Skip to content
This repository was archived by the owner on Oct 6, 2023. It is now read-only.

Commit 7109a2b

Browse files
ehoughehough
committed
touch up assertions
1 parent 411f9ff commit 7109a2b

File tree

1 file changed

+19
-17
lines changed

1 file changed

+19
-17
lines changed

entrypoint.sh

Lines changed: 19 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -273,9 +273,6 @@ assert_nfs_version() {
273273

274274
get_reqd_nfs_version | grep -Eq '^(3|4|4\.1|4\.2)$'
275275
on_failure bail "please set $ENV_VAR_NFS_VERSION to one of: 4.2, 4.1, 4, 3"
276-
}
277-
278-
assert_disabled_nfs3() {
279276

280277
if [[ -z "$(is_nfs3_enabled)" && "$(get_reqd_nfs_version)" == '3' ]]; then
281278
bail 'you cannot simultaneously enable and disable NFS version 3'
@@ -291,16 +288,17 @@ assert_nfsd_threads() {
291288
fi
292289
}
293290

294-
assert_kerberos_requirements() {
291+
assert_at_least_one_export() {
295292

296-
if [[ -n "$(is_kerberos_enabled)" ]]; then
293+
# ensure /etc/exports has at least one line
294+
grep -Evq '^\s*#|^\s*$' $PATH_FILE_ETC_EXPORTS
295+
on_failure bail "$PATH_FILE_ETC_EXPORTS has no exports"
296+
}
297297

298-
assert_file_provided "$PATH_FILE_ETC_IDMAPD_CONF"
299-
assert_file_provided "$PATH_FILE_ETC_KRB5_KEYTAB"
300-
assert_file_provided "$PATH_FILE_ETC_KRB5_CONF"
298+
assert_linux_capabilities() {
301299

302-
assert_kernel_mod rpcsec_gss_krb5
303-
fi
300+
capsh --print | grep -Eq "^Current: = .*,?cap_sys_admin(,|$)"
301+
on_failure bail 'missing CAP_SYS_ADMIN. be sure to run this image with --cap-add SYS_ADMIN or --privileged'
304302
}
305303

306304

@@ -383,23 +381,27 @@ init_assertions() {
383381
assert_port "$ENV_VAR_NFS_PORT_STATD_IN"
384382
assert_port "$ENV_VAR_NFS_PORT_STATD_OUT"
385383
assert_nfs_version
386-
assert_disabled_nfs3
387384
assert_nfsd_threads
388385

389386
# check kernel modules
390387
assert_kernel_mod nfs
391388
assert_kernel_mod nfsd
392389

393-
# ensure /etc/exports has at least one line
394-
grep -Evq '^\s*#|^\s*$' $PATH_FILE_ETC_EXPORTS
395-
on_failure bail "$PATH_FILE_ETC_EXPORTS has no exports"
390+
# make sure we have at least one export
391+
assert_at_least_one_export
396392

397393
# ensure we have CAP_SYS_ADMIN
398-
capsh --print | grep -Eq "^Current: = .*,?cap_sys_admin(,|$)"
399-
on_failure bail 'missing CAP_SYS_ADMIN. be sure to run this image with --cap-add SYS_ADMIN or --privileged'
394+
assert_linux_capabilities
400395

401396
# perform Kerberos assertions
402-
assert_kerberos_requirements
397+
if [[ -n "$(is_kerberos_enabled)" ]]; then
398+
399+
assert_file_provided "$PATH_FILE_ETC_IDMAPD_CONF"
400+
assert_file_provided "$PATH_FILE_ETC_KRB5_KEYTAB"
401+
assert_file_provided "$PATH_FILE_ETC_KRB5_CONF"
402+
403+
assert_kernel_mod rpcsec_gss_krb5
404+
fi
403405
}
404406

405407

0 commit comments

Comments
 (0)