func (c *containerLXD) mkdirAllContainerRoot(path string, perm os.FileMode) error {
var uid int
var gid int
if !c.IsPrivileged() {
uid, gid = c.idmapset.ShiftIntoNs(0, 0)
if uid == -1 {
uid = 0
}
if gid == -1 {
gid = 0
}
}
return shared.MkdirAllOwner(path, perm, uid, gid)
}
func (d *lxdContainer) MkdirAllContainerRoot(path string, perm os.FileMode) error {
var uid int = 0
var gid int = 0
if !d.isPrivileged() {
uid, gid = d.idmapset.ShiftIntoNs(0, 0)
if uid == -1 {
uid = 0
}
if gid == -1 {
gid = 0
}
}
return shared.MkdirAllOwner(path, perm, uid, gid)
}
func (c *containerLXD) TemplateApply(trigger string) error {
fname := path.Join(c.PathGet(""), "metadata.yaml")
if !shared.PathExists(fname) {
return nil
}
content, err := ioutil.ReadFile(fname)
if err != nil {
return err
}
metadata := new(imageMetadata)
err = yaml.Unmarshal(content, &metadata)
if err != nil {
return fmt.Errorf("Could not parse %s: %v", fname, err)
}
for filepath, template := range metadata.Templates {
var w *os.File
found := false
for _, tplTrigger := range template.When {
if tplTrigger == trigger {
found = true
break
}
}
if !found {
continue
}
fullpath := shared.VarPath("containers", c.name, "rootfs", strings.TrimLeft(filepath, "/"))
if shared.PathExists(fullpath) {
w, err = os.Create(fullpath)
if err != nil {
return err
}
} else {
uid := 0
gid := 0
if !c.IsPrivileged() {
uid, gid = c.idmapset.ShiftIntoNs(0, 0)
}
shared.MkdirAllOwner(path.Dir(fullpath), 0755, uid, gid)
w, err = os.Create(fullpath)
if err != nil {
return err
}
if !c.IsPrivileged() {
w.Chown(uid, gid)
}
w.Chmod(0644)
}
tplString, err := ioutil.ReadFile(shared.VarPath("containers", c.name, "templates", template.Template))
if err != nil {
return err
}
tpl, err := pongo2.FromString("{% autoescape off %}" + string(tplString) + "{% endautoescape %}")
if err != nil {
return err
}
containerMeta := make(map[string]string)
containerMeta["name"] = c.name
containerMeta["architecture"], _ = shared.ArchitectureName(c.architecture)
if c.ephemeral {
containerMeta["ephemeral"] = "true"
} else {
containerMeta["ephemeral"] = "false"
}
if c.IsPrivileged() {
containerMeta["privileged"] = "true"
} else {
containerMeta["privileged"] = "false"
}
configGet := func(confKey, confDefault *pongo2.Value) *pongo2.Value {
val, ok := c.config[confKey.String()]
if !ok {
return confDefault
}
return pongo2.AsValue(strings.TrimRight(val, "\r\n"))
}
tpl.ExecuteWriter(pongo2.Context{"trigger": trigger,
"path": filepath,
"container": containerMeta,
"config": c.config,
"devices": c.devices,
"properties": template.Properties,
"config_get": configGet}, w)
}
return nil
}