Re-using an inherited file descriptor to /dev/urandom frees us
from problems with mount options including 'nodev' and removes a
capability from the set we need.
Change-Id: I70337e923f802d7efbd3159c11a4e39f6529b6e6
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
- removed old/obsolete dockerfiles
- updated README
- added back the starter scripts to Dockerfile, in order not to break
existing API, i.e. environment variables for aliasgroups, admin, etc.
Signed-off-by: Andras Timar <andras.timar@collabora.com>
Change-Id: I8ed88afd9db3bc53f9b5529f20764b538b302596
Added the 'tzdata' package to Ubuntu-based Docker builds and the
'timezone' package to openSUSE builds, to allow Docker users to run
the containers with a custom timezone by passing a TZ env variable.
Signed-off-by: Tobia Conforto <tobia.conforto@gmail.com>
Change-Id: Idafd84dde3383b4801ff4b3ebb8ac1826fe49fcc
explicitly set buster as source since is now oldstable
Signed-off-by: Marco Marinello <me@marcomarinello.it>
Change-Id: I7153ad1ce61bc6fcd4862209a01a4f73e68b5aa5
Docker supports two methods of executing commands.
The existing approach was to run bash and give the
shell script to execute, which forks and execs another
shell instance to run the script. This means that the
script itself is not PID 1, rather the parent bash
instance is.
The second approach is to exec the script in the same
bash process, without a parent. This is exactly what
we want, because once our script is done, it execs
loolwsd, thereby making loolwsd PID 1.
All of this means that when the docker container is
stopped, and PID 1 is sent SIGTERM, loolwsd will
intercept it and gracefully shutdown.
Change-Id: I52ac63f7fba58d20d1c6f63c7e07dd18141c1af4
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
After compiling and installing poco the script is left in the wrong path, resulting core to be deployed underneath poco directory which breaks configure --with-lo-path later on.
Signed-off-by: Martin Hoffmann <mhoffmann@pro-nets.de>
Change-Id: I46c5b77e44eebead08c8a7fb857c229900a23570
In some cases we cannot do a fast bind-mount of the files we want
in our jail since we don't have cap_sys_admin for loolmount inside
eg. docker.
Thus we need to fallback to hard-linking, however various security
systems namespace parts of our tree, such that link() fails with
EXDEV even across the (apparently) same file-system.
As such we need to assemble a copy of what we want to hard-link
close to our jails. However, this needs to be owned by root / the
system to avoid having writable files shared between jails. Hence
we need cap_chown in addition to cap_fowner, to get ownership right
and then hard-link.
Change-Id: Iba0ef46ddbc1c03f3dc7177bc1ec1755624135db
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
