Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Try to change ownership of files on SD card during installation #247

Merged
merged 3 commits into from
May 2, 2024
Merged

Try to change ownership of files on SD card during installation #247

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a89c704
Try to change ownership of files on SD card during installation
killenheladagen Apr 30, 2024
67dfcef
Updates to README (#248)
madelen-at-work Apr 30, 2024
791855f
Fix according to linter
killenheladagen Apr 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 10 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,11 +61,15 @@ contains known limitations when running rootless Docker.
<!-- omit in toc -->
### Known Issues

- When using the SD card for this application, the file permissions can sometimes be set incorrectly
during an upgrade of the device firmware or the application.
See [Using an SD card as storage](#using-an-sd-card-as-storage) for information on how to handle this.

- Only uid and gid are properly mapped between device and containers, not the secondary groups that the
user is a member of. This means that resources on the device, even if they are volume or device mounted,
can be inaccessible inside the container. This can also affect usage of unsupported D-Bus methods from
the container. See [Using host user secondary groups in container](#using-host-user-secondary-groups-in-container)
for how to handle this.
for information on how to handle this.

## Requirements

Expand Down Expand Up @@ -224,7 +228,8 @@ Following are the possible values of `Status`:
correct file permissions to use it.
The application is running but dockerd is stopped.
Make sure no directories with the wrong user permissions are left on
the SD card, then restart the application.
the SD card, then restart the application. For further information see
[Using an SD card as storage](#using-an-sd-card-as-storage).

### Using TLS to secure the application

Expand Down Expand Up @@ -331,6 +336,9 @@ To get more informed about specifications, check the
>remove the directory that is used by the application.
>For versions before 2.0 the path was `/var/spool/storage/SD_DISK/dockerd`.
>For versions from 2.0 the path is `/var/spool/storage/areas/SD_DISK/<application-name>`.
>Alternatively, this can be achieved by [allowing root-privileged apps][vapix-allow-root],
>reinstalling the application, then disallowing root-privileged apps again,
>since the post-install script will attempt to repair the permissions when running as root.

### Using the application

Expand Down
7 changes: 7 additions & 0 deletions app/postinstallscript.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,10 @@ if [ ! -e localdata/daemon.json ]; then
echo "{}" >localdata/daemon.json
[ "$(id -u)" -ne 0 ] || chown "$(stat -c %u.%g localdata)" localdata/daemon.json
fi

# ACAP framework does not handle ownership on SD card, which causes problem when the app user ID changes.
# If run as root, this script will repair the ownership.
SD_CARD_AREA=/var/spool/storage/SD_DISK/areas/"$(basename "$(pwd)")"
if [ "$(id -u)" -eq 0 ] && [ -d "$SD_CARD_AREA" ]; then
chown -R "$(stat -c %u.%g localdata)" "$SD_CARD_AREA"
fi