#!/bin/sh#You must have $DOCKER_SETUP_USER env var to set up the container's user.#This script must be run as ROOT, on container start.# Protip: Use sudo/sudoers to enable calling this easily:# - In Dockerfile# echo "${user} ALL=NOPASSWD:SETENV: /app/setup/*" >> /etc/sudoers# - In entrypoint.sh# sudo -E /app/setup/setupDockerMount.shDOCKER_USER=$DOCKER_SETUP_USERDOCKER_BIN=/usr/bin/docker
DOCKER_SOCKET=/var/run/docker.sock
DOCKER_GROUP=$(ls -al $DOCKER_SOCKET| awk '{print $4}')DOCKER_GID=$(ls -aln $DOCKER_SOCKET| awk '{print $4}')HAS_GROUP=$(getent group $DOCKER_GID)USER_NOT_IN_GROUP=$(id -nG "$DOCKER_USER"| grep -qw "$DOCKER_GROUP")DOCKER_BROKEN=$($DOCKER_BIN2>&1| grep -E 'not found|cannot open shared')#Make sure we're mounted with socket!if[[ ! -S $DOCKER_SOCKET]]thenecho"Missing: $DOCKER_SOCKET!"exit1fi#Make sure we're mounted with binary!if[[ ! -f $DOCKER_BIN]]thenecho"Missing: $DOCKER_BIN!"exit1elseecho"Exists: $DOCKER_BIN"fi#Make sure we're mounted with executable!if[[ ! -x $DOCKER_BIN]]thenecho"Not Executable: $DOCKER_BIN!"exit1fi#Test if dynamic linked objects for binary are missingif[[ ! -z "$DOCKER_BROKEN"]]thenecho"Inoperable: $DOCKER_BIN"echo -e "\t\tEnsure all linked objects are volume mounted as well (use: ldd $(which docker))."exit2fi#Add Group if missingif[[ ! $HAS_GROUP]]thenecho"Creating 'docker' group: $DOCKER_GID" addgroup --gid $DOCKER_GID docker
fi#Add User to Group if not already in itif[[ ! $USER_NOT_IN_GROUP]]thenecho"Adding '$DOCKER_USER' to group: $DOCKER_GROUP($DOCKER_GID)"echo -e "\tNote: The *name* may not be right, but the GID should be!" adduser $DOCKER_USER$DOCKER_GROUPfi
Comments (0)
HTTPSSSH
You can clone a snippet to your computer for local editing.
Learn more.