From 9ae85a6a64992cb7217f3077e94181e3ea49afa1 Mon Sep 17 00:00:00 2001 From: "Yankel Scialom (YSC)" Date: Tue, 5 Jul 2022 21:35:46 +0000 Subject: [PATCH 1/2] [33] Make dhcpd process run as the dhcpd user and group --- util/entrypoint.sh | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/util/entrypoint.sh b/util/entrypoint.sh index 63883fd..9bc3ef3 100755 --- a/util/entrypoint.sh +++ b/util/entrypoint.sh @@ -51,12 +51,8 @@ if [ -n "$IFACE" ]; then uid=$(stat -c%u "$data_dir") gid=$(stat -c%g "$data_dir") - if [ $gid -ne 0 ]; then - groupmod -g $gid dhcpd - fi - if [ $uid -ne 0 ]; then - usermod -u $uid dhcpd - fi + groupmod -og $gid dhcpd + usermod -ou $uid dhcpd [ -e "$data_dir/dhcpd.leases" ] || touch "$data_dir/dhcpd.leases" chown dhcpd:dhcpd "$data_dir/dhcpd.leases" @@ -69,7 +65,7 @@ if [ -n "$IFACE" ]; then echo "You must add the 'docker run' option '--net=host' if you want to provide DHCP service to the host network." fi - $run /usr/sbin/dhcpd -$DHCPD_PROTOCOL -f -d --no-pid -cf "$data_dir/dhcpd.conf" -lf "$data_dir/dhcpd.leases" $IFACE + $run /usr/sbin/dhcpd -$DHCPD_PROTOCOL -f -d --no-pid -cf "$data_dir/dhcpd.conf" -lf "$data_dir/dhcpd.leases" -user dhcpd -group dhcpd $IFACE else # Run another binary $run "$@" From 6fd7b1896b3a95f6ad1363351c872aedc1785680 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robin=20Smidsr=C3=B8d?= Date: Mon, 25 Jul 2022 15:49:30 +0200 Subject: [PATCH 2/2] Fix broken support for docker run --init --- util/entrypoint.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/util/entrypoint.sh b/util/entrypoint.sh index 9bc3ef3..7ceb4ff 100755 --- a/util/entrypoint.sh +++ b/util/entrypoint.sh @@ -5,10 +5,10 @@ set -e # Support docker run --init parameter which obsoletes the use of dumb-init, # but support dumb-init for those that still use it without --init -if [ -x "/dev/init" ]; then - run="exec" -else +if [ $$ -eq 1 ]; then run="exec /usr/bin/dumb-init --" +else + run="exec" fi # Single argument to command line is interface name