Skip to content

Commit e9ab07f

Browse files
FuristoFuristo
committed
Review feedback
- Configurable runc version - Change env name - Converter func for user args
1 parent 5d83a7c commit e9ab07f

File tree

2 files changed

+40
-24
lines changed

2 files changed

+40
-24
lines changed

components/docker-up/dependencies.sh

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,8 @@ set -euo pipefail
77

88
DOCKER_VERSION=19.03.15
99
DOCKER_COMPOSE_VERSION=1.29.2
10+
RUNC_VERSION=v1.1.0
1011

1112
curl -o docker.tgz -fsSL https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz
1213
curl -o docker-compose -fsSL https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-Linux-x86_64
13-
curl -o runc -fsSL https://github.com/opencontainers/runc/releases/download/v1.1.0/runc.amd64
14+
curl -o runc -fsSL https://github.com/opencontainers/runc/releases/download/${RUNC_VERSION}/runc.amd64

components/docker-up/docker-up/main.go

Lines changed: 38 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ import (
3535

3636
var log *logrus.Entry
3737

38-
const DaemonArgs = "DOCKER_DAEMON_ARGS"
38+
const DaemonArgs = "DOCKERD_ARGS"
3939

4040
var opts struct {
4141
RuncFacade bool
@@ -56,6 +56,7 @@ var aptUpdated = false
5656

5757
const (
5858
dockerSocketFN = "/var/run/docker.sock"
59+
gitpodUserId = 33333
5960
)
6061

6162
func main() {
@@ -115,10 +116,11 @@ func runWithinNetns() (err error) {
115116
)
116117
}
117118

118-
args, err = setUserArgs(args)
119+
userArgs, err := userArgs()
119120
if err != nil {
120121
return xerrors.Errorf("cannot add user supplied docker args: %w", err)
121122
}
123+
args = append(args, userArgs...)
122124

123125
if listenFDs > 0 {
124126
os.Setenv("LISTEN_PID", strconv.Itoa(os.Getpid()))
@@ -175,12 +177,15 @@ func runWithinNetns() (err error) {
175177
return nil
176178
}
177179

178-
var allowedDockerArgs = map[string]string{
179-
"remap-user": "userns-remap",
180+
type ConvertUserArg func(arg, value string) ([]string, error)
181+
182+
var allowedDockerArgs = map[string]ConvertUserArg{
183+
"remap-user": convertRemapUser,
180184
}
181185

182-
func setUserArgs(args []string) ([]string, error) {
186+
func userArgs() ([]string, error) {
183187
userArgs, exists := os.LookupEnv(DaemonArgs)
188+
args := []string{}
184189
if !exists {
185190
return args, nil
186191
}
@@ -191,25 +196,18 @@ func setUserArgs(args []string) ([]string, error) {
191196
}
192197

193198
for userArg, userValue := range providedDockerArgs {
194-
mapped, exists := allowedDockerArgs[userArg]
199+
converter, exists := allowedDockerArgs[userArg]
195200
if !exists {
196201
continue
197202
}
198203

199-
if userArg == "remap-user" {
200-
id, err := strconv.Atoi(userValue)
204+
if converter != nil {
205+
cargs, err := converter(userArg, userValue)
201206
if err != nil {
202-
return nil, err
203-
}
204-
205-
for _, f := range []string{"/etc/subuid", "/etc/subgid"} {
206-
err := adaptSubid(f, id)
207-
if err != nil {
208-
return nil, xerrors.Errorf("could not adapt subid files: %w", err)
209-
}
207+
return nil, xerrors.Errorf("could not convert %v - %v: %w", userArg, userValue, err)
210208
}
209+
args = append(args, cargs...)
211210

212-
args = append(args, "--"+mapped, "gitpod")
213211
} else {
214212
args = append(args, "--"+userArg, userValue)
215213
}
@@ -218,6 +216,22 @@ func setUserArgs(args []string) ([]string, error) {
218216
return args, nil
219217
}
220218

219+
func convertRemapUser(arg, value string) ([]string, error) {
220+
id, err := strconv.Atoi(value)
221+
if err != nil {
222+
return nil, err
223+
}
224+
225+
for _, f := range []string{"/etc/subuid", "/etc/subgid"} {
226+
err := adaptSubid(f, id)
227+
if err != nil {
228+
return nil, xerrors.Errorf("could not adapt subid files: %w", err)
229+
}
230+
}
231+
232+
return []string{"--userns-remap", "gitpod"}, nil
233+
}
234+
221235
func adaptSubid(oldfile string, id int) error {
222236
uid, err := os.Open(oldfile)
223237
if err != nil {
@@ -229,14 +243,15 @@ func adaptSubid(oldfile string, id int) error {
229243
return err
230244
}
231245

232-
if id != 0 {
233-
newfile.WriteString(fmt.Sprintf("gitpod:%d:%d\n", 1, id))
234-
newfile.WriteString("gitpod:33333:1\n")
246+
mappingFmt := func(username string, id int, size int) string { return fmt.Sprintf("%s:%d:%d\n", username, id, size) }
235247

248+
if id != 0 {
249+
newfile.WriteString(mappingFmt("gitpod", 1, id))
250+
newfile.WriteString(mappingFmt("gitpod", gitpodUserId, 1))
236251
} else {
237-
newfile.WriteString("gitpod:33333:1\n")
238-
newfile.WriteString(fmt.Sprintf("gitpod:%d:%d\n", 1, 33332))
239-
newfile.WriteString(fmt.Sprintf("gitpod:%d:%d\n", 33334, 32200))
252+
newfile.WriteString(mappingFmt("gitpod", gitpodUserId, 1))
253+
newfile.WriteString(mappingFmt("gitpod", 1, gitpodUserId-1))
254+
newfile.WriteString(mappingFmt("gitpod", gitpodUserId+1, 32200)) // map rest of user ids in the user namespace
240255
}
241256

242257
uidScanner := bufio.NewScanner(uid)

0 commit comments

Comments
 (0)