Merge claude/2
This commit is contained in:
commit
caa197f2fa
@ -35,12 +35,21 @@ dockerConfigSetupFileWithData()
|
|||||||
# UID (was 1001) breaks wherever that user's UID differs — the
|
# UID (was 1001) breaks wherever that user's UID differs — the
|
||||||
# container dies with EACCES on first write and never binds its port.
|
# container dies with EACCES on first write and never binds its port.
|
||||||
# No-op for compose files without a USER_TAG.
|
# No-op for compose files without a USER_TAG.
|
||||||
local container_user="${docker_install_user:-$sudo_user_name}"
|
if [[ "$CFG_DOCKER_INSTALL_TYPE" == "rootless" ]]; then
|
||||||
local install_uid install_gid
|
# Rootless: the daemon runs as the install user, so container UID 0
|
||||||
install_uid=$(id -u "$container_user" 2>/dev/null)
|
# maps to it on the host — it owns the bind-mounts and the rootless
|
||||||
install_gid=$(id -g "$container_user" 2>/dev/null)
|
# socket. Using the host UID instead lands on an unmapped sub-UID
|
||||||
if [[ -n "$install_uid" && -n "$install_gid" ]]; then
|
# (EACCES on writes; and group_add then calls setgroups() with a
|
||||||
tagsManagerUpdateUniversalTag "$full_file_path" "USER_TAG" "${install_uid}:${install_gid}"
|
# sub-GID outside the userns → EINVAL, container won't start).
|
||||||
|
tagsManagerUpdateUniversalTag "$full_file_path" "USER_TAG" "0:0"
|
||||||
|
else
|
||||||
|
local container_user="${docker_install_user:-$sudo_user_name}"
|
||||||
|
local install_uid install_gid
|
||||||
|
install_uid=$(id -u "$container_user" 2>/dev/null)
|
||||||
|
install_gid=$(id -g "$container_user" 2>/dev/null)
|
||||||
|
if [[ -n "$install_uid" && -n "$install_gid" ]]; then
|
||||||
|
tagsManagerUpdateUniversalTag "$full_file_path" "USER_TAG" "${install_uid}:${install_gid}"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
tagsProcessorPasswordAndKeyGeneration "$full_file_path"
|
tagsProcessorPasswordAndKeyGeneration "$full_file_path"
|
||||||
tagsProcessorRandomUserGeneration "$full_file_path"
|
tagsProcessorRandomUserGeneration "$full_file_path"
|
||||||
|
|||||||
@ -26,15 +26,25 @@ tagsProcessorSocketConfiguration()
|
|||||||
if [[ -n "$socket_path" ]]; then
|
if [[ -n "$socket_path" ]]; then
|
||||||
tagsManagerUpdateUniversalTag "$full_file_path" "SOCKET_TAG" "${socket_path}:${socket_path}"
|
tagsManagerUpdateUniversalTag "$full_file_path" "SOCKET_TAG" "${socket_path}:${socket_path}"
|
||||||
|
|
||||||
# Resolve the socket's group GID so the (non-root) container user
|
# Resolve the socket's group GID so the container can connect via
|
||||||
# can connect via group_add. Without this, the socket is owned
|
# group_add.
|
||||||
# root:docker mode 660 and a non-member UID sees EACCES.
|
|
||||||
local socket_gid=""
|
local socket_gid=""
|
||||||
if [[ -S "$socket_path" ]]; then
|
if [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then
|
||||||
socket_gid=$(stat -c '%g' "$socket_path" 2>/dev/null)
|
# Rootless: container runs as UID 0 = the install user = socket
|
||||||
|
# owner, so inside the userns the socket's group is root (0). The
|
||||||
|
# host shows a high sub-GID (e.g. 166528); using that would make
|
||||||
|
# group_add call setgroups() with a GID outside the userns → EINVAL
|
||||||
|
# and the container fails to start.
|
||||||
|
socket_gid=0
|
||||||
|
else
|
||||||
|
# Rooted: socket is owned root:docker mode 660, so a non-member UID
|
||||||
|
# needs the docker group via group_add or it sees EACCES.
|
||||||
|
if [[ -S "$socket_path" ]]; then
|
||||||
|
socket_gid=$(stat -c '%g' "$socket_path" 2>/dev/null)
|
||||||
|
fi
|
||||||
|
[[ -z "$socket_gid" ]] && socket_gid=$(getent group docker 2>/dev/null | cut -d: -f3)
|
||||||
|
[[ -z "$socket_gid" ]] && socket_gid="999"
|
||||||
fi
|
fi
|
||||||
[[ -z "$socket_gid" ]] && socket_gid=$(getent group docker 2>/dev/null | cut -d: -f3)
|
|
||||||
[[ -z "$socket_gid" ]] && socket_gid="999"
|
|
||||||
tagsManagerUpdateUniversalTag "$full_file_path" "SOCKET_GID_TAG" "$socket_gid"
|
tagsManagerUpdateUniversalTag "$full_file_path" "SOCKET_GID_TAG" "$socket_gid"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user