[OpenWrt-Devel] [PATCH packages] lxc: add lxc-unprivileged helper package for unprivileged containers
Rafał Miłecki
zajec5 at gmail.com
Tue Dec 5 11:17:18 EST 2017
From: Rafał Miłecki <rafal at milecki.pl>
LXC requires newuidmap and newguidmap with SUID to run unprivileged
containers. This package should help users make sure they are available.
Signed-off-by: Rafał Miłecki <rafal at milecki.pl>
---
utils/lxc/Makefile | 17 +++++++++++++++++
utils/lxc/files/lxc-unprivileged.defaults | 4 ++++
2 files changed, 21 insertions(+)
create mode 100644 utils/lxc/files/lxc-unprivileged.defaults
diff --git a/utils/lxc/Makefile b/utils/lxc/Makefile
index 4600e9c9..38b0c8bc 100644
--- a/utils/lxc/Makefile
+++ b/utils/lxc/Makefile
@@ -70,6 +70,22 @@ define Package/lxc-auto/conffiles
/etc/config/lxc-auto
endef
+define Package/lxc-unprivileged
+ $(call Package/lxc/Default)
+ TITLE:=Helper script for unprivileged containers support
+ DEPENDS:=+shadow-utils +shadow-newuidmap +shadow-newgidmap
+endef
+
+define Package/lxc-unprivileged/description
+ Support for unprivileged containers requires newuidmap and newguidmap.
+ This package makes sure they are available & have correct permissions.
+endef
+
+define Package/lxc-unprivileged/install
+ $(INSTALL_DIR) $(1)/etc/uci-defaults
+ $(INSTALL_DATA) ./files/lxc-unprivileged.defaults $(1)/etc/uci-defaults/
+endef
+
define Package/lxc/config
source "$(SOURCE)/Config.in"
endef
@@ -272,6 +288,7 @@ $(eval $(call BuildPackage,liblxc))
$(eval $(call BuildPackage,lxc-lua))
$(eval $(call BuildPackage,lxc-init))
$(eval $(call BuildPackage,lxc-auto))
+$(eval $(call BuildPackage,lxc-unprivileged))
$(foreach u,$(LXC_APPLETS_BIN),$(eval $(call GenPlugin,$(u),$(DEPENDS_APPLETS),"/usr/bin")))
$(foreach u,$(LXC_APPLETS_LIB),$(eval $(call GenPlugin,$(u),$(DEPENDS_APPLETS),"/usr/lib/lxc")))
$(foreach u,$(LXC_SCRIPTS),$(eval $(call GenPlugin,$(u),,"/usr/bin")))
diff --git a/utils/lxc/files/lxc-unprivileged.defaults b/utils/lxc/files/lxc-unprivileged.defaults
new file mode 100644
index 00000000..45c9839f
--- /dev/null
+++ b/utils/lxc/files/lxc-unprivileged.defaults
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+chmod u+s /usr/bin/newuidmap && \
+chmod u+s /usr/bin/newgidmap
--
2.11.0
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list