lxc-oci: add basic handling of numerical uid/gid

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

diff --git a/templates/lxc-oci.in b/templates/lxc-oci.in
index 5bd8edbf4ed610f2a2fe33bf1bed52ff1da6a316..a213f7d5617b384aecf0e8c804194d230c65aea9 100755 (executable)
--- a/templates/lxc-oci.in
+++ b/templates/lxc-oci.in
@@ -121,6 +121,25 @@ getenv() {
        return
 }
 
+# FIXME 1: only support numerical values in the configuration file.
+# FIXME 2: from the OCI image spec: "If group/gid is not specified,
+# the default group and supplementary groups of the given user/uid in
+# /etc/passwd from the container are applied."
+getuidgid() {
+       if [ "$#" -eq 0 ]; then
+               echo "0 0"
+               return
+       fi
+
+       configpath="$1"
+
+       uidgid=`cat "${configpath}" | jq -c -r '.config.User // "0:0"'`
+       uidgid=(${uidgid//:/ })
+
+       printf '%d %d' ${uidgid[0]:-0} ${uidgid[1]:-0} 2>/dev/null || true
+       return
+}
+
 usage() {
     cat <<EOF
 LXC container template for OCI images
@@ -291,6 +310,10 @@ cat <<EOF > ${LXC_ROOTFS}/etc/hosts
 127.0.1.1   ${LXC_NAME}
 EOF
 
+uidgid=($(getuidgid ${OCI_CONF_FILE}))
+echo "lxc.init.uid = ${uidgid[0]}" >> "${LXC_CONF_FILE}"
+echo "lxc.init.gid = ${uidgid[1]}" >> "${LXC_CONF_FILE}"
+
 if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
     chown $LXC_MAPPED_UID $LXC_PATH/config $LXC_PATH/fstab >/dev/null 2>&1 || true
 fi