From bc608daf1e75d26074c282e1979878cec6111190 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Fri, 15 Jan 2016 11:00:59 -0800 Subject: [PATCH 1/2] Only be root when necessary, so that `--user` works --- 1.3/docker-entrypoint.sh | 7 +++++-- 1.4/docker-entrypoint.sh | 7 +++++-- 1.5/docker-entrypoint.sh | 7 +++++-- 1.6/docker-entrypoint.sh | 7 +++++-- 1.7/docker-entrypoint.sh | 7 +++++-- 2.0/docker-entrypoint.sh | 7 +++++-- 2.1/docker-entrypoint.sh | 7 +++++-- docker-entrypoint.sh | 7 +++++-- 8 files changed, 40 insertions(+), 16 deletions(-) diff --git a/1.3/docker-entrypoint.sh b/1.3/docker-entrypoint.sh index a8fca33..fb6064d 100755 --- a/1.3/docker-entrypoint.sh +++ b/1.3/docker-entrypoint.sh @@ -8,10 +8,13 @@ if [ "${1:0:1}" = '-' ]; then fi # Drop root privileges if we are running elasticsearch -if [ "$1" = 'elasticsearch' ]; then +# allow the container to be stated with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then # Change the ownership of /usr/share/elasticsearch/data to elasticsearch chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data - exec gosu elasticsearch "$@" + + set -- gosu elasticsearch "$@" + #exec gosu elasticsearch "$BASH_SOURCE" "$@" fi # As argument is not related to elasticsearch, diff --git a/1.4/docker-entrypoint.sh b/1.4/docker-entrypoint.sh index a8fca33..fb6064d 100755 --- a/1.4/docker-entrypoint.sh +++ b/1.4/docker-entrypoint.sh @@ -8,10 +8,13 @@ if [ "${1:0:1}" = '-' ]; then fi # Drop root privileges if we are running elasticsearch -if [ "$1" = 'elasticsearch' ]; then +# allow the container to be stated with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then # Change the ownership of /usr/share/elasticsearch/data to elasticsearch chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data - exec gosu elasticsearch "$@" + + set -- gosu elasticsearch "$@" + #exec gosu elasticsearch "$BASH_SOURCE" "$@" fi # As argument is not related to elasticsearch, diff --git a/1.5/docker-entrypoint.sh b/1.5/docker-entrypoint.sh index a8fca33..fb6064d 100755 --- a/1.5/docker-entrypoint.sh +++ b/1.5/docker-entrypoint.sh @@ -8,10 +8,13 @@ if [ "${1:0:1}" = '-' ]; then fi # Drop root privileges if we are running elasticsearch -if [ "$1" = 'elasticsearch' ]; then +# allow the container to be stated with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then # Change the ownership of /usr/share/elasticsearch/data to elasticsearch chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data - exec gosu elasticsearch "$@" + + set -- gosu elasticsearch "$@" + #exec gosu elasticsearch "$BASH_SOURCE" "$@" fi # As argument is not related to elasticsearch, diff --git a/1.6/docker-entrypoint.sh b/1.6/docker-entrypoint.sh index a8fca33..fb6064d 100755 --- a/1.6/docker-entrypoint.sh +++ b/1.6/docker-entrypoint.sh @@ -8,10 +8,13 @@ if [ "${1:0:1}" = '-' ]; then fi # Drop root privileges if we are running elasticsearch -if [ "$1" = 'elasticsearch' ]; then +# allow the container to be stated with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then # Change the ownership of /usr/share/elasticsearch/data to elasticsearch chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data - exec gosu elasticsearch "$@" + + set -- gosu elasticsearch "$@" + #exec gosu elasticsearch "$BASH_SOURCE" "$@" fi # As argument is not related to elasticsearch, diff --git a/1.7/docker-entrypoint.sh b/1.7/docker-entrypoint.sh index a8fca33..fb6064d 100755 --- a/1.7/docker-entrypoint.sh +++ b/1.7/docker-entrypoint.sh @@ -8,10 +8,13 @@ if [ "${1:0:1}" = '-' ]; then fi # Drop root privileges if we are running elasticsearch -if [ "$1" = 'elasticsearch' ]; then +# allow the container to be stated with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then # Change the ownership of /usr/share/elasticsearch/data to elasticsearch chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data - exec gosu elasticsearch "$@" + + set -- gosu elasticsearch "$@" + #exec gosu elasticsearch "$BASH_SOURCE" "$@" fi # As argument is not related to elasticsearch, diff --git a/2.0/docker-entrypoint.sh b/2.0/docker-entrypoint.sh index a8fca33..fb6064d 100755 --- a/2.0/docker-entrypoint.sh +++ b/2.0/docker-entrypoint.sh @@ -8,10 +8,13 @@ if [ "${1:0:1}" = '-' ]; then fi # Drop root privileges if we are running elasticsearch -if [ "$1" = 'elasticsearch' ]; then +# allow the container to be stated with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then # Change the ownership of /usr/share/elasticsearch/data to elasticsearch chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data - exec gosu elasticsearch "$@" + + set -- gosu elasticsearch "$@" + #exec gosu elasticsearch "$BASH_SOURCE" "$@" fi # As argument is not related to elasticsearch, diff --git a/2.1/docker-entrypoint.sh b/2.1/docker-entrypoint.sh index a8fca33..fb6064d 100755 --- a/2.1/docker-entrypoint.sh +++ b/2.1/docker-entrypoint.sh @@ -8,10 +8,13 @@ if [ "${1:0:1}" = '-' ]; then fi # Drop root privileges if we are running elasticsearch -if [ "$1" = 'elasticsearch' ]; then +# allow the container to be stated with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then # Change the ownership of /usr/share/elasticsearch/data to elasticsearch chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data - exec gosu elasticsearch "$@" + + set -- gosu elasticsearch "$@" + #exec gosu elasticsearch "$BASH_SOURCE" "$@" fi # As argument is not related to elasticsearch, diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index a8fca33..fb6064d 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -8,10 +8,13 @@ if [ "${1:0:1}" = '-' ]; then fi # Drop root privileges if we are running elasticsearch -if [ "$1" = 'elasticsearch' ]; then +# allow the container to be stated with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then # Change the ownership of /usr/share/elasticsearch/data to elasticsearch chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data - exec gosu elasticsearch "$@" + + set -- gosu elasticsearch "$@" + #exec gosu elasticsearch "$BASH_SOURCE" "$@" fi # As argument is not related to elasticsearch, From a3f8e658da60bf58e97e18a78d85815a896f9eed Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 18 Jan 2016 10:59:24 -0800 Subject: [PATCH 2/2] Fix minor typo --- 1.3/docker-entrypoint.sh | 2 +- 1.4/docker-entrypoint.sh | 2 +- 1.5/docker-entrypoint.sh | 2 +- 1.6/docker-entrypoint.sh | 2 +- 1.7/docker-entrypoint.sh | 2 +- 2.0/docker-entrypoint.sh | 2 +- 2.1/docker-entrypoint.sh | 2 +- docker-entrypoint.sh | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/1.3/docker-entrypoint.sh b/1.3/docker-entrypoint.sh index fb6064d..09dd9fc 100755 --- a/1.3/docker-entrypoint.sh +++ b/1.3/docker-entrypoint.sh @@ -8,7 +8,7 @@ if [ "${1:0:1}" = '-' ]; then fi # Drop root privileges if we are running elasticsearch -# allow the container to be stated with `--user` +# allow the container to be started with `--user` if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then # Change the ownership of /usr/share/elasticsearch/data to elasticsearch chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data diff --git a/1.4/docker-entrypoint.sh b/1.4/docker-entrypoint.sh index fb6064d..09dd9fc 100755 --- a/1.4/docker-entrypoint.sh +++ b/1.4/docker-entrypoint.sh @@ -8,7 +8,7 @@ if [ "${1:0:1}" = '-' ]; then fi # Drop root privileges if we are running elasticsearch -# allow the container to be stated with `--user` +# allow the container to be started with `--user` if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then # Change the ownership of /usr/share/elasticsearch/data to elasticsearch chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data diff --git a/1.5/docker-entrypoint.sh b/1.5/docker-entrypoint.sh index fb6064d..09dd9fc 100755 --- a/1.5/docker-entrypoint.sh +++ b/1.5/docker-entrypoint.sh @@ -8,7 +8,7 @@ if [ "${1:0:1}" = '-' ]; then fi # Drop root privileges if we are running elasticsearch -# allow the container to be stated with `--user` +# allow the container to be started with `--user` if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then # Change the ownership of /usr/share/elasticsearch/data to elasticsearch chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data diff --git a/1.6/docker-entrypoint.sh b/1.6/docker-entrypoint.sh index fb6064d..09dd9fc 100755 --- a/1.6/docker-entrypoint.sh +++ b/1.6/docker-entrypoint.sh @@ -8,7 +8,7 @@ if [ "${1:0:1}" = '-' ]; then fi # Drop root privileges if we are running elasticsearch -# allow the container to be stated with `--user` +# allow the container to be started with `--user` if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then # Change the ownership of /usr/share/elasticsearch/data to elasticsearch chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data diff --git a/1.7/docker-entrypoint.sh b/1.7/docker-entrypoint.sh index fb6064d..09dd9fc 100755 --- a/1.7/docker-entrypoint.sh +++ b/1.7/docker-entrypoint.sh @@ -8,7 +8,7 @@ if [ "${1:0:1}" = '-' ]; then fi # Drop root privileges if we are running elasticsearch -# allow the container to be stated with `--user` +# allow the container to be started with `--user` if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then # Change the ownership of /usr/share/elasticsearch/data to elasticsearch chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data diff --git a/2.0/docker-entrypoint.sh b/2.0/docker-entrypoint.sh index fb6064d..09dd9fc 100755 --- a/2.0/docker-entrypoint.sh +++ b/2.0/docker-entrypoint.sh @@ -8,7 +8,7 @@ if [ "${1:0:1}" = '-' ]; then fi # Drop root privileges if we are running elasticsearch -# allow the container to be stated with `--user` +# allow the container to be started with `--user` if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then # Change the ownership of /usr/share/elasticsearch/data to elasticsearch chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data diff --git a/2.1/docker-entrypoint.sh b/2.1/docker-entrypoint.sh index fb6064d..09dd9fc 100755 --- a/2.1/docker-entrypoint.sh +++ b/2.1/docker-entrypoint.sh @@ -8,7 +8,7 @@ if [ "${1:0:1}" = '-' ]; then fi # Drop root privileges if we are running elasticsearch -# allow the container to be stated with `--user` +# allow the container to be started with `--user` if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then # Change the ownership of /usr/share/elasticsearch/data to elasticsearch chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index fb6064d..09dd9fc 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -8,7 +8,7 @@ if [ "${1:0:1}" = '-' ]; then fi # Drop root privileges if we are running elasticsearch -# allow the container to be stated with `--user` +# allow the container to be started with `--user` if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then # Change the ownership of /usr/share/elasticsearch/data to elasticsearch chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data