templates: improve refusing to run unprivileged

For all templates except lxc-ubuntu-cloud and lxc-download, detect not
only --mapped-uid but also --mapped-gid and error out.  Detecting will
not be done after -- parameter because of non-option parameters.

Also, change the mode of lxc-archlinux.in 100755 to 100644.

Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

templates/lxc-alpine.in

@@ -1,8 +1,9 @@
 #!/bin/bash
 
 # Detect use under userns (unsupported)
-for arg in $*; do
-    if [ "$arg" == "--mapped-uid" ]; then
+for arg in "$@"; do
+    [ "$arg" == "--" ] && break
+    if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
         echo "This template can't be used for unprivileged containers." 1>&2
         echo "You may want to try the \"download\" template instead." 1>&2
         exit 1

templates/lxc-altlinux.in

@@ -25,8 +25,9 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 
 # Detect use under userns (unsupported)
-for arg in $*; do
-    if [ "$arg" == "--mapped-uid" ]; then
+for arg in "$@"; do
+    [ "$arg" == "--" ] && break
+    if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
         echo "This template can't be used for unprivileged containers." 1>&2
         echo "You may want to try the \"download\" template instead." 1>&2
         exit 1

templates/lxc-archlinux.in

@@ -26,8 +26,9 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 
 # Detect use under userns (unsupported)
-for arg in $*; do
-    if [ "$arg" == "--mapped-uid" ]; then
+for arg in "$@"; do
+    [ "$arg" == "--" ] && break
+    if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
         echo "This template can't be used for unprivileged containers." 1>&2
         echo "You may want to try the \"download\" template instead." 1>&2
         exit 1

templates/lxc-busybox.in

@@ -21,8 +21,9 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 
 # Detect use under userns (unsupported)
-for arg in $*; do
-    if [ "$arg" == "--mapped-uid" ]; then
+for arg in "$@"; do
+    [ "$arg" == "--" ] && break
+    if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
         echo "This template can't be used for unprivileged containers." 1>&2
         echo "You may want to try the \"download\" template instead." 1>&2
         exit 1

templates/lxc-centos.in

@@ -73,8 +73,9 @@ lxc_network_link=lxcbr0
 # should be able to use EITHER.  Give preference to /etc/os-release for now.
 
 # Detect use under userns (unsupported)
-for arg in $*; do
-    if [ "$arg" == "--mapped-uid" ]; then
+for arg in "$@"; do
+    [ "$arg" == "--" ] && break
+    if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
         echo "This template can't be used for unprivileged containers." 1>&2
         echo "You may want to try the \"download\" template instead." 1>&2
         exit 1

templates/lxc-cirros.in

@@ -22,8 +22,9 @@
 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 
 # Detect use under userns (unsupported)
-for arg in $*; do
-    if [ "$arg" == "--mapped-uid" ]; then
+for arg in "$@"; do
+    [ "$arg" == "--" ] && break
+    if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
         echo "This template can't be used for unprivileged containers." 1>&2
         echo "You may want to try the \"download\" template instead." 1>&2
         exit 1

templates/lxc-debian.in

@@ -21,8 +21,9 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 
 # Detect use under userns (unsupported)
-for arg in $*; do
-    if [ "$arg" == "--mapped-uid" ]; then
+for arg in "$@"; do
+    [ "$arg" == "--" ] && break
+    if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
         echo "This template can't be used for unprivileged containers." 1>&2
         echo "You may want to try the \"download\" template instead." 1>&2
         exit 1

templates/lxc-fedora.in

@@ -73,8 +73,9 @@ lxc_network_link=lxcbr0
 # should be able to use EITHER.  Give preference to /etc/os-release for now.
 
 # Detect use under userns (unsupported)
-for arg in $*; do
-    if [ "$arg" == "--mapped-uid" ]; then
+for arg in "$@"; do
+    [ "$arg" == "--" ] && break
+    if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
         echo "This template can't be used for unprivileged containers." 1>&2
         echo "You may want to try the \"download\" template instead." 1>&2
         exit 1

templates/lxc-gentoo.in

@@ -14,8 +14,9 @@
 #
 
 # Detect use under userns (unsupported)
-for arg in $*; do
-    if [ "$arg" == "--mapped-uid" ]; then
+for arg in "$@"; do
+    [ "$arg" == "--" ] && break
+    if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
         echo "This template can't be used for unprivileged containers." 1>&2
         echo "You may want to try the \"download\" template instead." 1>&2
         exit 1

templates/lxc-openmandriva.in

@@ -27,8 +27,9 @@
 #
 
 # Detect use under userns (unsupported)
-for arg in $*; do
-    if [ "$arg" == "--mapped-uid" ]; then
+for arg in "$@"; do
+    [ "$arg" == "--" ] && break
+    if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
         echo "This template can't be used for unprivileged containers." 1>&2
         echo "You may want to try the \"download\" template instead." 1>&2
         exit 1

templates/lxc-opensuse.in

@@ -26,8 +26,9 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 
 # Detect use under userns (unsupported)
-for arg in $*; do
-    if [ "$arg" == "--mapped-uid" ]; then
+for arg in "$@"; do
+    [ "$arg" == "--" ] && break
+    if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
         echo "This template can't be used for unprivileged containers." 1>&2
         echo "You may want to try the \"download\" template instead." 1>&2
         exit 1

templates/lxc-oracle.in

@@ -28,8 +28,9 @@
 #
 
 # Detect use under userns (unsupported)
-for arg in $*; do
-    if [ "$arg" == "--mapped-uid" ]; then
+for arg in "$@"; do
+    [ "$arg" == "--" ] && break
+    if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
         echo "This template can't be used for unprivileged containers." 1>&2
         echo "You may want to try the \"download\" template instead." 1>&2
         exit 1

templates/lxc-plamo.in

@@ -29,8 +29,9 @@
 #      lxc-ubuntu script
 
 # Detect use under userns (unsupported)
-for arg in $*; do
-    if [ "$arg" == "--mapped-uid" ]; then
+for arg in "$@"; do
+    [ "$arg" == "--" ] && break
+    if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
         echo "This template can't be used for unprivileged containers." 1>&2
         echo "You may want to try the \"download\" template instead." 1>&2
         exit 1

templates/lxc-sshd.in

@@ -21,8 +21,9 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 
 # Detect use under userns (unsupported)
-for arg in $*; do
-    if [ "$arg" == "--mapped-uid" ]; then
+for arg in "$@"; do
+    [ "$arg" == "--" ] && break
+    if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
         echo "This template can't be used for unprivileged containers." 1>&2
         echo "You may want to try the \"download\" template instead." 1>&2
         exit 1

templates/lxc-ubuntu.in

@@ -25,8 +25,9 @@
 #  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
 # Detect use under userns (unsupported)
-for arg in $*; do
-    if [ "$arg" == "--mapped-uid" ]; then
+for arg in "$@"; do
+    [ "$arg" == "--" ] && break
+    if [ "$arg" == "--mapped-uid" -o "$arg" == "--mapped-gid" ]; then
         echo "This template can't be used for unprivileged containers." 1>&2
         echo "You may want to try the \"download\" template instead." 1>&2
         exit 1