Add initial version

Author: felipecrs

.editorconfig

@@ -0,0 +1,12 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true

.shellcheckrc

@@ -0,0 +1,9 @@
+enable=add-default-case
+enable=avoid-nullary-conditions
+enable=check-extra-masked-returns
+enable=check-set-e-suppressed
+enable=check-unassigned-uppercase
+enable=deprecate-which
+enable=quote-safe-variables
+enable=require-double-brackets
+enable=require-variable-braces

Dockerfile

@@ -0,0 +1,12 @@
+FROM felipecrs/fixdockergid:latest
+
+USER root
+
+ARG DOCKER_PATH="/usr/bin/docker"
+RUN mv -f "${DOCKER_PATH}" "${DOCKER_PATH}.orig"
+COPY docker "${DOCKER_PATH}"
+
+USER rootless
+
+# Create fixtures
+RUN echo test | tee /home/rootless/only-inside-container

docker

@@ -0,0 +1,101 @@
+#!/bin/bash
+
+set -euxo pipefail
+
+function get_container_id() {
+  local cpuset_output
+  cpuset_output=$(head -1 /proc/self/cpuset)
+  basename "${cpuset_output}"
+}
+
+function get_container_root_dir() {
+  local container_id="${1}"
+
+  docker.orig inspect --format '{{.GraphDriver.Data.MergedDir}}' "${container_id}"
+}
+
+function set_container_volumes() {
+  local container_id="${1}"
+
+  local docker_output
+  docker_output=$(
+    docker.orig inspect \
+      --format '{{range .Mounts}}{{printf "%s:%s\n" .Source .Destination}}{{end}}' \
+      "${container_id}"
+  )
+
+  readarray -t container_volumes <<<"${docker_output}"
+}
+
+container_id="$(get_container_id)"
+container_root_dir="$(get_container_root_dir "${container_id}")"
+set_container_volumes "${container_id}"
+readonly container_id container_root_dir container_volumes
+
+function fix_volume_arg() {
+  local source="${volume_arg%%":"*}"
+  local destination="${volume_arg#*":"}"
+
+  # Fix relative paths as docker needs absolute paths
+  # if [[ "${source}" == "./"* ]]; then
+  #   source="${PWD}/${source#"./"}"
+  # fi
+
+  if [[ "${source}" == "/"* ]]; then
+    for container_volume in "${container_volumes[@]}"; do
+      local container_volume_source="${container_volume%%":"*}"
+      local container_volume_destination="${container_volume#*":"}"
+
+      if [[ "${source}" == "${container_volume_destination}" ]]; then
+        volume_arg="${container_volume_source}:${destination}"
+        return
+      fi
+
+      if [[ "${source}" == "${container_volume_destination}/"* ]]; then
+        volume_arg="${container_volume_source}${source#"${container_volume_destination}"}:${destination}"
+        return
+      fi
+
+      # Check if there is some container_volume mounted within the source
+      # Example:
+      # First container mounts --volume "${PWD}/testfile:/home/rootless/testfile"
+      # Second container mounts --volume /home/rootless:/wd
+      # Then the second container should also mount --volume "${PWD}/testfile:/wd/testfile" (extra_arg)
+      if [[ "${container_volume_destination}" == "${source}/"* ]]; then
+        # Convert /home/rootless/testfile (container_volume_destination) to /wd/testfile (destination path)
+        extra_args+=(--volume "${container_volume_source}:${destination}/${container_volume_destination#"${source}/"}")
+      fi
+    done
+
+    volume_arg="${container_root_dir}${source}:${destination}"
+    return
+  fi
+
+  volume_arg="${source}:${destination}"
+}
+
+original_args=("$@")
+fixed_args=()
+
+extra_args=()
+fix_next_arg=false
+for arg in "${original_args[@]}"; do
+  if [[ "${fix_next_arg}" == true ]]; then
+    fix_next_arg=false
+    volume_arg="${arg}"
+    fix_volume_arg
+    arg="${volume_arg}"
+  elif [[ "${arg}" == "-v" || "${arg}" == "--volume" ]]; then
+    fix_next_arg=true
+  elif [[ "${arg}" == "-v="* || "${arg}" == "--volume="* ]]; then
+    dot_dot_volume="${arg%%"="*}"
+    volume_arg="${arg#*"="}"
+    fix_volume_arg
+    arg="${dot_dot_volume}=${volume_arg}"
+  fi
+
+  fixed_args+=("${arg}" "${extra_args[@]}")
+  extra_args=()
+done
+
+exec docker.orig "${fixed_args[@]}"

test.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -euxo pipefail
+
+image_id="$(docker build --quiet .)"
+
+# shellcheck disable=SC2312
+docker_args=(docker run --rm --user "$(id -u):$(id -g)" --volume /var/run/docker.sock:/var/run/docker.sock)
+
+# Check if docker on docker is working
+"${docker_args[@]}" "${image_id}" docker version >/dev/null
+
+# Check if mounting an volume from the container gets fixed
+"${docker_args[@]}" "${image_id}" docker run --rm --volume /home/rootless/only-inside-container:/only-inside-container ubuntu:latest grep "^test$" /only-inside-container >/dev/null
+"${docker_args[@]}" "${image_id}" docker run --rm --volume=/home/rootless/only-inside-container:/only-inside-container ubuntu:latest grep "^test$" /only-inside-container >/dev/null
+
+# Check if mounting a volume which is already a volume gets fixed
+"${docker_args[@]}" --volume "${PWD}:/wd" "${image_id}" docker run --rm --volume /wd:/wd ubuntu:latest grep "^test$" /wd/testfile >/dev/null
+
+# Same as above but for a file within the volume
+"${docker_args[@]}" --volume "${PWD}:/wd" "${image_id}" docker run --rm --volume /wd/testfile:/wd/testfile ubuntu:latest grep "^test$" /wd/testfile >/dev/null
+
+# Volumes inside volumes
+"${docker_args[@]}" --volume "${PWD}/testfile:/home/rootless/testfile" "${image_id}" docker run --rm --volume /home/rootless:/wd ubuntu:latest grep "^test$" /wd/testfile >/dev/null
+"${docker_args[@]}" --volume "${PWD}/testfile:/home/rootless/testfile" --volume "${PWD}/testfile:/home/rootless/testfile2" "${image_id}" docker run --rm --volume /home/rootless:/wd ubuntu:latest bash -c 'grep "^test$" /wd/testfile && grep "^test$" /wd/testfile2 && grep "^test$" /wd/only-inside-container' >/dev/null

testfile

@@ -0,0 +1 @@
+test