feat: add ability to mount generated passwd files to containers (#197)

This PR will add an option to mount: - `/etc/group` - `/etc/passwd` Signed-off-by: Matthew Penner <me@matthewp.io>
2024-07-24 15:12:42 -06:00
parent ac260bd5ee
commit d739948989
3 changed files with 75 additions and 2 deletions
--- a/server/mounts.go
+++ b/server/mounts.go
@@ -29,6 +29,21 @@ func (s *Server) Mounts() []environment.Mount {
 		},
 	}

+	// Handle mounting a generated `/etc/passwd` if the feature is enabled.
+	if passwd := config.Get().System.Passwd; passwd.Enable {
+		s.Log().WithFields(log.Fields{"source_path": passwd.Directory}).Info("mouting generated /etc/{group,passwd} to workaround UID/GID issues")
+		m = append(m, environment.Mount{
+			Source:   filepath.Join(passwd.Directory, "group"),
+			Target:   "/etc/group",
+			ReadOnly: true,
+		})
+		m = append(m, environment.Mount{
+			Source:   filepath.Join(passwd.Directory, "passwd"),
+			Target:   "/etc/passwd",
+			ReadOnly: true,
+		})
+	}
+
 	// Also include any of this server's custom mounts when returning them.
 	return append(m, s.customMounts()...)
 }
@@ -56,14 +71,12 @@ func (s *Server) customMounts() []environment.Mount {
 			if !strings.HasPrefix(source, filepath.Clean(allowed)) {
 				continue
 			}
-
 			mounted = true
 			mounts = append(mounts, environment.Mount{
 				Source:   source,
 				Target:   target,
 				ReadOnly: m.ReadOnly,
 			})
-
 			break
 		}