Honor a custom user and group specified for the entrypoint via the OCI image config `User` field instead of ignoring it.
This requires the following patch for LXC in order to work properly: https://github.com/lxc/lxc/pull/4626 With these patches applied, docker.io/weblate/weblate starts with the correct uid and groups instead of the default uid=0(root) gid=0(root) groups=0(root). Changes since v1: * Move OCI User resolving code to separate sub * chomp $line before interpreting fields * Prevent rootfs escape when following /etc/passwd & /etc/group symlinks * Fix $username search in get_supplementary_groups Filip Schauer (2): config: add `lxc.init.uid`/`gid`/`groups` keys oci create: honor User from OCI image config src/PVE/LXC/Config.pm | 3 ++ src/PVE/LXC/Create.pm | 82 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+) -- 2.47.3 _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
