-
Notifications
You must be signed in to change notification settings - Fork 349
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Improve support for unprivileged hosts (including LXC) #479
Conversation
databreach
commented
Dec 23, 2023
- Add fakeroot to extract the dsm system without elevated permissions
- Remove obsolete docker variable "DEV" used to exclude extraction of device nodes
* Remove obsolete docker variable "DEV" used to exclude extraction of device nodes
Thanks!! I have no experience with fakeroot, but I am a bit in doubt if this works as intended. When I read this for example: http://www.embeddedlinux.org.cn/OEManual/fakeroot.html it seems like fakeroot creates the device nodes as empty dummy files, that only appear as the correct devices while inside the fakeroot session, but not outside. So that means that any code that follows to process the untarred files, will also need fakeroot otherwise it will just copy empty files to the DSM partition instead of real device nodes. So for example this line:
copies all the extracted files to the DSM partition, but as its not running inside fakeroot, I do not think it will process the device nodes correctly. So the most logical fix would be to also add the
So because we run fakeroot a second time, it will have forgotten the mapping between the empty dummy file and the device node that it had in memory during the first run. So the only way to make it work correctly is to run the whole execution of So I do not think this patch improves the current situation for unprivileged containers. As instead of skipping the files, you now just copy empty files, but its better to skip them so DSM may create the correct ones when it notices that they are missing. |
Thank you for your feedback. I had considered using fakeroot for a bigger portion of |
I do not think this code will create any errors, and it will also not be missing files. But I think when I go inside DSM after installation, and look at I have not tested that yet, but if I read the |
To the best of my knowledge of |
@databreach That is not what I ment. I ment that for non-privileged users the device file would be invalid (empty). The reason is that fakeroot was only used during tar extraction. So the mke2fs command which comes next, will not see fake device nodes but the empty dummy files that fakeroot created. This is described in the article that I linked. The solution is to run both tar and mke2fs inside the same fakeroot session, so that they both view the files in the same way. I solved this now in the last commit, by starting a new bash shell in which both commands are executed before fakeroot exits:
|
Providing clarification is appreciated, and I apologize for any misunderstanding. The aim was to streamline the usage of virtual-dsm regardless of the user's privileges, and removing the necessity for the |