Darkine/termux-docker-pacman
1
0
Fork 0
forked from DL-Mirrors/termux-docker
Code Pull Requests Activity

docker: update entrypoint script

Browse Source 
* Split conditional for non-root check.
* Force-drop privileges to user "system".
This commit is contained in:
Leonid Pliushch
2023-02-23 10:23:35 +02:00
parent 4360caad29
commit 988ecdaf07
1 changed files with 14 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
entrypoint.sh
View File

@@ -1,21 +1,24 @@
#!/system/bin/sh
if [ "$(id -u)" = "0" ] && [ -z "$(/system/bin/busybox pidof dnsmasq)" ]; then
/system/bin/mksh -T /dev/ptmx -c "/system/bin/dnsmasq -u root -g root --pid-file /dnsmasq.pid" >/dev/null 2>&1
sleep 1
if [ "$(id -u)" = "0" ]; then
if [ -z "$(/system/bin/busybox pidof dnsmasq)" ]; then
echo "[!] Failed to start dnsmasq, host name resolution may fail." >&2
/system/bin/mksh -T /dev/ptmx -c "/system/bin/dnsmasq -u root -g root --pid-file /dnsmasq.pid" >/dev/null 2>&1
sleep 1
if [ -z "$(/system/bin/busybox pidof dnsmasq)" ]; then
echo "[!] Failed to start dnsmasq, host name resolution may fail." >&2
fi
fi
else
echo "[!] Container is running as non-root, unable to start dnsmasq. DNS will be unavailable." >&2
fi
if [ $# -ge 1 ]; then
exec "$@"
else
if [ "$(id -u)" = "0" ]; then
exec /system/bin/su - system -c "/data/data/com.termux/files/usr/bin/login"
if [ $# -ge 1 ]; then
exec /data/data/com.termux/files/usr/bin/bash -c "$@"
else
exec /data/data/com.termux/files/usr/bin/login
fi
fi
if [ $# -ge 1 ]; then
exec /system/bin/su - system -c "/data/data/com.termux/files/usr/bin/bash -c \"$@\""
else
exec /data/data/com.termux/files/usr/bin/login
fi