app_containers: Use UID instead of username for $run_as
Note that we still assume the user name inside the container is `user`.
This commit is contained in:
parent
fc6ee67cf2
commit
fab54bfafa
|
@ -8,8 +8,8 @@ die() {
|
|||
exit() {
|
||||
rm -rf "$container_xdg_runtime"
|
||||
if [ "$CONTAINER_USE_USERNS" = true ]; then
|
||||
setfacl -x u:$((private_users + 1000)) $XDG_RUNTIME_DIR/$WAYLAND_DISPLAY
|
||||
xhost -si:localuser:\#$((private_users + 1000))
|
||||
setfacl -x u:$((private_users + run_as)) $XDG_RUNTIME_DIR/$WAYLAND_DISPLAY
|
||||
xhost -si:localuser:\#$((private_users + run_as))
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -45,11 +45,13 @@ fi
|
|||
|
||||
[ -S $host_pulse ] || die "PulseAudio UNIX socket not found"
|
||||
|
||||
# Default username (assume `user` always has the same uid as the host user)
|
||||
run_as=user
|
||||
# Default user
|
||||
run_as=$UID
|
||||
# We assume the user named `user` inside the container always has the same UID as
|
||||
# the user with uid $run_as on the host; this is currently not yet configurable
|
||||
homedir=/home/user
|
||||
if [ "$CONTAINER_RUN_AS_ROOT" = true ]; then
|
||||
run_as=root
|
||||
run_as=0
|
||||
homedir=/root
|
||||
fi
|
||||
|
||||
|
@ -61,8 +63,8 @@ if [ "$CONTAINER_USE_USERNS" = true ]; then
|
|||
private_users=$(shuf -i 65536-$((2147483647 - 65536)) -n1) # Pick a random starting offset
|
||||
bind_opts="idmap" # Note: custom mounts specified by the user are expected to incldue the idmap option as well
|
||||
# Grant the user inside the namespace access to the Wayland / Xorg display
|
||||
setfacl -m u:$((private_users + 1000)):rwx $XDG_RUNTIME_DIR/$WAYLAND_DISPLAY
|
||||
xhost +si:localuser:\#$((private_users + 1000))
|
||||
setfacl -m u:$((private_users + run_as)):rwx $XDG_RUNTIME_DIR/$WAYLAND_DISPLAY
|
||||
xhost +si:localuser:\#$((private_users + run_as))
|
||||
fi
|
||||
|
||||
SUDO_ASKPASS=$HOME/.local/bin/askpass-bemenu sudo -A systemd-nspawn -M $CONTAINER_NAME \
|
||||
|
|
Loading…
Reference in a new issue