lxc-oci: add basic handling of numerical uid/gid

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
2025-07-27 05:03:17 +00:00 · 2017-12-08 16:58:08 -08:00 · 2017-12-08 16:58:08 -08:00 · e86dcc912f
commit e86dcc912f
parent f6812e7f2e
1 changed files with 23 additions and 0 deletions
--- a/templates/lxc-oci.in
+++ b/templates/lxc-oci.in
@ -121,6 +121,25 @@ getenv() {
 	return
 }

+# FIXME 1: only support numerical values in the configuration file.
+# FIXME 2: from the OCI image spec: "If group/gid is not specified,
+# the default group and supplementary groups of the given user/uid in
+# /etc/passwd from the container are applied."
+getuidgid() {
+	if [ "$#" -eq 0 ]; then
+		echo "0 0"
+		return
+	fi
+
+	configpath="$1"
+
+	uidgid=`cat "${configpath}" | jq -c -r '.config.User // "0:0"'`
+	uidgid=(${uidgid//:/ })
+
+	printf '%d %d' ${uidgid[0]:-0} ${uidgid[1]:-0} 2>/dev/null || true
+	return
+}
+
 usage() {
    cat <<EOF
 LXC container template for OCI images
@ -291,6 +310,10 @@ cat <<EOF > ${LXC_ROOTFS}/etc/hosts
 127.0.1.1   ${LXC_NAME}
 EOF

+uidgid=($(getuidgid ${OCI_CONF_FILE}))
+echo "lxc.init.uid = ${uidgid[0]}" >> "${LXC_CONF_FILE}"
+echo "lxc.init.gid = ${uidgid[1]}" >> "${LXC_CONF_FILE}"
+
 if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
    chown $LXC_MAPPED_UID $LXC_PATH/config $LXC_PATH/fstab >/dev/null 2>&1 || true
 fi