#!/sbin/openrc-run # Init script for lxcfs # Copyright (C) 2016 Stuart Cardall # Licensed under the terms of the GPL2 DAEMON=/usr/bin/lxcfs PIDFILE=/run/lxcfs.pid VARDIR=/var/lib/lxcfs RUNDIR=/run/lxcfs MAPPER=/usr/bin/uidmapshift description="FUSE filesystem for LXC unprivileged containers" description_setup="Setup unprivileged container permissions" description_info="Unprivileged container config file settings" extra_commands="setup info" depend() { need cgproxy } start_pre() { local module= checkpath --directory ${VARDIR} for module in fuse autofs4; do if ! $(lsmod | grep -q ^$module); then eerror "Enable module: $module" eerror "modprobe $module" eerror "echo $module >> /etc/modules" eend 1 fi done } find_perms() { local file= path= tmp= for file in subuid subgid; do path=/etc/$file if [ -f $path ]; then tmp=$(root_id $path 2) if [ -n "$tmp" ]; then tmp=$(echo $tmp | tr -cd '[:digit:]') PERMS="$PERMS $tmp" else create_id $file fi else create_id $file fi done PERMS=$(echo $PERMS | sed 's| |:|') } create_id() { einfo "Creating $1 for root: /etc/$1" echo "root:100000:65537" >> /etc/$1 PERMS="$PERMS 100000" } root_id() { grep ^root $1 | cut -d':' -f $2 } find_lxc_path() { local lxc_path= lxc_path=$(grep ^lxc.lxcpath /etc/lxc/lxc.conf 2>/dev/null) lxc_path=${lxc_path#*=} lxc_path=${lxc_path:-/var/lib/lxc} echo $lxc_path } dir_perms() { local subgid=$(root_id /etc/subgid 2) # set permissions to allow unprivileged services to run einfo "Setting Mode 755 & root:root => $1/rootfs" chmod 755 $1/rootfs chown root:root $1/rootfs einfo "Setting Mode 750 & root:$subgid => $1" chmod 750 $1 chown root:$subgid $1 } info() { cat > /tmp/lxc.fs <