rancher/os
1
0
Fork 1
mirror of https://github.com/rancher/os.git synced 2025-08-09 10:38:25 +00:00
Code Issues Releases Wiki Activity

Add rancher user and lock root

Browse Source
This commit is contained in:
Darren Shepherd 2015-02-20 11:29:17 -07:00
parent 7f3ee5d9ef
commit 4b2e98e238
6 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/default.go
View File

@ -125,6 +125,7 @@ func NewConfig() *Config {
"--rm " + "--rm " +
"--privileged " + "--privileged " +
"--volumes-from=console-volumes " + "--volumes-from=console-volumes " +
"--volumes-from=user-volumes " +
"--volumes-from=system-volumes " + "--volumes-from=system-volumes " +
"--ipc=host " + "--ipc=host " +
"--net=host " + "--net=host " +

7
docker/container.go
View File

@ -380,11 +380,16 @@ func (c *Container) start(wait bool) *Container {
if c.Exists() && c.remove { if c.Exists() && c.remove {
log.Debugf("Deleting container %s", c.Container.ID) log.Debugf("Deleting container %s", c.Container.ID)
c.Delete().Reset().Lookup() c.Delete()
if c.Err != nil { if c.Err != nil {
return c return c
} }
c.Reset().Lookup()
if c.Err != nil {
return c
}
} }
if !c.Exists() { if !c.Exists() {

1
scripts/ci
View File

@ -22,6 +22,7 @@ generate_images()
if [ -e ${BUILD}/${IMAGE_ID} ]; then if [ -e ${BUILD}/${IMAGE_ID} ]; then
DOCKER_BASE=$(<${BUILD}/${IMAGE_ID}) DOCKER_BASE=$(<${BUILD}/${IMAGE_ID})
else else
echo Running: docker run -d --privileged ${DOCKER_IMAGE} /source/scripts/build-images
CID=$(docker run -d --privileged ${DOCKER_IMAGE} /source/scripts/build-images) CID=$(docker run -d --privileged ${DOCKER_IMAGE} /source/scripts/build-images)
docker logs -f ${CID} & docker logs -f ${CID} &
trap "docker rm -f ${CID}" exit trap "docker rm -f ${CID}" exit

6
scripts/dockerimages/00-base
View File

@ -19,5 +19,7 @@ RUN rm /sbin/poweroff /sbin/reboot /sbin/halt && \
/var/lock \ /var/lock \
/var/log \ /var/log \
/var/run \ /var/run \
/var/spool /var/spool && \
CMD ["/bin/sh"] passwd -l root && \
addgroup sudo && \
echo '%sudo ALL=(ALL) ALL' > /etc/sudoers.d/sudo-group

4
scripts/dockerimages/06-console
View File

@ -1,3 +1,7 @@
FROM base FROM base
COPY scripts/dockerimages/scripts/console.sh /usr/sbin/ COPY scripts/dockerimages/scripts/console.sh /usr/sbin/
RUN adduser -G sudo -D -h /home/rancher -s /bin/bash rancher && \
sed -i 's/rancher.*/rancher:rixbL64o6zGmY:16486:0:99999:7:::/g' /etc/shadow && \
mkdir -p /home/rancher && \
chmod 2755 /home/rancher
CMD ["/usr/sbin/console.sh"] CMD ["/usr/sbin/console.sh"]

8
scripts/dockerimages/scripts/console.sh
View File

@ -1,4 +1,5 @@
#!/bin/sh #!/bin/sh
# Test
CLOUD_CONFIG_FILE=/var/lib/rancher/cloud-config CLOUD_CONFIG_FILE=/var/lib/rancher/cloud-config
@ -6,6 +7,13 @@ if [ -s $CLOUD_CONFIG_FILE ]; then
cloud-init --from-file $CLOUD_CONFIG_FILE cloud-init --from-file $CLOUD_CONFIG_FILE
fi fi
RANCER_HOME=/home/rancher
if [ ! -d ${RANCER_HOME} ]; then
mkdir -p ${RANCER_HOME}
chown rancher:rancher ${RANCER_HOME}
chmod 2755 ${RANCER_HOME}
fi
cat > /etc/respawn.conf << EOF cat > /etc/respawn.conf << EOF
/sbin/getty 115200 tty1 /sbin/getty 115200 tty1
/sbin/getty 115200 tty2 /sbin/getty 115200 tty2