summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Makefile9
-rwxr-xr-xbin/container-shell2
-rw-r--r--share/doc/HOST-SETUP.txt13
-rw-r--r--share/sudo/container-tools1
4 files changed, 24 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index 0b67c50..94289f2 100644
--- a/Makefile
+++ b/Makefile
@@ -69,6 +69,10 @@ install: build
mkdir -p $(DESTDIR)/usr/share/bash-completion/completions
cp -r share/bash-completion/* $(DESTDIR)/usr/share/bash-completion/completions
+ mkdir -p $(DESTDIR)/etc/sudoers.d
+ cp -r share/sudo/* $(DESTDIR)/etc/sudoers.d
+ chmod 0440 $(DESTDIR)/etc/sudoers.d/*
+
mkdir -p $(DESTDIR)/usr/share/doc
cp -r share/doc $(DESTDIR)/usr/share/doc/$(SOFTWARE)
@@ -124,6 +128,11 @@ uninstall:
rm -f $(DESTDIR)/usr/share/man/man1/cntsh.1
rm -f ${DESTDIR}/usr/share/bash-completion/completions/cnt
+ for FILE in share/sudo/*; \
+ do \
+ rm -f $(DESTDIR)/etc/sudoers.d/$$(basename $${FILE}); \
+ done
+
for FILE in share/bash-completion/*; \
do \
rm -f $(DESTDIR)/usr/share/bash-completion/completions/$$(basename $${FILE}); \
diff --git a/bin/container-shell b/bin/container-shell
index 5f75058..d910ae0 100755
--- a/bin/container-shell
+++ b/bin/container-shell
@@ -85,7 +85,7 @@ Shell ()
return
else
echo
- "/usr/lib/${SOFTWARE}/${PROGRAM}/${COMMAND}" "${OPTIONS}" || true
+ sudo "/usr/lib/${SOFTWARE}/${PROGRAM}/${COMMAND}" "${OPTIONS}" || true
fi
}
diff --git a/share/doc/HOST-SETUP.txt b/share/doc/HOST-SETUP.txt
index f3d813a..4b18b20 100644
--- a/share/doc/HOST-SETUP.txt
+++ b/share/doc/HOST-SETUP.txt
@@ -167,3 +167,16 @@ iface br100 inet static
bridge_maxwait 0
bridge_stp 0
EOF
+
+
+4. Enabling container-shell
+---------------------------
+
+Managing containers requires root privileges. In order to allow unprivileged
+users to manage containers without granting them privileges or accounts,
+the container-shell can be used together with sudo and a container user.
+
+ sudo adduser --gecos "container-tools,,," \
+ --home /var/lib/machines/container-tools \
+ --shell /usr/bin/container-shell \
+ --no-create-home container
diff --git a/share/sudo/container-tools b/share/sudo/container-tools
new file mode 100644
index 0000000..ced273c
--- /dev/null
+++ b/share/sudo/container-tools
@@ -0,0 +1 @@
+container ALL=NOPASSWD: /usr/lib/container-tools/container/*