From c40a0ca3a34f4af73e030d5f5e53dcf09937e046 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
Date: Tue, 5 Dec 2017 17:17:18 +0100
Subject: [PATCH] lxc: add lxc-unprivileged helper package for unprivileged
 containers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

LXC requires newuidmap and newguidmap with SUID to run unprivileged
containers. This package should help users make sure they are available.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
---
 utils/lxc/Makefile                        | 17 +++++++++++++++++
 utils/lxc/files/lxc-unprivileged.defaults |  4 ++++
 2 files changed, 21 insertions(+)
 create mode 100644 utils/lxc/files/lxc-unprivileged.defaults

diff --git a/utils/lxc/Makefile b/utils/lxc/Makefile
index 4600e9c9ee..288d5039cf 100644
--- a/utils/lxc/Makefile
+++ b/utils/lxc/Makefile
@@ -70,6 +70,22 @@ define Package/lxc-auto/conffiles
 /etc/config/lxc-auto
 endef
 
+define Package/lxc-unprivileged
+  $(call Package/lxc/Default)
+  TITLE:=Helper script for unprivileged containers support
+  DEPENDS:=+shadow-utils +shadow-newuidmap +shadow-newgidmap
+endef
+
+define Package/lxc-unprivileged/description
+ Support for unprivileged containers requires newuidmap and newguidmap.
+ This package makes sure they are available & have correct permissions.
+endef
+
+define Package/lxc-unprivileged/install
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_DATA) ./files/lxc-unprivileged.defaults $(1)/etc/uci-defaults/lxc-unprivileged
+endef
+
 define Package/lxc/config
   source "$(SOURCE)/Config.in"
 endef
@@ -272,6 +288,7 @@ $(eval $(call BuildPackage,liblxc))
 $(eval $(call BuildPackage,lxc-lua))
 $(eval $(call BuildPackage,lxc-init))
 $(eval $(call BuildPackage,lxc-auto))
+$(eval $(call BuildPackage,lxc-unprivileged))
 $(foreach u,$(LXC_APPLETS_BIN),$(eval $(call GenPlugin,$(u),$(DEPENDS_APPLETS),"/usr/bin")))
 $(foreach u,$(LXC_APPLETS_LIB),$(eval $(call GenPlugin,$(u),$(DEPENDS_APPLETS),"/usr/lib/lxc")))
 $(foreach u,$(LXC_SCRIPTS),$(eval $(call GenPlugin,$(u),,"/usr/bin")))
diff --git a/utils/lxc/files/lxc-unprivileged.defaults b/utils/lxc/files/lxc-unprivileged.defaults
new file mode 100644
index 0000000000..45c9839f21
--- /dev/null
+++ b/utils/lxc/files/lxc-unprivileged.defaults
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+chmod u+s /usr/bin/newuidmap && \
+chmod u+s /usr/bin/newgidmap