mirror of
https://github.com/octoleo/syncthing.git
synced 2024-11-10 15:20:56 +00:00
361f7ae564
As it's not simple to run a container under Docker/Kubernetes as non-root but with additional capabilities, add an internal hack.
23 lines
575 B
Bash
Executable File
23 lines
575 B
Bash
Executable File
#!/bin/sh
|
|
|
|
set -eu
|
|
|
|
if [ "$(id -u)" = '0' ]; then
|
|
binary="$1"
|
|
if [ "$PCAP" == "" ] ; then
|
|
# If Syncthing should have no extra capabilities, make sure to remove them
|
|
# from the binary. This will fail with an error if there are no
|
|
# capabilities to remove, hence the || true etc.
|
|
setcap -r "$binary" 2>/dev/null || true
|
|
else
|
|
# Set capabilities on the Syncthing binary before launching it.
|
|
setcap "$PCAP" "$binary"
|
|
fi
|
|
|
|
chown "${PUID}:${PGID}" "${HOME}" \
|
|
&& exec su-exec "${PUID}:${PGID}" \
|
|
env HOME="$HOME" "$@"
|
|
else
|
|
exec "$@"
|
|
fi
|