github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-09-01 23:18:41 +00:00
Code Issues Projects Releases Wiki Activity

Add a metadata handler for GCP which allows ssh login

Browse Source 
- this needs improvements to make it more "platform native", in
  particular GCP supports multiple users and more ssh key mangement
  options.
- at present you can login as root with any platform ssh key
- add support for uts=host and ipc=host
- set the hostname from the metadata as well

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
Justin Cormack
2017-03-16 11:29:21 +00:00
parent c15f4f6b14
commit 73e30a757f
8 changed files with 167 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
tools/riddler/riddler.sh
View File

@@ -30,9 +30,17 @@ docker rm $CONTAINER > /dev/null
# remove user namespaces
# --read-only sets /dev ro
# /sysfs ro unless privileged - cannot detect so will do if grant all caps
#
# ipc, uts namespaces always isolated
UTS="."
IPC="."
echo $ARGS | grep -q uts=host && UTS=".linux.namespaces = (.linux.namespaces|map(select(.type!=\"uts\")))"
echo $ARGS | grep -q ipc=host && IPC=".linux.namespaces = (.linux.namespaces|map(select(.type!=\"ipc\")))"
mv config.json config.json.orig
cat config.json.orig | \
jq "$UTS" | \
jq "$IPC" | \
jq 'del(.process.rlimits)' | \
jq 'del (.linux.resources.memory.swappiness)' | \
jq 'del(.linux.uidMappings) | del(.linux.gidMappings) | .linux.namespaces = (.linux.namespaces|map(select(.type!="user")))' | \