crichardson/docker-xubuntu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create additional groups dynamically

Browse Source
This commit is contained in:
Héctor Molinero Fernández
2019-12-14 18:12:58 +01:00
parent 2d61753e73
commit b9b2999225
3 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Dockerfile.m4
View File

@@ -400,7 +400,7 @@ ENV UNPRIVILEGED_USER_UID=1000
ENV UNPRIVILEGED_USER_GID=1000 ENV UNPRIVILEGED_USER_GID=1000
ENV UNPRIVILEGED_USER_NAME=guest ENV UNPRIVILEGED_USER_NAME=guest
ENV UNPRIVILEGED_USER_PASSWORD=password ENV UNPRIVILEGED_USER_PASSWORD=password
ENV UNPRIVILEGED_USER_GROUPS=audio,input,video ENV UNPRIVILEGED_USER_GROUPS=
ENV UNPRIVILEGED_USER_SHELL=/bin/bash ENV UNPRIVILEGED_USER_SHELL=/bin/bash
ENV RDP_TLS_KEY_PATH=/etc/xrdp/key.pem ENV RDP_TLS_KEY_PATH=/etc/xrdp/key.pem
ENV RDP_TLS_CERT_PATH=/etc/xrdp/cert.pem ENV RDP_TLS_CERT_PATH=/etc/xrdp/cert.pem
@@ -433,6 +433,9 @@ RUN ln -sf /dev/stdout /var/log/xdummy.log
RUN ln -sf /dev/stdout /var/log/xrdp.log RUN ln -sf /dev/stdout /var/log/xrdp.log
RUN ln -sf /dev/stdout /var/log/xrdp-sesman.log RUN ln -sf /dev/stdout /var/log/xrdp-sesman.log
# Create /run/sshd/ directory
RUN mkdir /run/sshd/
# Create /etc/skel/.xsession file # Create /etc/skel/.xsession file
RUN printf '%s\n' 'exec xfce4-session' > /etc/skel/.xsession RUN printf '%s\n' 'exec xfce4-session' > /etc/skel/.xsession
@@ -452,9 +455,6 @@ RUN printf '%s\n' \
# Create /etc/skel/.Xauthority file # Create /etc/skel/.Xauthority file
RUN touch /etc/skel/.Xauthority RUN touch /etc/skel/.Xauthority
# Create /run/sshd directory
RUN mkdir /run/sshd/
# Create socket directory for X server # Create socket directory for X server
RUN mkdir /tmp/.X11-unix/ \ RUN mkdir /tmp/.X11-unix/ \
&& chmod 1777 /tmp/.X11-unix/ \ && chmod 1777 /tmp/.X11-unix/ \

2
README.md
View File

@@ -30,7 +30,7 @@ required for VirtualGL will conflict with the host X server.
* `UNPRIVILEGED_USER_GID`: unprivileged user GID (`1000` by default). * `UNPRIVILEGED_USER_GID`: unprivileged user GID (`1000` by default).
* `UNPRIVILEGED_USER_NAME`: unprivileged user name (`guest` by default). * `UNPRIVILEGED_USER_NAME`: unprivileged user name (`guest` by default).
* `UNPRIVILEGED_USER_PASSWORD`: unprivileged user password (`password` by default). * `UNPRIVILEGED_USER_PASSWORD`: unprivileged user password (`password` by default).
* `UNPRIVILEGED_USER_GROUPS`: unprivileged user groups (`audio,input,video` by default). * `UNPRIVILEGED_USER_GROUPS`: comma-separated list of additional GIDs for the unprivileged user (none by default).
* `UNPRIVILEGED_USER_SHELL`: unprivileged user shell (`/bin/bash` by default). * `UNPRIVILEGED_USER_SHELL`: unprivileged user shell (`/bin/bash` by default).
* `ENABLE_SSHD`: enable SSH server in the container (`false` by default). * `ENABLE_SSHD`: enable SSH server in the container (`false` by default).
* `ENABLE_VIRTUALGL`: enable VirtualGL support in the container (`false` by default). * `ENABLE_VIRTUALGL`: enable VirtualGL support in the container (`false` by default).

11
scripts/bin/container-foreground-cmd
View File

@@ -2,6 +2,15 @@
set -eu set -eu
# Create additional groups
_IFS=${IFS}; IFS=,
for gid in ${UNPRIVILEGED_USER_GROUPS?}; do
if ! getent group "${gid:?}" >/dev/null 2>&1; then
groupadd -g "${gid:?}" "g_${gid:?}"
fi
done
IFS=$_IFS
# Create unprivileged user and group # Create unprivileged user and group
groupadd \ groupadd \
--gid "${UNPRIVILEGED_USER_GID:?}" \ --gid "${UNPRIVILEGED_USER_GID:?}" \
@@ -9,7 +18,7 @@ groupadd \
useradd \ useradd \
--uid "${UNPRIVILEGED_USER_UID:?}" \ --uid "${UNPRIVILEGED_USER_UID:?}" \
--gid "${UNPRIVILEGED_USER_GID:?}" \ --gid "${UNPRIVILEGED_USER_GID:?}" \
--groups "${UNPRIVILEGED_USER_GROUPS:?}" \ --groups "${UNPRIVILEGED_USER_GROUPS?}" \
--shell "${UNPRIVILEGED_USER_SHELL:?}" \ --shell "${UNPRIVILEGED_USER_SHELL:?}" \
--create-home \ --create-home \
"${UNPRIVILEGED_USER_NAME:?}" "${UNPRIVILEGED_USER_NAME:?}"