Merge claude/2
This commit is contained in:
commit
caa197f2fa
@ -35,12 +35,21 @@ dockerConfigSetupFileWithData()
|
||||
# UID (was 1001) breaks wherever that user's UID differs — the
|
||||
# container dies with EACCES on first write and never binds its port.
|
||||
# No-op for compose files without a USER_TAG.
|
||||
local container_user="${docker_install_user:-$sudo_user_name}"
|
||||
local install_uid install_gid
|
||||
install_uid=$(id -u "$container_user" 2>/dev/null)
|
||||
install_gid=$(id -g "$container_user" 2>/dev/null)
|
||||
if [[ -n "$install_uid" && -n "$install_gid" ]]; then
|
||||
tagsManagerUpdateUniversalTag "$full_file_path" "USER_TAG" "${install_uid}:${install_gid}"
|
||||
if [[ "$CFG_DOCKER_INSTALL_TYPE" == "rootless" ]]; then
|
||||
# Rootless: the daemon runs as the install user, so container UID 0
|
||||
# maps to it on the host — it owns the bind-mounts and the rootless
|
||||
# socket. Using the host UID instead lands on an unmapped sub-UID
|
||||
# (EACCES on writes; and group_add then calls setgroups() with a
|
||||
# sub-GID outside the userns → EINVAL, container won't start).
|
||||
tagsManagerUpdateUniversalTag "$full_file_path" "USER_TAG" "0:0"
|
||||
else
|
||||
local container_user="${docker_install_user:-$sudo_user_name}"
|
||||
local install_uid install_gid
|
||||
install_uid=$(id -u "$container_user" 2>/dev/null)
|
||||
install_gid=$(id -g "$container_user" 2>/dev/null)
|
||||
if [[ -n "$install_uid" && -n "$install_gid" ]]; then
|
||||
tagsManagerUpdateUniversalTag "$full_file_path" "USER_TAG" "${install_uid}:${install_gid}"
|
||||
fi
|
||||
fi
|
||||
tagsProcessorPasswordAndKeyGeneration "$full_file_path"
|
||||
tagsProcessorRandomUserGeneration "$full_file_path"
|
||||
|
||||
@ -26,15 +26,25 @@ tagsProcessorSocketConfiguration()
|
||||
if [[ -n "$socket_path" ]]; then
|
||||
tagsManagerUpdateUniversalTag "$full_file_path" "SOCKET_TAG" "${socket_path}:${socket_path}"
|
||||
|
||||
# Resolve the socket's group GID so the (non-root) container user
|
||||
# can connect via group_add. Without this, the socket is owned
|
||||
# root:docker mode 660 and a non-member UID sees EACCES.
|
||||
# Resolve the socket's group GID so the container can connect via
|
||||
# group_add.
|
||||
local socket_gid=""
|
||||
if [[ -S "$socket_path" ]]; then
|
||||
socket_gid=$(stat -c '%g' "$socket_path" 2>/dev/null)
|
||||
if [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then
|
||||
# Rootless: container runs as UID 0 = the install user = socket
|
||||
# owner, so inside the userns the socket's group is root (0). The
|
||||
# host shows a high sub-GID (e.g. 166528); using that would make
|
||||
# group_add call setgroups() with a GID outside the userns → EINVAL
|
||||
# and the container fails to start.
|
||||
socket_gid=0
|
||||
else
|
||||
# Rooted: socket is owned root:docker mode 660, so a non-member UID
|
||||
# needs the docker group via group_add or it sees EACCES.
|
||||
if [[ -S "$socket_path" ]]; then
|
||||
socket_gid=$(stat -c '%g' "$socket_path" 2>/dev/null)
|
||||
fi
|
||||
[[ -z "$socket_gid" ]] && socket_gid=$(getent group docker 2>/dev/null | cut -d: -f3)
|
||||
[[ -z "$socket_gid" ]] && socket_gid="999"
|
||||
fi
|
||||
[[ -z "$socket_gid" ]] && socket_gid=$(getent group docker 2>/dev/null | cut -d: -f3)
|
||||
[[ -z "$socket_gid" ]] && socket_gid="999"
|
||||
tagsManagerUpdateUniversalTag "$full_file_path" "SOCKET_GID_TAG" "$socket_gid"
|
||||
fi
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user