meatbag/baseimage-alpine
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Rework init order again

Browse source
This commit is contained in:
TheSpad 2022-07-14 22:19:49 +01:00
parent d7ac0a9a4e
commit 4f51cb2f4f
No known key found for this signature in database
GPG key ID: 08F06191F4587860
31 changed files with 6 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
root/etc/s6-overlay/s6-rc.d/init-base/up
View file

@ -1 +0,0 @@
# This file doesn't do anything, it's just the end of the base image init process

0
root/etc/s6-overlay/s6-rc.d/init-adduser/dependencies.d/init-tamper-check → root/etc/s6-overlay/s6-rc.d/init-config-end/dependencies.d/init-config
View file

0
root/etc/s6-overlay/s6-rc.d/init-base/type → root/etc/s6-overlay/s6-rc.d/init-config-end/type
View file

0
root/etc/s6-overlay/s6-rc.d/init-downstream/up → root/etc/s6-overlay/s6-rc.d/init-config-end/up
View file

0
root/etc/s6-overlay/s6-rc.d/init-base/dependencies.d/base → root/etc/s6-overlay/s6-rc.d/init-config/dependencies.d/init-os-end
View file

0
root/etc/s6-overlay/s6-rc.d/init-downstream/type → root/etc/s6-overlay/s6-rc.d/init-config/type
View file

1
root/etc/s6-overlay/s6-rc.d/init-config/up Normal file
View file

@ -0,0 +1 @@
# This file doesn't do anything, it's just the start of the downstream image init process

0
root/etc/s6-overlay/s6-rc.d/init-base/dependencies.d/init-adduser → root/etc/s6-overlay/s6-rc.d/init-custom-files/dependencies.d/base
View file

0
root/etc/s6-overlay/s6-rc.d/init-base/dependencies.d/init-envfile → root/etc/s6-overlay/s6-rc.d/init-custom-files/dependencies.d/init-adduser
View file

0
root/etc/s6-overlay/s6-rc.d/init-base/dependencies.d/init-migrations → root/etc/s6-overlay/s6-rc.d/init-mods-end/dependencies.d/init-mods
View file

0
root/etc/s6-overlay/s6-rc.d/init-tamper-check/type → root/etc/s6-overlay/s6-rc.d/init-mods-end/type
View file

1
root/etc/s6-overlay/s6-rc.d/init-mods-end/up Normal file
View file

@ -0,0 +1 @@
# This file doesn't do anything, it's just the end of the mod init process

0
root/etc/s6-overlay/s6-rc.d/init-base/dependencies.d/init-script-check → root/etc/s6-overlay/s6-rc.d/init-mods/dependencies.d/init-config-end
View file

1
root/etc/s6-overlay/s6-rc.d/init-mods/type Normal file
View file

@ -0,0 +1 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-mods/up Normal file
View file

@ -0,0 +1 @@
# This file doesn't do anything, it's just the start of the mod init process

0
root/etc/s6-overlay/s6-rc.d/init-base/dependencies.d/init-tamper-check → root/etc/s6-overlay/s6-rc.d/init-os-end/dependencies.d/base
View file

0
root/etc/s6-overlay/s6-rc.d/init-custom-files/dependencies.d/init-downstream → root/etc/s6-overlay/s6-rc.d/init-os-end/dependencies.d/init-adduser
View file

0
root/etc/s6-overlay/s6-rc.d/init-downstream/dependencies.d/init-base → root/etc/s6-overlay/s6-rc.d/init-os-end/dependencies.d/init-custom-files
View file

0
root/etc/s6-overlay/s6-rc.d/init-tamper-check/dependencies.d/init-script-check → root/etc/s6-overlay/s6-rc.d/init-os-end/dependencies.d/init-envfile
View file

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-base → root/etc/s6-overlay/s6-rc.d/init-os-end/dependencies.d/init-migrations
View file

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-tamper-check → root/etc/s6-overlay/s6-rc.d/init-os-end/dependencies.d/init-script-check
View file

1
root/etc/s6-overlay/s6-rc.d/init-os-end/type Normal file
View file

@ -0,0 +1 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-os-end/up Normal file
View file

@ -0,0 +1 @@
# This file doesn't do anything, it's just the end of the mod init process

14
root/etc/s6-overlay/s6-rc.d/init-tamper-check/run
View file

@ -1,14 +0,0 @@
#!/usr/bin/with-contenv bash
if ([ -d "/config/custom-cont-init.d" ] && [ -n "$(find /config/custom-cont-init.d ! -user root)" ]); then
echo "**** Potential tampering with custom scripts detected ****"
randstr=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-8};echo;)
mv "/config/custom-cont-init.d" "/config/custom-cont-init.d.${randstr}"
echo "**** Folder /config/custom-cont-init.d is moved to /config/custom-cont-init.d.${randstr} ****"
echo "**** The folder '/config/custom-cont-init.d' and its contents need to all be owned by root to prevent root escalation inside the container!!! ****"
mkdir -p /config/custom-cont-init.d
chown 0:0 /config/custom-cont-init.d
elif ([ -d "/config/custom-cont-init.d" ] && [ -n "$(find /config/custom-cont-init.d -perm -o+w)" ]); then
echo "**** The folder '/config/custom-cont-init.d' or some of its contents have write permissions for others, which is a security risk. ****"
echo "**** Please review the permissions of this folder and its contents to make sure they are owned by root, and can only be modified by root. ****"
fi

1
root/etc/s6-overlay/s6-rc.d/init-tamper-check/up
View file

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-tamper-check/run

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-config Normal file
View file

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-config-end Normal file
View file

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-custom-files Normal file
View file

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-mods Normal file
View file

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-mods-end Normal file
View file

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-os-end Normal file
View file