diff options
-rw-r--r-- | Makefile | 9 | ||||
-rwxr-xr-x | bin/container-shell | 2 | ||||
-rw-r--r-- | share/doc/HOST-SETUP.txt | 13 | ||||
-rw-r--r-- | share/sudo/container-tools | 1 |
4 files changed, 24 insertions, 1 deletions
@@ -69,6 +69,10 @@ install: build mkdir -p $(DESTDIR)/usr/share/bash-completion/completions cp -r share/bash-completion/* $(DESTDIR)/usr/share/bash-completion/completions + mkdir -p $(DESTDIR)/etc/sudoers.d + cp -r share/sudo/* $(DESTDIR)/etc/sudoers.d + chmod 0440 $(DESTDIR)/etc/sudoers.d/* + mkdir -p $(DESTDIR)/usr/share/doc cp -r share/doc $(DESTDIR)/usr/share/doc/$(SOFTWARE) @@ -124,6 +128,11 @@ uninstall: rm -f $(DESTDIR)/usr/share/man/man1/cntsh.1 rm -f ${DESTDIR}/usr/share/bash-completion/completions/cnt + for FILE in share/sudo/*; \ + do \ + rm -f $(DESTDIR)/etc/sudoers.d/$$(basename $${FILE}); \ + done + for FILE in share/bash-completion/*; \ do \ rm -f $(DESTDIR)/usr/share/bash-completion/completions/$$(basename $${FILE}); \ diff --git a/bin/container-shell b/bin/container-shell index 5f75058..d910ae0 100755 --- a/bin/container-shell +++ b/bin/container-shell @@ -85,7 +85,7 @@ Shell () return else echo - "/usr/lib/${SOFTWARE}/${PROGRAM}/${COMMAND}" "${OPTIONS}" || true + sudo "/usr/lib/${SOFTWARE}/${PROGRAM}/${COMMAND}" "${OPTIONS}" || true fi } diff --git a/share/doc/HOST-SETUP.txt b/share/doc/HOST-SETUP.txt index f3d813a..4b18b20 100644 --- a/share/doc/HOST-SETUP.txt +++ b/share/doc/HOST-SETUP.txt @@ -167,3 +167,16 @@ iface br100 inet static bridge_maxwait 0 bridge_stp 0 EOF + + +4. Enabling container-shell +--------------------------- + +Managing containers requires root privileges. In order to allow unprivileged +users to manage containers without granting them privileges or accounts, +the container-shell can be used together with sudo and a container user. + + sudo adduser --gecos "container-tools,,," \ + --home /var/lib/machines/container-tools \ + --shell /usr/bin/container-shell \ + --no-create-home container diff --git a/share/sudo/container-tools b/share/sudo/container-tools new file mode 100644 index 0000000..ced273c --- /dev/null +++ b/share/sudo/container-tools @@ -0,0 +1 @@ +container ALL=NOPASSWD: /usr/lib/container-tools/container/* |