Merge claude/1
This commit is contained in:
commit
d842ed8447
@ -55,13 +55,6 @@ installLibrePortal()
|
|||||||
|
|
||||||
((menu_number++))
|
((menu_number++))
|
||||||
echo ""
|
echo ""
|
||||||
echo "---- $menu_number. Updating file permissions before starting."
|
|
||||||
echo ""
|
|
||||||
|
|
||||||
fixPermissionsBeforeStart $app_name;
|
|
||||||
|
|
||||||
((menu_number++))
|
|
||||||
echo ""
|
|
||||||
echo "---- $menu_number. Randomizing WebUI login credentials."
|
echo "---- $menu_number. Randomizing WebUI login credentials."
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
@ -72,6 +65,18 @@ installLibrePortal()
|
|||||||
|
|
||||||
((menu_number++))
|
((menu_number++))
|
||||||
echo ""
|
echo ""
|
||||||
|
echo "---- $menu_number. Updating file permissions before starting."
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
# Must run AFTER the credential rewrite above: that rewrite (as the non-root
|
||||||
|
# manager) resets webui_logins' group, dropping the container-owner group the
|
||||||
|
# rootless WebUI reads it through. This pass restores it, so it has to be the
|
||||||
|
# last ownership touch before the container starts — else the container can't
|
||||||
|
# read its own login file and exits on boot.
|
||||||
|
fixPermissionsBeforeStart $app_name;
|
||||||
|
|
||||||
|
((menu_number++))
|
||||||
|
echo ""
|
||||||
echo "---- $menu_number. Running the docker-compose.yml to install and start $app_name"
|
echo "---- $menu_number. Running the docker-compose.yml to install and start $app_name"
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
|
|||||||
@ -97,6 +97,12 @@ cliWebuiLoginReset()
|
|||||||
isNotice "Regenerating WebUI config files..."
|
isNotice "Regenerating WebUI config files..."
|
||||||
webuiLibrePortalUpdate
|
webuiLibrePortalUpdate
|
||||||
|
|
||||||
|
# The credential rewrite above ran as the non-root manager, which resets
|
||||||
|
# webui_logins' group and drops the container-owner group the rootless WebUI
|
||||||
|
# reads it through. Restore it before restarting, or the container can't read
|
||||||
|
# its own login file and exits on boot.
|
||||||
|
reconcileWebuiDirOwnership
|
||||||
|
|
||||||
# Restart the libreportal container so it picks up the new credentials
|
# Restart the libreportal container so it picks up the new credentials
|
||||||
isNotice "Restarting LibrePortal container..."
|
isNotice "Restarting LibrePortal container..."
|
||||||
dockerComposeRestart libreportal
|
dockerComposeRestart libreportal
|
||||||
|
|||||||
@ -64,6 +64,14 @@ reconcileContainersTopOwnership()
|
|||||||
# reconcile and the fresh-install WebUI setup so a fresh install gets the same
|
# reconcile and the fresh-install WebUI setup so a fresh install gets the same
|
||||||
# ownership a switch does — otherwise rootless generators hit "Permission
|
# ownership a switch does — otherwise rootless generators hit "Permission
|
||||||
# denied" on a manager-owned frontend/data tree.
|
# denied" on a manager-owned frontend/data tree.
|
||||||
|
#
|
||||||
|
# Also restores the configs/webui bind-mount access (webui-bind): those system-tree
|
||||||
|
# files are read by the container through the container-owner GROUP, but any rewrite
|
||||||
|
# by the non-root manager (e.g. the credential randomizer's sed of webui_logins)
|
||||||
|
# resets their group to the manager's own — after which the rootless container can
|
||||||
|
# no longer read them and exits on boot. Folding it in here makes this the single
|
||||||
|
# "ready the WebUI for its container" pass: run it after any config write and right
|
||||||
|
# before the container (re)starts.
|
||||||
reconcileWebuiDirOwnership()
|
reconcileWebuiDirOwnership()
|
||||||
{
|
{
|
||||||
local mode="${1:-$CFG_DOCKER_INSTALL_TYPE}"
|
local mode="${1:-$CFG_DOCKER_INSTALL_TYPE}"
|
||||||
@ -74,6 +82,7 @@ reconcileWebuiDirOwnership()
|
|||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
runOwnership webui
|
runOwnership webui
|
||||||
|
runOwnership webui-bind
|
||||||
isSuccessful "Reconciled WebUI dir ($webui_dir)"
|
isSuccessful "Reconciled WebUI dir ($webui_dir)"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -259,9 +259,10 @@ case "$action" in
|
|||||||
db-own) db_own;;
|
db-own) db_own;;
|
||||||
app-perms) app_perms;;
|
app-perms) app_perms;;
|
||||||
webui) webui;;
|
webui) webui;;
|
||||||
|
webui-bind) _webui_bind_access;;
|
||||||
taskdir) taskdir;;
|
taskdir) taskdir;;
|
||||||
app-data-nobody) app_data_nobody "${1:-}";;
|
app-data-nobody) app_data_nobody "${1:-}";;
|
||||||
app-data-remove) app_data_remove "${1:-}";;
|
app-data-remove) app_data_remove "${1:-}";;
|
||||||
app-file) app_file "${1:-}" "${2:-}";;
|
app-file) app_file "${1:-}" "${2:-}";;
|
||||||
*) echo "usage: libreportal-ownership {reconcile [mode]|traversal|containers-top|backups-top|db-own|app-perms|webui|taskdir|app-data-nobody <app>|app-data-remove <app>|app-file <app> <relpath>}" >&2; exit 2;;
|
*) echo "usage: libreportal-ownership {reconcile [mode]|traversal|containers-top|backups-top|db-own|app-perms|webui|webui-bind|taskdir|app-data-nobody <app>|app-data-remove <app>|app-file <app> <relpath>}" >&2; exit 2;;
|
||||||
esac
|
esac
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user