Run the entry point as root:root

A subsequent commit will add a new command to configure a toolbox container after it has been created. This command is meant to be the container's entry point, and will need to do things as root:root relative to the user namespace. Even though root:root is the default in 'podman create', explicitly specifying it overrides any other value inherited from the user-specific customized image. eg., older images had $USER as the default user. https://github.com/debarshiray/toolbox/pull/160
debarshiray · May 16, 2019 · f74400f · f74400f
1 parent fd08a98
commit f74400f
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/toolbox b/toolbox
@@ -382,6 +382,7 @@ copy_etc_profile_d_toolbox_to_container()
     echo "$base_toolbox_command: looking for /etc/profile.d/toolbox.sh in container $toolbox_container" >&3
 
     if $prefix_sudo podman exec \
+               --user "$USER" \
                "$container" \
                sh -c 'mount | grep /etc/profile.d/toolbox.sh >/dev/null 2>/dev/null' 2>&3; then
         echo "$base_toolbox_command: /etc/profile.d/toolbox.sh already mounted in container $toolbox_container" >&3
@@ -936,7 +937,7 @@ create()
             --uidmap "$user_id_real":0:1 \
             --uidmap 0:1:"$user_id_real" \
             --uidmap "$uid_plus_one":"$uid_plus_one":"$max_minus_uid" \
-            --user "$USER" \
+            --user root:root \
             $kcm_socket_bind \
             $toolbox_path_bind \
             $toolbox_profile_bind \
@@ -1094,7 +1095,10 @@ run()
     echo "$base_toolbox_command: looking for $program in container $toolbox_container" >&3
 
     # shellcheck disable=SC2016
-    if ! $prefix_sudo podman exec "$toolbox_container" sh -c 'command -v "$1"' sh "$program" >/dev/null 2>&3; then
+    if ! $prefix_sudo podman exec \
+                 --user "$USER" \
+                 "$toolbox_container" \
+                 sh -c 'command -v "$1"' sh "$program" >/dev/null 2>&3; then
         if $fallback_to_bash; then
             echo "$base_toolbox_command: $program not found in $toolbox_container; using /bin/bash instead" >&3
             program=/bin/bash
@@ -1116,6 +1120,7 @@ run()
     $prefix_sudo podman exec \
             --interactive \
             --tty \
+            --user "$USER" \
             $set_environment \
             "$toolbox_container" \
             capsh --caps="" -- -c 'cd "$1"; shift; exec "$@"' /bin/sh "$PWD" "$program" "$@" 2>&3