github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/docker/custom-scripts/docker-bind-mount.sh (about)

     1  #!/usr/bin/env bash
     2  
     3  # Source: Adapted from https://github.com/microsoft/vscode-dev-containers/blob/v0.224.3/script-library/docker-debian.sh
     4  
     5  # Copyright 2021 The Dapr Authors
     6  # Licensed under the Apache License, Version 2.0 (the "License");
     7  # you may not use this file except in compliance with the License.
     8  # You may obtain a copy of the License at
     9  #     http://www.apache.org/licenses/LICENSE-2.0
    10  # Unless required by applicable law or agreed to in writing, software
    11  # distributed under the License is distributed on an "AS IS" BASIS,
    12  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  # See the License for the specific language governing permissions and
    14  # limitations under the License.
    15  #
    16  
    17  set -e
    18  
    19  # Wrapper function to only use sudo if not already root
    20  sudoIf()
    21  {
    22      if [ "$(id -u)" -ne 0 ]; then
    23          sudo "$@"
    24      else
    25          "$@"
    26      fi
    27  }
    28  
    29  ### Diff start
    30  USERNAME=$(whoami)
    31  SOURCE_SOCKET=/var/run/docker-host.sock
    32  TARGET_SOCKET=/var/run/docker.sock
    33  ENABLE_NONROOT_DOCKER="true"
    34  
    35  if [ "${SOURCE_SOCKET}" != "${TARGET_SOCKET}" ]; then
    36      sudoIf touch "${SOURCE_SOCKET}"
    37      sudoIf ln -s "${SOURCE_SOCKET}" "${TARGET_SOCKET}"
    38  fi
    39  ### Diff end
    40  
    41  SOCAT_PATH_BASE=/tmp/vscr-docker-from-docker
    42  SOCAT_LOG=${SOCAT_PATH_BASE}.log
    43  SOCAT_PID=${SOCAT_PATH_BASE}.pid
    44  
    45  # Log messages
    46  log()
    47  {
    48      echo -e "[$(date)] $@" | sudoIf tee -a ${SOCAT_LOG} > /dev/null
    49  }
    50  
    51  echo -e "\n** $(date) **" | sudoIf tee -a ${SOCAT_LOG} > /dev/null
    52  log "Ensuring ${USERNAME} has access to ${SOURCE_SOCKET} via ${TARGET_SOCKET}"
    53  
    54  # If enabled, try to add a docker group with the right GID. If the group is root, 
    55  # fall back on using socat to forward the docker socket to another unix socket so 
    56  # that we can set permissions on it without affecting the host.
    57  if [ "${ENABLE_NONROOT_DOCKER}" = "true" ] && [ "${SOURCE_SOCKET}" != "${TARGET_SOCKET}" ] && [ "${USERNAME}" != "root" ] && [ "${USERNAME}" != "0" ]; then
    58      SOCKET_GID=$(stat -c '%g' ${SOURCE_SOCKET})
    59      if [ "${SOCKET_GID}" != "0" ]; then
    60          log "Adding user to group with GID ${SOCKET_GID}."
    61          if [ "$(cat /etc/group | grep :${SOCKET_GID}:)" = "" ]; then
    62              sudoIf groupadd --gid ${SOCKET_GID} docker-host
    63          fi
    64          # Add user to group if not already in it
    65          if [ "$(id ${USERNAME} | grep -E "groups.*(=|,)${SOCKET_GID}\(")" = "" ]; then
    66              sudoIf usermod -aG ${SOCKET_GID} ${USERNAME}
    67          fi
    68      else
    69          # Enable proxy if not already running
    70          if [ ! -f "${SOCAT_PID}" ] || ! ps -p $(cat ${SOCAT_PID}) > /dev/null; then
    71              log "Enabling socket proxy."
    72              log "Proxying ${SOURCE_SOCKET} to ${TARGET_SOCKET} for vscode"
    73              sudoIf rm -rf ${TARGET_SOCKET}
    74              (sudoIf socat UNIX-LISTEN:${TARGET_SOCKET},fork,mode=660,user=${USERNAME} UNIX-CONNECT:${SOURCE_SOCKET} 2>&1 | sudoIf tee -a ${SOCAT_LOG} > /dev/null & echo "$!" | sudoIf tee ${SOCAT_PID} > /dev/null)
    75          else
    76              log "Socket proxy already running."
    77          fi
    78      fi
    79      log "Success"
    80  fi
    81  
    82  # Execute whatever commands were passed in (if any). This allows us
    83  # to set this script to ENTRYPOINT while still executing the default CMD.
    84  set +e
    85  exec "$@"