commit 5acd53682712bec66df119717214e4cebba6e154
parent 97968f2c2a528580d2ce2320ede39ad183cab321
Author: ccx <ccx@te2000.cz>
Date: Mon, 20 May 2024 12:03:50 +0000
Rework single-container user setup
Diffstat:
1 file changed, 25 insertions(+), 12 deletions(-)
diff --git a/zsh-functions/confz_site_containers_init b/zsh-functions/confz_site_containers_init
@@ -113,6 +113,16 @@ UC() {
:containers_dir :svscan_dir :user :uid :gid \
container_name=$container image_name=$image "$@"
}
+
+SUC() {
+ local container image
+ container=$1
+ shift
+ image=${1:-$container}
+ (($#)) && shift
+ require site_containers_user_single :containers_dir :svscan_dir \
+ user=$container container_name=$container image_name=$image "$@"
+}
#typeset -f -t UC
UCa() {
@@ -121,6 +131,12 @@ UCa() {
UC $container alpine-$container "$@"
}
+SUCa() {
+ local container=$1
+ shift
+ SUC $container alpine-$container "$@"
+}
+
UCv() {
local container=$1
shift
@@ -244,19 +260,16 @@ confz_site_container_services_check() {
require site_containers_user user=ccx :containers_dir :svscan_dir
#require container_service_sysroot :containers_dir :svscan_dir \
# image_name=alpine-dev
- local -A privileged_containers
- local name linux_caps
- privileged_containers=(
- wpa_supplicant '^CAP_NET_ADMIN,^CAP_NET_RAW'
- dhcpcd '^CAP_NET_ADMIN,^CAP_NET_RAW,^CAP_NET_BIND_SERVICE'
- unbound ''
- tinc '^CAP_NET_ADMIN'
+ local -a el_rfkill_and_sys=(
+ "#!$(which execlineb) -P"
+ 'if { mknod -m 660 /dev/rfkill c 10 242 }'
+ 'mount -t sysfs sysfs sys'
)
- for name linux_caps in "${(@kv)privileged_containers}"; do
- require site_containers_user_single :containers_dir :svscan_dir \
- linux_caps="$linux_caps" \
- user=$name container_name=$name image_name=alpine-$name
- done
+ SUCa wpa_supplicant linux_caps='^CAP_NET_ADMIN,^CAP_NET_RAW' \
+ prepare_chroot=${(F)el_rfkill_and_sys}
+ SUCa dhcpcd linux_caps='^CAP_NET_ADMIN,^CAP_NET_RAW,^CAP_NET_BIND_SERVICE'
+ SUCa unbound linux_caps='^CAP_NET_BIND_SERVICE'
+ SUCa tinc linux_caps='^CAP_NET_ADMIN'
}
confz_site_container_alpine_check() {
