docker-images/images/gossa/run.sh

#!/usr/bin/env bash

if [[ -z "${GOSSA_UID}" ]]; then
	echo "Error: No target uid specified in the GOSSA_UID environment variable.";
	exit 1;
fi
if [[ -z "${GOSSA_GID}" ]]; then
	echo "Error: No target gid specified in the GOSSA_GID environment variable.";
	exit 1;
fi
if [[ -z "${NOMAD_PORT_GOSSA}" ]]; then
	echo "Error: No port number specified in the NOMAD_PORT_GOSSA environment variable.";
	exit 1;
fi

echo "[core] Starting";
echo "[core] Running as uid = ${GOSSA_UID} gid = ${GOSSA_GID} port = ${NOMAD_PORT_GOSSA}";

cd "/mnt" || { echo "Failed to cd into /mnt"; exit 1; };


# Ref https://github.com/SinusBot/docker/pull/40
# WORKAROUND for `setpriv: libcap-ng is too old for "all" caps`, previously "-all" was used here
# create a list to drop all capabilities supported by current kernel
cap_prefix="-cap_";
caps="$cap_prefix$(seq -s ",$cap_prefix" 0 "$(cat /proc/sys/kernel/cap_last_cap)")";

setpriv --inh-caps="${caps}" --reuid "${GOSSA_UID}" --clear-groups --regid "${GOSSA_GID}" /usr/local/bin/gossa -h '[::]' -p "${NOMAD_PORT_GOSSA}" /mnt;

echo "[core] Ending";
gossa: wrap in shell script to set uid / gid 2021-02-04 22:51:53 +00:00			`#!/usr/bin/env bash`

			`if [[ -z "${GOSSA_UID}" ]]; then`
			`echo "Error: No target uid specified in the GOSSA_UID environment variable.";`
			`exit 1;`
			`fi`
			`if [[ -z "${GOSSA_GID}" ]]; then`
			`echo "Error: No target gid specified in the GOSSA_GID environment variable.";`
			`exit 1;`
			`fi`
			`if [[ -z "${NOMAD_PORT_GOSSA}" ]]; then`
gossa/run.sh: fix casing in error message 2021-02-04 23:14:32 +00:00			`echo "Error: No port number specified in the NOMAD_PORT_GOSSA environment variable.";`
gossa: wrap in shell script to set uid / gid 2021-02-04 22:51:53 +00:00			`exit 1;`
			`fi`

run.sh: add logging 2021-02-04 23:06:41 +00:00			`echo "[core] Starting";`
			`echo "[core] Running as uid = ${GOSSA_UID} gid = ${GOSSA_GID} port = ${NOMAD_PORT_GOSSA}";`

gossa: wrap in shell script to set uid / gid 2021-02-04 22:51:53 +00:00			`cd "/mnt" \|\| { echo "Failed to cd into /mnt"; exit 1; };`

gossa/run.sh: fix setcap error Exact error message was `setpriv: libcap-ng is too old for "all" caps` Ref https://github.com/SinusBot/docker/pull/40 2021-04-02 01:35:38 +00:00
			`# Ref https://github.com/SinusBot/docker/pull/40`
			# WORKAROUND for `setpriv: libcap-ng is too old for "all" caps`, previously "-all" was used here
			`# create a list to drop all capabilities supported by current kernel`
			`cap_prefix="-cap_";`
			`caps="$cap_prefix$(seq -s ",$cap_prefix" 0 "$(cat /proc/sys/kernel/cap_last_cap)")";`

			`setpriv --inh-caps="${caps}" --reuid "${GOSSA_UID}" --clear-groups --regid "${GOSSA_GID}" /usr/local/bin/gossa -h '[::]' -p "${NOMAD_PORT_GOSSA}" /mnt;`
run.sh: add logging 2021-02-04 23:06:41 +00:00
			`echo "[core] Ending";`