change NFS shares mapping permission scheme

- attempts to handle TheNewNormal/coreos-osx/issues/62 for now there's no perfect solution that covers all corners: - `-mapall=<UID_HOST>:<GID_HOST>`, which is what we've been using until now, gets us no pollution on host's filesystem from alien uids and gids with no whatsoever local correspondence but OTOH container is limited as it is forced to use host's UID/GID combo (and no chowns, etc). - `-maproot=root:wheel` which we are adapting from now on makes things a bit more deterministic on containers' side at the cost of local pollution... Signed-off-by: António Meireles <antonio.meireles@reformi.st>
TheNewNormal · May 24, 2016 · 624d362 · 624d362
1 parent 2377517
commit 624d362
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/run.go b/run.go
@@ -321,17 +321,20 @@ func nfsSetup() (err error) {
 	var (
 		buf, bufN []byte
 		shared    bool
-		oldSig    = "/Users -network 192.168.64.0 " +
+		oldSigA   = "/Users -network 192.168.64.0 " +
 			"-mask 255.255.255.0 -alldirs -mapall="
+		oldSigB = fmt.Sprintf("%v -network %v -mask %v -alldirs -mapall=",
+			engine.homedir, engine.network, engine.netmask)
 		signature = fmt.Sprintf("%v -network %v -mask %v -alldirs "+
-			"-mapall=%v:%v", engine.homedir, engine.network, engine.netmask,
-			engine.uid, engine.gid)
+			"-maproot=root:wheel", engine.homedir,
+			engine.network, engine.netmask)
 		exportSet = func() (ok bool) {
 			for _, line := range strings.Split(string(buf), "\n") {
 				if strings.HasPrefix(line, signature) {
 					ok = true
 				}
-				if !strings.HasPrefix(line, oldSig) {
+				if !strings.HasPrefix(line, oldSigA) &&
+					!strings.HasPrefix(line, oldSigB) {
 					bufN = append(bufN, []byte(line+"\n")...)
 				} else {
 					bufN = append(bufN, []byte("\n")...)