crichardson/docker-xubuntu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8123a21f3e5e31ab4d0729e2b14ebd34642819c7
docker-xubuntu/scripts/bin/container-init
Thai Pangsakulyanont 8123a21f3e Clean up /tmp in container-init 
I ran into a problem where the container does not start after 10 startups.

The reason for this is `/tmp/.X10-lock` file are not deleted when running `docker stop`.
On next `docker-start`, `/tmp/.X11-lock` is allocated instead.
This keeps going until `/tmp/.X19-lock` and from that it gives up.

Another workaround is to use `--tmpfs` in `docker run`.
But not all users always use it.
2020-10-14 01:35:09 +07:00

94 lines
3.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
# Clean up /tmp, just in case there is some leftover files from previous run and `--tmpfs` is not specified.
# Without this cleanup or `--tmpfs`, the container will no longer start after 10 startups.
rm -rf /tmp
mkdir /tmp
chmod a+rw /tmp
set -eu
# Create additional groups
_IFS=${IFS}; IFS=,
for gid in ${UNPRIVILEGED_USER_GROUPS?}; do
if ! getent group "${gid:?}" >/dev/null 2>&1; then
groupadd --gid "${gid:?}" "g_${gid:?}"
fi
done
IFS=$_IFS
# Create unprivileged user and group
if ! getent group "${UNPRIVILEGED_USER_GID:?}" >/dev/null 2>&1; then
groupadd --gid "${UNPRIVILEGED_USER_GID:?}" "${UNPRIVILEGED_USER_NAME:?}"
fi
if ! getent passwd "${UNPRIVILEGED_USER_UID:?}" >/dev/null 2>&1; then
useradd \
--uid "${UNPRIVILEGED_USER_UID:?}" \
--gid "${UNPRIVILEGED_USER_GID:?}" \
--groups "${UNPRIVILEGED_USER_GROUPS?}" \
--shell "${UNPRIVILEGED_USER_SHELL:?}" \
--create-home \
"${UNPRIVILEGED_USER_NAME:?}"
fi
# Copy /etc/skel/ to unprivileged user home if empty
UNPRIVILEGED_USER_HOME=$(getent passwd "${UNPRIVILEGED_USER_NAME:?}" | cut -d: -f6)
if [ -z "$(ls -A "${UNPRIVILEGED_USER_HOME:?}")" ]; then
cp -aT /etc/skel/ "${UNPRIVILEGED_USER_HOME:?}"
chown -R "${UNPRIVILEGED_USER_NAME:?}:" "${UNPRIVILEGED_USER_HOME:?}"
fi
# Create /run/user/${UNPRIVILEGED_USER_UID}/dbus-1/ directory
mkdir -p /run/user/"${UNPRIVILEGED_USER_UID:?}"/dbus-1/
chmod -R 700 /run/user/"${UNPRIVILEGED_USER_UID:?}"/
chown -R "${UNPRIVILEGED_USER_NAME:?}:" /run/user/"${UNPRIVILEGED_USER_UID:?}"/
# Set unprivileged user password
if [ -n "${UNPRIVILEGED_USER_PASSWORD?}" ]; then
printf '%s' "${UNPRIVILEGED_USER_NAME:?}:${UNPRIVILEGED_USER_PASSWORD:?}" | chpasswd
else
passwd -d "${UNPRIVILEGED_USER_NAME:?}"
fi
# Enable xdummy service if ENABLE_XDUMMY is true
if [ "${ENABLE_XDUMMY:?}" = 'true' ]; then
ln -s /etc/sv/xdummy /etc/service/
fi
# Create RANDFILE if it does not exist
RANDFILE=${RANDFILE-${HOME:?}/.rnd}
if [ ! -f "${RANDFILE:?}" ] && [ -c /dev/urandom ]; then
dd if=/dev/urandom of="${RANDFILE:?}" bs=256 count=1 >/dev/null 2>&1
fi
# Generate SSH keys if they do not exist
if [ ! -f /etc/ssh/ssh_host_ed25519_key ]; then
ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' >/dev/null
fi
if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N '' >/dev/null
fi
# Generate RDP certificate if it does not exist
if [ ! -f "${XRDP_TLS_KEY_PATH:?}" ] || [ ! -f "${XRDP_TLS_CRT_PATH:?}" ]; then
KEY_FILE=${XRDP_TLS_KEY_PATH:?}
CRT_FILE=${XRDP_TLS_CRT_PATH:?}
CSR_FILE=$(mktemp -u)
(umask 077 \
&& openssl genrsa -out "${KEY_FILE:?}" 2048 \
) >/dev/null
(umask 022 \
&& openssl req -new -subj "/CN=$(uname -n)" -key "${KEY_FILE:?}" -out "${CSR_FILE:?}" \
&& openssl x509 -req -days 3650 -signkey "${KEY_FILE:?}" -in "${CSR_FILE:?}" -out "${CRT_FILE:?}" \
&& rm -f "${CSR_FILE:?}" \
) >/dev/null
fi
# Dump environment variables
env | grep -Ev '^(PWD|HOME|USER|USERNAME|SHELL|TERM|SHLVL)=' | sort > /etc/environment
# Start runit
exec tini -- runsvdir -P /etc/service/
Reference in New Issue View Git Blame Copy Permalink