File docker-userns-remap.sh of Package docker

#!/bin/bash
set -eu

#
# See https://docs.docker.com/engine/security/userns-remap/
#

# /etc/sub[ug]id should exist already (it's part of shadow-utils).
# Docker parses it and doesn't need any special shadow-utils helpers.
if ! [ -f /etc/subuid ]; then
    touch /etc/subuid
fi

if ! [ -f /etc/subgid ]; then
    touch /etc/subgid
fi

# The command `useradd -r` doesn't add sub[ug]ids so we manually add some.
# Hopefully there aren't any conflicts here, because `usermod` doesn't provide
# the same "get unusued range" feature that dockremap does.

# Check if dockremap is not already present in subuid
if ! grep -q '^dockremap:' /etc/subuid; then
    # try to assign a range
    if ! usermod -v 100000000-200000000 dockremap &>/dev/null; then
        # fallback if it fails
        echo "dockremap:100000000:100000001" >> /etc/subuid || :
    fi
fi

# Check if dockremap is not already present in subgid
if ! grep -q '^dockremap:' /etc/subgid; then
    # Try to assign a range
    if ! usermod -w 100000000-200000000 dockremap &>/dev/null; then
        # Fallback if it fails
        echo "dockremap:100000000:100000001" >> /etc/subgid || :
    fi
fi
Places

File docker-userns-remap.sh of Package docker

Places
