Skip to content

Commit 91e2a9e

Browse files
Try to change ownership of files on SD card during installation (#247)
* Try to change ownership of files on SD card during installation When 'Allow root-privileged apps' is turned on, the post-install script will run as root, so it has the ability to change the ownership of the files on the SD card --------- Co-authored-by: Madelen Andersson <madelen.andersson@axis.com> Co-authored-by: madelen-at-work <madelen-at-work@users.noreply.github.com>
1 parent eedaa05 commit 91e2a9e

File tree

2 files changed

+17
-2
lines changed

2 files changed

+17
-2
lines changed

README.md

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -61,11 +61,15 @@ contains known limitations when running rootless Docker.
6161
<!-- omit in toc -->
6262
### Known Issues
6363

64+
- When using the SD card for this application, the file permissions can sometimes be set incorrectly
65+
during an upgrade of the device firmware or the application.
66+
See [Using an SD card as storage](#using-an-sd-card-as-storage) for information on how to handle this.
67+
6468
- Only uid and gid are properly mapped between device and containers, not the secondary groups that the
6569
user is a member of. This means that resources on the device, even if they are volume or device mounted,
6670
can be inaccessible inside the container. This can also affect usage of unsupported D-Bus methods from
6771
the container. See [Using host user secondary groups in container](#using-host-user-secondary-groups-in-container)
68-
for how to handle this.
72+
for information on how to handle this.
6973

7074
## Requirements
7175

@@ -224,7 +228,8 @@ Following are the possible values of `Status`:
224228
correct file permissions to use it.
225229
The application is running but dockerd is stopped.
226230
Make sure no directories with the wrong user permissions are left on
227-
the SD card, then restart the application.
231+
the SD card, then restart the application. For further information see
232+
[Using an SD card as storage](#using-an-sd-card-as-storage).
228233

229234
### Using TLS to secure the application
230235

@@ -331,6 +336,9 @@ To get more informed about specifications, check the
331336
>remove the directory that is used by the application.
332337
>For versions before 2.0 the path was `/var/spool/storage/SD_DISK/dockerd`.
333338
>For versions from 2.0 the path is `/var/spool/storage/areas/SD_DISK/<application-name>`.
339+
>Alternatively, this can be achieved by [allowing root-privileged apps][vapix-allow-root],
340+
>reinstalling the application, then disallowing root-privileged apps again,
341+
>since the post-install script will attempt to repair the permissions when running as root.
334342
335343
### Using the application
336344

app/postinstallscript.sh

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,3 +11,10 @@ if [ ! -e localdata/daemon.json ]; then
1111
echo "{}" >localdata/daemon.json
1212
[ "$(id -u)" -ne 0 ] || chown "$(stat -c %u.%g localdata)" localdata/daemon.json
1313
fi
14+
15+
# ACAP framework does not handle ownership on SD card, which causes problem when the app user ID changes.
16+
# If run as root, this script will repair the ownership.
17+
SD_CARD_AREA=/var/spool/storage/SD_DISK/areas/"$(basename "$(pwd)")"
18+
if [ "$(id -u)" -eq 0 ] && [ -d "$SD_CARD_AREA" ]; then
19+
chown -R "$(stat -c %u.%g localdata)" "$SD_CARD_AREA"
20+
fi

0 commit comments

Comments
 (0)