diff --git a/Dockerfile b/Dockerfile index 7f9d18e..0f294ec 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,10 +22,12 @@ RUN apt-get update \ ca-certificates \ ccache \ diffstat \ + dumb-init \ flex \ gcc \ gettext \ gnupg2 \ + gosu \ libcurl4-gnutls-dev \ libelf-dev \ libexpat1-dev \ @@ -105,6 +107,18 @@ RUN test "$INSTALL_GCC" -eq "1" \ COPY other-configs/ / +RUN echo "**** create abc user and make our folders ****" \ + && useradd -u 1000 -U -d /config -s /bin/false abc \ + && usermod -G users abc \ + && mkdir /workdir && chown abc:abc /workdir \ + && mkdir /config && chown abc:abc /config + +ENTRYPOINT ["/init"] + +CMD ["/usr/bin/bash"] + +VOLUME /workdir + COPY kernel_patch_verify /usr/bin/kernel_patch_verify WORKDIR /workdir diff --git a/kp_common b/kp_common index 512c2a4..18394cf 100644 --- a/kp_common +++ b/kp_common @@ -1,6 +1,6 @@ #!/bin/bash -export USER_ID GROUP_ID PATH DOCKER_MOUNT_DIRS IMAGE_ID +export DOCKER_MOUNT_DIRS IMG_NAME # Check if Docker image exists @@ -38,9 +38,6 @@ else fi fi -USER_ID=$(id -u) -GROUP_ID=$(id -g) - DOCKER_MOUNT_DIRS=() DOCKER_MOUNT_DIRS+=(-v /tmp:/tmp) DOCKER_MOUNT_DIRS+=(-v /opt:/opt) @@ -56,12 +53,3 @@ fi if [ "$GIT_WORKTREE_COMMONDIR" != ".git" ]; then DOCKER_MOUNT_DIRS+=(-v "$GIT_WORKTREE_COMMONDIR":"$GIT_WORKTREE_COMMONDIR") fi - -# Run our image to add our swuser -docker run "$IMG_NAME" /bin/bash -c "groupadd -r swuser -g $GROUP_ID && useradd -u $USER_ID -r -g swuser -d /workdir -s /sbin/nologin -c \"Docker kernel patch user\" swuser" -# Get the container ID of the last run container (above) -CONTAINER_ID=$(docker ps -lq) -# Commit the container state (returns an image_id with sha256: prefix cut off) -IMAGE_ID=$(docker commit "$CONTAINER_ID" | cut -c8-) - -PATH=/workdir/scripts/dtc:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/opt/cross-gcc-linux-13/bin:/opt/cross-gcc-linux-12/bin:/opt/cross-gcc-linux-11/bin:/opt/cross-gcc-linux-10/bin:/opt/cross-gcc-linux-9/bin:/usr/local/cross-gcc-linux-9/bin:/usr/local/cross-gcc-linux-10/bin diff --git a/kps b/kps index 649d4cc..d298244 100755 --- a/kps +++ b/kps @@ -4,11 +4,7 @@ source "$(dirname "$(readlink -f "$0")")/kp_common" # If we wanted to get to bash shell: docker run --rm -ti \ - --user "$USER_ID":"$GROUP_ID" \ -e CROSS_COMPILE -e ARCH \ "${DOCKER_MOUNT_DIRS[@]}" \ - "$IMAGE_ID" \ + "$IMG_NAME" \ bash --init-file /etc/profile - -# TODO: we can reuse this image for future runs, for now just clean up after ourselves -docker rmi "$IMAGE_ID" diff --git a/kpv b/kpv index 61101f8..7ea625f 100755 --- a/kpv +++ b/kpv @@ -3,11 +3,7 @@ source "$(dirname "$(readlink -f "$0")")/kp_common" docker run --rm -ti \ - --user "$USER_ID":"$GROUP_ID" \ -e CROSS_COMPILE -e ARCH \ "${DOCKER_MOUNT_DIRS[@]}" \ - "$IMAGE_ID" \ + "$IMG_NAME" \ kernel_patch_verify -S /usr/local/smatch/bin/k_sm_check_script "$@" - -# TODO: we can reuse this image for future runs, for now just clean up after ourselves -docker rmi "$IMAGE_ID" diff --git a/other-configs/init b/other-configs/init new file mode 100755 index 0000000..b1867ed --- /dev/null +++ b/other-configs/init @@ -0,0 +1,43 @@ +#!/bin/bash + +get_attribs() { + local file_stats file_to_test useful_attribs + if file_to_test=$(realpath "$1") && [[ $2 =~ ^[0-9]+$ ]] ; then + useful_attribs=$(stat "$file_to_test" -t) + read -r -a file_stats <<< "${useful_attribs#"$file_to_test"}" + echo "${file_stats["$2"]}" + else + return 1 + fi +} + +get_build_uid() { + get_attribs /workdir 3 +} + +get_build_gid() { + get_attribs /workdir 4 +} + +if NEW_GID=$(get_build_gid) && NEW_UID=$(get_build_uid); then + # bypass everything if podman is remapping the id to root + if [ "${NEW_UID}" == "0" ]; then + if [ "$(id -u)" == "0" ]; then + exec dumb-init -- "$@" + else + echo "Unable to resolve ns mapping!" + fi + fi + + # change the uid and gid of abc otherwise + [ "$NEW_GID" != "$(id -g abc)" ] && groupmod -g "${NEW_GID}" abc + [ "$NEW_UID" != "$(id -u abc)" ] && usermod -u "${NEW_UID}" abc +else + echo "Not able to detect UID/GID for remapping!" +fi + +if [ "$(id -u)" == "$(id -u abc)" ]; then + exec dumb-init -- "$@" +else + exec dumb-init -- gosu abc "$@" +fi