From 624d3623314c64bab0839001d097ebccc4dca474 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ant=C3=B3nio=20Meireles?= Date: Tue, 24 May 2016 11:35:15 +0100 Subject: [PATCH] change NFS shares mapping permission scheme MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - attempts to handle TheNewNormal/coreos-osx/issues/62 for now there's no perfect solution that covers all corners: - `-mapall=:`, which is what we've been using until now, gets us no pollution on host's filesystem from alien uids and gids with no whatsoever local correspondence but OTOH container is limited as it is forced to use host's UID/GID combo (and no chowns, etc). - `-maproot=root:wheel` which we are adapting from now on makes things a bit more deterministic on containers' side at the cost of local pollution... Signed-off-by: António Meireles --- run.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/run.go b/run.go index 0b013e6..112df8f 100644 --- a/run.go +++ b/run.go @@ -321,17 +321,20 @@ func nfsSetup() (err error) { var ( buf, bufN []byte shared bool - oldSig = "/Users -network 192.168.64.0 " + + oldSigA = "/Users -network 192.168.64.0 " + "-mask 255.255.255.0 -alldirs -mapall=" + oldSigB = fmt.Sprintf("%v -network %v -mask %v -alldirs -mapall=", + engine.homedir, engine.network, engine.netmask) signature = fmt.Sprintf("%v -network %v -mask %v -alldirs "+ - "-mapall=%v:%v", engine.homedir, engine.network, engine.netmask, - engine.uid, engine.gid) + "-maproot=root:wheel", engine.homedir, + engine.network, engine.netmask) exportSet = func() (ok bool) { for _, line := range strings.Split(string(buf), "\n") { if strings.HasPrefix(line, signature) { ok = true } - if !strings.HasPrefix(line, oldSig) { + if !strings.HasPrefix(line, oldSigA) && + !strings.HasPrefix(line, oldSigB) { bufN = append(bufN, []byte(line+"\n")...) } else { bufN = append(bufN, []byte("\n")...)