Skip to content

L
lxc
Commit c63c04fc by TAMUKI Shoichi Committed by Stéphane Graber
Options

templates: improve refusing to run unprivileged

For all templates except lxc-ubuntu-cloud and lxc-download, detect not only --mapped-uid but also --mapped-gid and error out. Detecting will not be done after -- parameter because of non-option parameters. Also, change the mode of lxc-archlinux.in 100755 to 100644. Signed-off-by: 's avatarTAMUKI Shoichi <tamuki@linet.gr.jp> Acked-by: 's avatarStéphane Graber <stgraber@ubuntu.com>
parent 35f74671
Showing with 45 additions and 30 deletions
templates/lxc-alpine.in
#!/bin/bash #!/bin/bash
# Detect use under userns (unsupported) # Detect use under userns (unsupported)
for arg in $*; do for arg in "$@"; do
if [ "$arg" == "--mapped-uid" ]; then [ "$arg" == "--" ] && break
if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
echo "This template can't be used for unprivileged containers." 1>&2 echo "This template can't be used for unprivileged containers." 1>&2
echo "You may want to try the \"download\" template instead." 1>&2 echo "You may want to try the \"download\" template instead." 1>&2
exit 1 exit 1
......
templates/lxc-altlinux.in
...@@ -25,8 +25,9 @@ ...@@ -25,8 +25,9 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
# Detect use under userns (unsupported) # Detect use under userns (unsupported)
for arg in $*; do for arg in "$@"; do
if [ "$arg" == "--mapped-uid" ]; then [ "$arg" == "--" ] && break
if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
echo "This template can't be used for unprivileged containers." 1>&2 echo "This template can't be used for unprivileged containers." 1>&2
echo "You may want to try the \"download\" template instead." 1>&2 echo "You may want to try the \"download\" template instead." 1>&2
exit 1 exit 1
......
templates/lxc-archlinux.in 100755 → 100644
...@@ -26,8 +26,9 @@ ...@@ -26,8 +26,9 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
# Detect use under userns (unsupported) # Detect use under userns (unsupported)
for arg in $*; do for arg in "$@"; do
if [ "$arg" == "--mapped-uid" ]; then [ "$arg" == "--" ] && break
if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
echo "This template can't be used for unprivileged containers." 1>&2 echo "This template can't be used for unprivileged containers." 1>&2
echo "You may want to try the \"download\" template instead." 1>&2 echo "You may want to try the \"download\" template instead." 1>&2
exit 1 exit 1
......
templates/lxc-busybox.in
...@@ -21,8 +21,9 @@ ...@@ -21,8 +21,9 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
# Detect use under userns (unsupported) # Detect use under userns (unsupported)
for arg in $*; do for arg in "$@"; do
if [ "$arg" == "--mapped-uid" ]; then [ "$arg" == "--" ] && break
if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
echo "This template can't be used for unprivileged containers." 1>&2 echo "This template can't be used for unprivileged containers." 1>&2
echo "You may want to try the \"download\" template instead." 1>&2 echo "You may want to try the \"download\" template instead." 1>&2
exit 1 exit 1
......
templates/lxc-centos.in
...@@ -73,8 +73,9 @@ lxc_network_link=lxcbr0 ...@@ -73,8 +73,9 @@ lxc_network_link=lxcbr0
# should be able to use EITHER. Give preference to /etc/os-release for now. # should be able to use EITHER. Give preference to /etc/os-release for now.
# Detect use under userns (unsupported) # Detect use under userns (unsupported)
for arg in $*; do for arg in "$@"; do
if [ "$arg" == "--mapped-uid" ]; then [ "$arg" == "--" ] && break
if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
echo "This template can't be used for unprivileged containers." 1>&2 echo "This template can't be used for unprivileged containers." 1>&2
echo "You may want to try the \"download\" template instead." 1>&2 echo "You may want to try the \"download\" template instead." 1>&2
exit 1 exit 1
......
templates/lxc-cirros.in
...@@ -22,8 +22,9 @@ ...@@ -22,8 +22,9 @@
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# Detect use under userns (unsupported) # Detect use under userns (unsupported)
for arg in $*; do for arg in "$@"; do
if [ "$arg" == "--mapped-uid" ]; then [ "$arg" == "--" ] && break
if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
echo "This template can't be used for unprivileged containers." 1>&2 echo "This template can't be used for unprivileged containers." 1>&2
echo "You may want to try the \"download\" template instead." 1>&2 echo "You may want to try the \"download\" template instead." 1>&2
exit 1 exit 1
......
templates/lxc-debian.in
...@@ -21,8 +21,9 @@ ...@@ -21,8 +21,9 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
# Detect use under userns (unsupported) # Detect use under userns (unsupported)
for arg in $*; do for arg in "$@"; do
if [ "$arg" == "--mapped-uid" ]; then [ "$arg" == "--" ] && break
if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
echo "This template can't be used for unprivileged containers." 1>&2 echo "This template can't be used for unprivileged containers." 1>&2
echo "You may want to try the \"download\" template instead." 1>&2 echo "You may want to try the \"download\" template instead." 1>&2
exit 1 exit 1
......
templates/lxc-fedora.in
...@@ -73,8 +73,9 @@ lxc_network_link=lxcbr0 ...@@ -73,8 +73,9 @@ lxc_network_link=lxcbr0
# should be able to use EITHER. Give preference to /etc/os-release for now. # should be able to use EITHER. Give preference to /etc/os-release for now.
# Detect use under userns (unsupported) # Detect use under userns (unsupported)
for arg in $*; do for arg in "$@"; do
if [ "$arg" == "--mapped-uid" ]; then [ "$arg" == "--" ] && break
if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
echo "This template can't be used for unprivileged containers." 1>&2 echo "This template can't be used for unprivileged containers." 1>&2
echo "You may want to try the \"download\" template instead." 1>&2 echo "You may want to try the \"download\" template instead." 1>&2
exit 1 exit 1
......
templates/lxc-gentoo.in
...@@ -14,8 +14,9 @@ ...@@ -14,8 +14,9 @@
# #
# Detect use under userns (unsupported) # Detect use under userns (unsupported)
for arg in $*; do for arg in "$@"; do
if [ "$arg" == "--mapped-uid" ]; then [ "$arg" == "--" ] && break
if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
echo "This template can't be used for unprivileged containers." 1>&2 echo "This template can't be used for unprivileged containers." 1>&2
echo "You may want to try the \"download\" template instead." 1>&2 echo "You may want to try the \"download\" template instead." 1>&2
exit 1 exit 1
......
templates/lxc-openmandriva.in
...@@ -27,8 +27,9 @@ ...@@ -27,8 +27,9 @@
# #
# Detect use under userns (unsupported) # Detect use under userns (unsupported)
for arg in $*; do for arg in "$@"; do
if [ "$arg" == "--mapped-uid" ]; then [ "$arg" == "--" ] && break
if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
echo "This template can't be used for unprivileged containers." 1>&2 echo "This template can't be used for unprivileged containers." 1>&2
echo "You may want to try the \"download\" template instead." 1>&2 echo "You may want to try the \"download\" template instead." 1>&2
exit 1 exit 1
......
templates/lxc-opensuse.in
...@@ -26,8 +26,9 @@ ...@@ -26,8 +26,9 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
# Detect use under userns (unsupported) # Detect use under userns (unsupported)
for arg in $*; do for arg in "$@"; do
if [ "$arg" == "--mapped-uid" ]; then [ "$arg" == "--" ] && break
if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
echo "This template can't be used for unprivileged containers." 1>&2 echo "This template can't be used for unprivileged containers." 1>&2
echo "You may want to try the \"download\" template instead." 1>&2 echo "You may want to try the \"download\" template instead." 1>&2
exit 1 exit 1
......
templates/lxc-oracle.in
...@@ -28,8 +28,9 @@ ...@@ -28,8 +28,9 @@
# #
# Detect use under userns (unsupported) # Detect use under userns (unsupported)
for arg in $*; do for arg in "$@"; do
if [ "$arg" == "--mapped-uid" ]; then [ "$arg" == "--" ] && break
if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
echo "This template can't be used for unprivileged containers." 1>&2 echo "This template can't be used for unprivileged containers." 1>&2
echo "You may want to try the \"download\" template instead." 1>&2 echo "You may want to try the \"download\" template instead." 1>&2
exit 1 exit 1
......
templates/lxc-plamo.in
...@@ -29,8 +29,9 @@ ...@@ -29,8 +29,9 @@
# lxc-ubuntu script # lxc-ubuntu script
# Detect use under userns (unsupported) # Detect use under userns (unsupported)
for arg in $*; do for arg in "$@"; do
if [ "$arg" == "--mapped-uid" ]; then [ "$arg" == "--" ] && break
if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
echo "This template can't be used for unprivileged containers." 1>&2 echo "This template can't be used for unprivileged containers." 1>&2
echo "You may want to try the \"download\" template instead." 1>&2 echo "You may want to try the \"download\" template instead." 1>&2
exit 1 exit 1
......
templates/lxc-sshd.in
...@@ -21,8 +21,9 @@ ...@@ -21,8 +21,9 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
# Detect use under userns (unsupported) # Detect use under userns (unsupported)
for arg in $*; do for arg in "$@"; do
if [ "$arg" == "--mapped-uid" ]; then [ "$arg" == "--" ] && break
if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
echo "This template can't be used for unprivileged containers." 1>&2 echo "This template can't be used for unprivileged containers." 1>&2
echo "You may want to try the \"download\" template instead." 1>&2 echo "You may want to try the \"download\" template instead." 1>&2
exit 1 exit 1
......
templates/lxc-ubuntu.in
...@@ -25,8 +25,9 @@ ...@@ -25,8 +25,9 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
# Detect use under userns (unsupported) # Detect use under userns (unsupported)
for arg in $*; do for arg in "$@"; do
if [ "$arg" == "--mapped-uid" ]; then [ "$arg" == "--" ] && break
if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
echo "This template can't be used for unprivileged containers." 1>&2 echo "This template can't be used for unprivileged containers." 1>&2
echo "You may want to try the \"download\" template instead." 1>&2 echo "You may want to try the \"download\" template instead." 1>&2
exit 1 exit 1
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment