From 164fde7631dfa64c2dcc297bd78c30f5734361c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=C3=ABl=20Cluseau?= Date: Mon, 4 Dec 2023 13:59:37 +0100 Subject: [PATCH] push dkl init boot logic here --- boot-v1.go | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/boot-v1.go b/boot-v1.go index da33a20..4935541 100644 --- a/boot-v1.go +++ b/boot-v1.go @@ -5,6 +5,7 @@ import ( "log" "os" "path/filepath" + "strconv" "strings" "syscall" "time" @@ -119,6 +120,13 @@ func applyConfig(cfgPath string, bootMounted bool) (cfg *configV1) { mount("overlay", "/system", "overlay", rootMountFlags, "lowerdir="+strings.Join(lowers, ":")+",upperdir=/changes/upperdir,workdir=/changes/workdir") + // make root rshared (default in systemd, required by Kubernetes 1.10+) + // equivalent to "mount --make-rshared /" + // see kernel's Documentation/sharedsubtree.txt (search rshared) + if err := syscall.Mount("", "/system", "", syscall.MS_SHARED|syscall.MS_REC, ""); err != nil { + fatalf("FATAL: mount --make-rshared / failed: %v", err) + } + if bootMounted { if layersInMemory { if err := syscall.Unmount("/boot", 0); err != nil { @@ -158,6 +166,37 @@ func applyConfig(cfgPath string, bootMounted bool) (cfg *configV1) { } } + // - groups + for _, group := range cfg.Groups { + log.Print("creating group ", group.Name) + + opts := make([]string, 0) + opts = append(opts /* chroot */, "/system", "groupadd", "-r") + if group.Gid != 0 { + opts = append(opts, "-g", strconv.Itoa(group.Gid)) + } + opts = append(opts, group.Name) + + run("chroot", opts...) + } + + // - user + for _, user := range cfg.Users { + log.Print("creating user ", user.Name) + + opts := make([]string, 0) + opts = append(opts /* chroot */, "/system", "useradd", "-r") + if user.Gid != 0 { + opts = append(opts, "-g", strconv.Itoa(user.Gid)) + } + if user.Uid != 0 { + opts = append(opts, "-u", strconv.Itoa(user.Uid)) + } + opts = append(opts, user.Name) + + run("chroot", opts...) + } + return }