From c28aca9d21c13ce5fdf0e4accccf210d19978f2e Mon Sep 17 00:00:00 2001 From: Darragh Bailey Date: Sat, 3 Sep 2022 12:37:25 +0100 Subject: [PATCH] Improve handling when run using root user (#1572) Allow for the image to be run with the root user if desired, however change to requiring setting of a variable to allow it to continue as it may change ownership of files unexpectedly. Additionally ensure that the workdir passed to docker matches the target mount path used, in case the realpath to ${PWD} resolves to be different to it's value resulting in the starting workdir being somewhere different to the current path on the host. Fixes: #1442 --- docs/installation.markdown | 6 +++--- entrypoint.sh | 38 ++++++++++++++++++++++++++++++-------- 2 files changed, 33 insertions(+), 11 deletions(-) diff --git a/docs/installation.markdown b/docs/installation.markdown index b6b61c6..8fe66f8 100644 --- a/docs/installation.markdown +++ b/docs/installation.markdown @@ -86,7 +86,7 @@ docker run -i --rm \ -v /var/run/libvirt/:/var/run/libvirt/ \ -v ~/.vagrant.d:/.vagrant.d \ -v $(realpath "${PWD}"):${PWD} \ - -w $(realpath "${PWD}") \ + -w "${PWD}" \ --network host \ vagrantlibvirt/vagrant-libvirt:latest \ vagrant status @@ -100,7 +100,7 @@ vagrant(){ -v /var/run/libvirt/:/var/run/libvirt/ \ -v ~/.vagrant.d:/.vagrant.d \ -v $(realpath "${PWD}"):${PWD} \ - -w $(realpath "${PWD}") \ + -w "${PWD}" \ --network host \ vagrantlibvirt/vagrant-libvirt:latest \ vagrant $@ @@ -126,7 +126,7 @@ vagrant(){ -v /var/run/libvirt/:/var/run/libvirt/ \ -v ~/.vagrant.d:/.vagrant.d \ -v $(realpath "${PWD}"):${PWD} \ - -w $(realpath "${PWD}") \ + -w "${PWD}" \ --network host \ --entrypoint /bin/bash \ --security-opt label=disable \ diff --git a/entrypoint.sh b/entrypoint.sh index 5423a8d..98e8ced 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -53,9 +53,18 @@ USER_UID=${USER_UID:-$(stat -c %u ${path})} || exit 3 USER_GID=${USER_GID:-$(stat -c %g ${path})} || exit 3 if [[ ${USER_UID} -eq 0 ]] then - if [[ -z "${IGNORE_RUN_AS_ROOT:-}" ]] + if [[ "${IGNORE_RUN_AS_ROOT:-0}" == "0" ]] then - echo "WARNING! Running as root, if this breaks, you get to keep both pieces" + echo "ERROR! Running as root, this usually means there has been a mistake" \ + "in how the image has been launched." + echo "If this is actually intended, please pass '-e IGNORE_RUN_AS_ROOT=1'" \ + "via the docker run command to allow execution as root." + echo + echo "Used '${path}' to determine uid/gid, typically starting looking for the" \ + "file '$(pwd)/Vagrantfile' or if there is a Vagrantfile in the parent directory" \ + "otherwise fall back to owner/group of'$(pwd)'" + + exit 2 fi else vdir_uid=$(stat -c %u ${vdir}) @@ -104,9 +113,12 @@ then ${USERCMD} --shell /bin/bash -u ${USER_UID} -g ${USER_GID} -o -c "" -m ${USER} >/dev/null 2>&1 || exit 3 fi -# make sure the directories can be written to by vagrant otherwise will -# get a start up error -find "${VAGRANT_HOME}" -maxdepth 1 ! -exec chown -h ${USER}:${GROUP} {} \+ +if [[ "${USER_UID}" != "0" ]] +then + # make sure the directories can be written to by vagrant otherwise will + # get a start up error + find "${VAGRANT_HOME}" -maxdepth 1 ! -exec chown -h ${USER}:${GROUP} {} \+ +fi LIBVIRT_SOCK=/var/run/libvirt/libvirt-sock if [[ ! -S ${LIBVIRT_SOCK} ]] @@ -121,7 +133,7 @@ then else LIBVIRT_GID=$(stat -c %g ${LIBVIRT_SOCK}) # only do this if the host uses a non-root group for libvirt - if [[ ${LIBVIRT_GID} -ne 0 ]] + if [[ "${USER_UID}" != "0" ]] && [[ ${LIBVIRT_GID} -ne 0 ]] then if getent group libvirt >/dev/null then @@ -138,7 +150,17 @@ fi if [[ $# -eq 0 ]] then # if no command provided - exec gosu ${USER} vagrant help >&3 + if [[ "${USER_UID}" != "0" ]] + then + exec gosu ${USER} vagrant help >&3 + else + exec vagrant help >&3 + fi fi -exec gosu ${USER} "$@" >&3 +if [[ "${USER_UID}" != "0" ]] +then + exec gosu ${USER} "$@" >&3 +else + exec "$@" >&3 +fi