diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go index 41b825b33..c1d8e85ef 100644 --- a/src/cmd/initContainer.go +++ b/src/cmd/initContainer.go @@ -52,7 +52,7 @@ var ( source string flags string }{ - {"/etc/machine-id", "/run/host/etc/machine-id", "ro"}, + {"/etc/machine-id", "/run/host/etc/machine-id", ""}, {"/run/libvirt", "/run/host/run/libvirt", ""}, {"/run/systemd/journal", "/run/host/run/systemd/journal", ""}, {"/run/systemd/resolve", "/run/host/run/systemd/resolve", ""}, @@ -236,24 +236,12 @@ func initContainer(cmd *cobra.Command, args []string) error { } } - if _, err := user.Lookup(initContainerFlags.user); err != nil { - if err := configureUsers(initContainerFlags.uid, - initContainerFlags.user, - initContainerFlags.home, - initContainerFlags.shell, - initContainerFlags.homeLink, - false); err != nil { - return err - } - } else { - if err := configureUsers(initContainerFlags.uid, - initContainerFlags.user, - initContainerFlags.home, - initContainerFlags.shell, - initContainerFlags.homeLink, - true); err != nil { - return err - } + if err := configureUsers(initContainerFlags.uid, + initContainerFlags.user, + initContainerFlags.home, + initContainerFlags.shell, + initContainerFlags.homeLink); err != nil { + return err } if utils.PathExists("/etc/krb5.conf.d") && !utils.PathExists("/etc/krb5.conf.d/kcm_default_ccache") { @@ -386,9 +374,7 @@ func initContainerHelp(cmd *cobra.Command, args []string) { } } -func configureUsers(targetUserUid int, - targetUser, targetUserHome, targetUserShell string, - homeLink, targetUserExists bool) error { +func configureUsers(targetUserUid int, targetUser, targetUserHome, targetUserShell string, homeLink bool) error { if homeLink { if err := redirectPath("/home", "/var/home", true); err != nil { return err @@ -400,45 +386,45 @@ func configureUsers(targetUserUid int, return fmt.Errorf("failed to get group for sudo: %w", err) } - if targetUserExists { - logrus.Debugf("Modifying user %s with UID %d:", targetUser, targetUserUid) + if _, err := user.Lookup(targetUser); err != nil { + logrus.Debugf("Adding user %s with UID %d:", targetUser, targetUserUid) - usermodArgs := []string{ - "--append", + useraddArgs := []string{ "--groups", sudoGroup, - "--home", targetUserHome, + "--home-dir", targetUserHome, + "--no-create-home", "--shell", targetUserShell, "--uid", fmt.Sprint(targetUserUid), targetUser, } - logrus.Debug("usermod") - for _, arg := range usermodArgs { + logrus.Debug("useradd") + for _, arg := range useraddArgs { logrus.Debugf("%s", arg) } - if err := shell.Run("usermod", nil, nil, nil, usermodArgs...); err != nil { - return fmt.Errorf("failed to modify user %s with UID %d: %w", targetUser, targetUserUid, err) + if err := shell.Run("useradd", nil, nil, nil, useraddArgs...); err != nil { + return fmt.Errorf("failed to add user %s with UID %d: %w", targetUser, targetUserUid, err) } } else { - logrus.Debugf("Adding user %s with UID %d:", targetUser, targetUserUid) + logrus.Debugf("Modifying user %s with UID %d:", targetUser, targetUserUid) - useraddArgs := []string{ + usermodArgs := []string{ + "--append", "--groups", sudoGroup, - "--home-dir", targetUserHome, - "--no-create-home", + "--home", targetUserHome, "--shell", targetUserShell, "--uid", fmt.Sprint(targetUserUid), targetUser, } - logrus.Debug("useradd") - for _, arg := range useraddArgs { + logrus.Debug("usermod") + for _, arg := range usermodArgs { logrus.Debugf("%s", arg) } - if err := shell.Run("useradd", nil, nil, nil, useraddArgs...); err != nil { - return fmt.Errorf("failed to add user %s with UID %d: %w", targetUser, targetUserUid, err) + if err := shell.Run("usermod", nil, nil, nil, usermodArgs...); err != nil { + return fmt.Errorf("failed to modify user %s with UID %d: %w", targetUser, targetUserUid, err) } }