From feea1d494b83a4a1dabe9a65e8802dfdf8f17f5a Mon Sep 17 00:00:00 2001 From: Kevin Wang Date: Thu, 18 Mar 2021 13:22:14 -0700 Subject: [PATCH 1/5] fix capability detector --- Dockerfile | 1 - entrypoint.sh | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index ca4b24f..5e81395 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,6 @@ ARG BUILD_FROM=alpine:latest FROM $BUILD_FROM RUN apk --update --no-cache add bash nfs-utils && \ - \ # remove the default config files rm -v /etc/idmapd.conf /etc/exports diff --git a/entrypoint.sh b/entrypoint.sh index a9f963e..4e85bce 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -272,8 +272,7 @@ is_kernel_module_loaded() { } is_granted_linux_capability() { - - if capsh --print | grep -Eq "^Current: = .*,?${1}(,|$)"; then + if capsh --print | grep -Eq "^Current:.*,?${1}(,|$)"; then return 0 fi From 5541e75d3bbf283dc0f852046f9badfd57245b51 Mon Sep 17 00:00:00 2001 From: Kevin Wang Date: Thu, 18 Mar 2021 13:26:32 -0700 Subject: [PATCH 2/5] cancel unrelated changes --- Dockerfile | 1 + entrypoint.sh | 1 + 2 files changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 5e81395..ca4b24f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,6 +3,7 @@ ARG BUILD_FROM=alpine:latest FROM $BUILD_FROM RUN apk --update --no-cache add bash nfs-utils && \ + \ # remove the default config files rm -v /etc/idmapd.conf /etc/exports diff --git a/entrypoint.sh b/entrypoint.sh index 4e85bce..4f05c0f 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -272,6 +272,7 @@ is_kernel_module_loaded() { } is_granted_linux_capability() { + if capsh --print | grep -Eq "^Current:.*,?${1}(,|$)"; then return 0 fi From 3713d6db421b92b2cd073e354ab0ab0bc4ab7db7 Mon Sep 17 00:00:00 2001 From: Kevin Wang Date: Mon, 19 Apr 2021 12:17:44 -0700 Subject: [PATCH 3/5] update --- Dockerfile | 4 ++-- entrypoint.sh | 12 +++++++++--- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index ca4b24f..76b152e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,8 +2,8 @@ ARG BUILD_FROM=alpine:latest FROM $BUILD_FROM -RUN apk --update --no-cache add bash nfs-utils && \ - \ +RUN apk --update --no-cache add bash nfs-utils tzdata && \ + \ # remove the default config files rm -v /etc/idmapd.conf /etc/exports diff --git a/entrypoint.sh b/entrypoint.sh index 4f05c0f..197c1a0 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -273,14 +273,13 @@ is_kernel_module_loaded() { is_granted_linux_capability() { - if capsh --print | grep -Eq "^Current:.*,?${1}(,|$)"; then + if capsh --has-p=${1}; then return 0 fi - + return 1 } - ###################################################################################### ### runtime configuration assertions ###################################################################################### @@ -443,6 +442,9 @@ init_exports() { log "building $PATH_FILE_ETC_EXPORTS from environment variables" + exports='/share *(ro,async,no_subtree_check,no_auth_nlm,insecure,no_root_squash,fsid=root)' + exports=$exports$'\n' + for candidate_export_var in $candidate_export_vars; do local line="${!candidate_export_var}" @@ -592,6 +594,10 @@ boot_main_exportfs() { args+=('-v') fi + echo 'Generated /etc/exports:' + cat /etc/exports + echo '' + boot_helper_start_daemon 'starting exportfs' $PATH_BIN_EXPORTFS "${args[@]}" } From 051f7d192a72d0183c97768ad5533e1cef5ff675 Mon Sep 17 00:00:00 2001 From: Kevin Wang Date: Tue, 20 Apr 2021 13:21:19 -0700 Subject: [PATCH 4/5] compress layers --- Dockerfile | 10 ++++------ entrypoint.sh | 1 + 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 76b152e..cde7190 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,13 +3,11 @@ ARG BUILD_FROM=alpine:latest FROM $BUILD_FROM RUN apk --update --no-cache add bash nfs-utils tzdata && \ - \ # remove the default config files - rm -v /etc/idmapd.conf /etc/exports - -# http://wiki.linux-nfs.org/wiki/index.php/Nfsv4_configuration -RUN mkdir -p /var/lib/nfs/rpc_pipefs && \ - mkdir -p /var/lib/nfs/v4recovery && \ + rm -v /etc/idmapd.conf /etc/exports && \ + # http://wiki.linux-nfs.org/wiki/index.php/Nfsv4_configuration + mkdir -p /var/lib/nfs/rpc_pipefs /var/lib/nfs/v4recovery && \ + mkdir /export && chmod a+rwxt /export && \ echo "rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs defaults 0 0" >> /etc/fstab && \ echo "nfsd /proc/fs/nfsd nfsd defaults 0 0" >> /etc/fstab diff --git a/entrypoint.sh b/entrypoint.sh index 197c1a0..34d91c3 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -442,6 +442,7 @@ init_exports() { log "building $PATH_FILE_ETC_EXPORTS from environment variables" + mkdir -p /share && chmod a+rwxt /share exports='/share *(ro,async,no_subtree_check,no_auth_nlm,insecure,no_root_squash,fsid=root)' exports=$exports$'\n' From f9d12ceb23ada451e7ed025f956f46bf91b64bc5 Mon Sep 17 00:00:00 2001 From: Kevin Wang Date: Fri, 18 Jun 2021 22:53:43 -0700 Subject: [PATCH 5/5] fix auto sys_module --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 34d91c3..e6b1842 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -273,7 +273,7 @@ is_kernel_module_loaded() { is_granted_linux_capability() { - if capsh --has-p=${1}; then + if capsh --has-p=${1} || capsh --has-p=cap_${1}; then return 0 fi