path 2)
if [ -n "$tmp" ]; then
tmp=$(echo $tmp | tr -cd '[:digit:]')
PERMS="$PERMS $tmp"
else
create_id $file
fi
else
create_id $file
fi
done
PERMS=$(echo $PERMS | sed 's| |:|')
}
create_id() {
einfo "Creating $1 for root: /etc/$1"
echo "root:100000:65537" >> /etc/$1
PERMS="$PERMS 100000"
}
root_id() {
grep ^root $1 | cut -d':' -f $2
}
find_lxc_path() {
local lxc_path=
lxc_path=$(grep ^lxc.lxcpath /etc/lxc/lxc.conf 2>/dev/null)
lxc_path=${lxc_path#*=}
lxc_path=${lxc_path:-/var/lib/lxc}
echo $lxc_path
}
dir_perms() {
local subgid=$(root_id /etc/subgid 2)
# set permissions to allow unprivileged services to run
einfo "Setting Mode 755 & root:root => $1/rootfs"
chmod 755 $1/rootfs
chown root:root $1/rootfs
einfo "Setting Mode 750 & root:$subgid => $1"
chmod 750 $1
chown root:$subgid $1
}
info() {
cat > /tmp/lxc.fs <<EOF
### unprivileged container config #############################
lxc.include = /usr/share/lxc/config/common.conf.d/00-lxcfs.conf
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
###############################################################
EOF
cat /tmp/lxc.fs
}
setup() {
# only needs to be run once on a container
# set unprivileged containers in conf.d
local ctr= subuid= range= path= ctr_list=
find_perms
subuid=$(root_id /etc/subuid 2)
range=$(root_id /etc/subuid 3)
path=$(find_lxc_path)
if [ "${UNPRIV}" = "all" ]; then
ctr_list="$(lxc-ls)"
else
ctr_list=${UNPRIV}
fi
for ctr in $ctr_list; do
einfo "Mapping user permissions in container: $ctr"
${MAPPER} -b $path/$ctr/rootfs 0 $subuid $range
dir_perms "$path/$ctr"
done
}
start() {
ebegin "Starting lxcfs"
find_perms
start-stop-daemon --start \
--pidfile ${PIDFILE} \
--exec ${DAEMON} \
--background \
--make-pidfile \
-- \
-f -o allow_other ${VARDIR}
# sometimes reboots are too fast
until [ -d ${RUNDIR} ]; do
usleep 50000
done
chown -R ${PERMS} ${RUNDIR}
eend $?
}
stop() {
ebegin "Stopping lxcfs"
start-stop-daemon --stop --exec ${DAEMON} --pidfile ${PIDFILE} --signal KILL
umount ${VARDIR}
eend $?
}
Reference in a new issue View git blame Copy permalink