Accepting request 719747 from home:cyphar:docker

- Fix default installation such that --userns-remap=default works properly (this appears to be an upstream regression, where --userns-remap=default doesn't auto-create the group and results in an error on-start). boo#1143349 OBS-URL: https://build.opensuse.org/request/show/719747 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=318
2019-07-30 05:44:55 +00:00 · 2019-07-30 05:44:55 +00:00 · 938c898611
commit 938c898611
parent fb5e6c3606
2 changed files with 18 additions and 0 deletions
--- a/docker.changes
+++ b/docker.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Jul 30 05:14:44 UTC 2019 - Aleksa Sarai <asarai@suse.com>
+
+- Fix default installation such that --userns-remap=default works properly
+  (this appears to be an upstream regression, where --userns-remap=default
+  doesn't auto-create the group and results in an error on-start). boo#1143349
+
 -------------------------------------------------------------------
 Fri Jul 26 12:49:18 UTC 2019 - Aleksa Sarai <asarai@suse.com>

--- a/docker.spec
+++ b/docker.spec
@ -413,7 +413,18 @@ install -D -m 0644 %{SOURCE5} %{buildroot}%{_fillupdir}/sysconfig.kubelet
 %fdupes %{buildroot}

 %pre
+# /var/run/docker.sock group owner.
 getent group docker >/dev/null || groupadd -r docker
+
+# used for --userns-remap=default.
+getent passwd dockremap >/dev/null || \
+	useradd -Ur -p '!' -s /bin/false -c 'docker --userns-remap=default' dockremap
+# "useradd -r" doesn't add sub[ug]ids so we manually add some. Hopefully there
+# aren't any conflicts here, because usermod doesn't provide the same "get
+# unusued range" feature that dockremap does.
+grep -q '^dockremap:' /etc/sub[ug]id || \
+	usermod -v 100000000-100065536 -w 100000000-100065536 dockremap
+
 %service_add_pre %{realname}.service

 %post