From 0987d7de4cc34fedf0ca700dfcbc514a966c88c2 Mon Sep 17 00:00:00 2001 From: Alexandre Date: Wed, 3 Aug 2022 21:20:26 +0200 Subject: [PATCH] Avoid config permissions change https://github.com/alexbelgium/hassio-addons/pull/413 --- bazarr/Dockerfile | 7 ++++++- booksonic_air/Dockerfile | 7 ++++++- calibre/Dockerfile | 5 +++++ calibre_web/Dockerfile | 6 +++++- code-server/Dockerfile | 7 ++++++- flexget/Dockerfile | 7 ++++++- grav/Dockerfile | 7 ++++++- jackett/Dockerfile | 7 ++++++- jellyfin/Dockerfile | 5 +++++ lidarr/Dockerfile | 7 ++++++- mylar3/Dockerfile | 7 ++++++- nzbget/Dockerfile | 7 ++++++- ombi/Dockerfile | 7 ++++++- organizr/Dockerfile | 7 ++++++- overseerr/Dockerfile | 7 ++++++- paperless_ngx/Dockerfile | 7 ++++++- papermerge/Dockerfile | 7 ++++++- piwigo/Dockerfile | 7 ++++++- plex/Dockerfile | 5 +++++ plex_meta_manager/Dockerfile | 7 ++++++- prowlarr/Dockerfile | 7 ++++++- qbittorrent/Dockerfile | 7 ++++++- radarr/Dockerfile | 7 ++++++- readarr/Dockerfile | 7 ++++++- requestrr/Dockerfile | 7 ++++++- resiliosync/Dockerfile | 7 ++++++- scrutiny/Dockerfile | 7 ++++++- scrutiny_fa/Dockerfile | 7 ++++++- sonarr/Dockerfile | 7 ++++++- transmission/Dockerfile | 7 ++++++- webtop_kde/Dockerfile | 5 +++++ 31 files changed, 181 insertions(+), 27 deletions(-) diff --git a/bazarr/Dockerfile b/bazarr/Dockerfile index ef30f2688..3ff796f68 100644 --- a/bazarr/Dockerfile +++ b/bazarr/Dockerfile @@ -33,8 +33,13 @@ RUN \ grep -rl " /config" /etc/cont-init.d | xargs sed -i 's| /config| /config/addons_config/bazarr|g' \ && grep -rl " /config" /etc/services.d | xargs sed -i 's| /config| /config/addons_config/bazarr|g' \ \ - # Allow UID and GID setting + # Avoid custom-init.d duplications && if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser diff --git a/booksonic_air/Dockerfile b/booksonic_air/Dockerfile index cc70fe2fb..d4b994264 100644 --- a/booksonic_air/Dockerfile +++ b/booksonic_air/Dockerfile @@ -29,8 +29,13 @@ ENV S6_CMD_WAIT_FOR_SERVICES=1 \ ENV BOOKSONIC_AIR_SETTINGS="/data" RUN \ - # Allow UID and GID setting + # Avoid custom-init.d duplications if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser diff --git a/calibre/Dockerfile b/calibre/Dockerfile index 3b807ebd1..7e3547596 100644 --- a/calibre/Dockerfile +++ b/calibre/Dockerfile @@ -30,6 +30,11 @@ ENV S6_CMD_WAIT_FOR_SERVICES=1 \ # Allow UID and GID setting RUN if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser \ diff --git a/calibre_web/Dockerfile b/calibre_web/Dockerfile index 6449e750c..cdaf887c8 100644 --- a/calibre_web/Dockerfile +++ b/calibre_web/Dockerfile @@ -28,8 +28,12 @@ ENV S6_CMD_WAIT_FOR_SERVICES=1 \ S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \ S6_SERVICES_GRACETIME=0 -# Allow UID and GID setting RUN if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser \ diff --git a/code-server/Dockerfile b/code-server/Dockerfile index de04d9c67..cce535901 100644 --- a/code-server/Dockerfile +++ b/code-server/Dockerfile @@ -28,8 +28,13 @@ ENV S6_CMD_WAIT_FOR_SERVICES=1 \ S6_SERVICES_GRACETIME=0 RUN \ - # Allow UID and GID setting + # Avoid custom-init.d duplications if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser \ diff --git a/flexget/Dockerfile b/flexget/Dockerfile index 8ad8c2846..dd7d42fc4 100644 --- a/flexget/Dockerfile +++ b/flexget/Dockerfile @@ -31,8 +31,13 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] # hadolint ignore=SC2016 RUN \ - # Allow UID and GID setting + # Avoid custom-init.d duplications if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser \ diff --git a/grav/Dockerfile b/grav/Dockerfile index 37e1084c8..65c96b325 100644 --- a/grav/Dockerfile +++ b/grav/Dockerfile @@ -32,8 +32,13 @@ RUN \ sed -i "s|/config|/share/grav|g" /etc/cont-init.d/50-config \ && sed -i "s|/share/grav/nginx|/config/nginx|g" /etc/cont-init.d/50-config \ \ - # Allow UID and GID setting + # Avoid custom-init.d duplications && if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser diff --git a/jackett/Dockerfile b/jackett/Dockerfile index f36759f63..e800737fd 100644 --- a/jackett/Dockerfile +++ b/jackett/Dockerfile @@ -30,8 +30,13 @@ ENV S6_CMD_WAIT_FOR_SERVICES=1 \ # use /data instead of /config for hass.io environment RUN sed -i "s|/config|/config/addons_config/Jackett|g" /etc/cont-init.d/30-config \ \ - # Allow UID and GID setting + # Avoid custom-init.d duplications && if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser diff --git a/jellyfin/Dockerfile b/jellyfin/Dockerfile index f0ea5711c..6d6bab76e 100644 --- a/jellyfin/Dockerfile +++ b/jellyfin/Dockerfile @@ -31,6 +31,11 @@ ENV S6_CMD_WAIT_FOR_SERVICES=0 \ # Allow UID and GID setting RUN \ if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser diff --git a/lidarr/Dockerfile b/lidarr/Dockerfile index afbf02e24..4fffa88f9 100644 --- a/lidarr/Dockerfile +++ b/lidarr/Dockerfile @@ -32,8 +32,13 @@ RUN \ sed -i "s|/config|/config/addons_config/lidarr|g" /etc/services.d/lidarr/run \ && sed -i "s|/config|/config/addons_config/lidarr|g" /etc/cont-init.d/30-config \ \ - # Allow UID and GID setting + # Avoid custom-init.d duplications && if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser diff --git a/mylar3/Dockerfile b/mylar3/Dockerfile index 1d88fc32a..796da02a4 100644 --- a/mylar3/Dockerfile +++ b/mylar3/Dockerfile @@ -30,8 +30,13 @@ ENV S6_CMD_WAIT_FOR_SERVICES=1 \ RUN sed -i "s|/config|/data|g" /etc/services.d/*/run \ && sed -i "s|/config|/data|g" /etc/cont-init.d/* \ \ - # Allow UID and GID setting + # Avoid custom-init.d duplications && if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser diff --git a/nzbget/Dockerfile b/nzbget/Dockerfile index c28320c94..9336f99fb 100644 --- a/nzbget/Dockerfile +++ b/nzbget/Dockerfile @@ -30,8 +30,13 @@ ENV S6_CMD_WAIT_FOR_SERVICES=1 \ RUN sed -i "s|/config|/config/addons_config/nzbget|g" /etc/services.d/nzbget/run \ && sed -i "s|/config|/config/addons_config/nzbget|g" /etc/cont-init.d/30-config \ && sed -i "s|/config|/config/addons_config/nzbget|g" /etc/cont-init.d/10-adduser \ - # Allow UID and GID setting + # Avoid custom-init.d duplications && if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser \ diff --git a/ombi/Dockerfile b/ombi/Dockerfile index 87449a849..8b541e447 100644 --- a/ombi/Dockerfile +++ b/ombi/Dockerfile @@ -30,8 +30,13 @@ ENV S6_CMD_WAIT_FOR_SERVICES=1 \ # spellcheck disable=SC2015 # hadolint ignore=SC2015,DL4006 RUN \ - # Allow UID and GID setting + # Avoid custom-init.d duplications if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser \ diff --git a/organizr/Dockerfile b/organizr/Dockerfile index 26a018cdd..d20c2976a 100644 --- a/organizr/Dockerfile +++ b/organizr/Dockerfile @@ -31,8 +31,13 @@ RUN \ ######################################## # Correct upstream image folders links # ######################################## - # Allow UID and GID setting + # Avoid custom-init.d duplications if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser \ diff --git a/overseerr/Dockerfile b/overseerr/Dockerfile index 3158d6da1..e8178b441 100644 --- a/overseerr/Dockerfile +++ b/overseerr/Dockerfile @@ -31,8 +31,13 @@ ENV S6_CMD_WAIT_FOR_SERVICES=1 \ RUN sed -i "s|/config|/config/addons_config/addons_config/overseerr|g" /etc/services.d/overseerr/run \ && sed -i "s|/config|/config/addons_config/addons_config/overseerr|g" /etc/cont-init.d/30-config \ \ - # Allow UID and GID setting + # Avoid custom-init.d duplications && if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser diff --git a/paperless_ngx/Dockerfile b/paperless_ngx/Dockerfile index 1bb4309d5..aaadd26cf 100644 --- a/paperless_ngx/Dockerfile +++ b/paperless_ngx/Dockerfile @@ -34,8 +34,13 @@ RUN \ ################# # Correct image # ################# - # Allow UID and GID setting + # Avoid custom-init.d duplications if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser \ diff --git a/papermerge/Dockerfile b/papermerge/Dockerfile index 515a79078..657c1d62c 100644 --- a/papermerge/Dockerfile +++ b/papermerge/Dockerfile @@ -29,8 +29,13 @@ ENV S6_CMD_WAIT_FOR_SERVICES=1 \ # hadolint ignore=SC2015 RUN \ - # Allow UID and GID setting + # Avoid custom-init.d duplications if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser \ diff --git a/piwigo/Dockerfile b/piwigo/Dockerfile index 0672286e5..0d4e67745 100644 --- a/piwigo/Dockerfile +++ b/piwigo/Dockerfile @@ -28,8 +28,13 @@ ENV S6_CMD_WAIT_FOR_SERVICES=1 \ S6_SERVICES_GRACETIME=0 RUN \ - # Allow UID and GID setting + # Avoid custom-init.d duplications if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser diff --git a/plex/Dockerfile b/plex/Dockerfile index 1ed1f2fe3..334c97141 100644 --- a/plex/Dockerfile +++ b/plex/Dockerfile @@ -37,6 +37,11 @@ RUN \ ############################# \ if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser \ diff --git a/plex_meta_manager/Dockerfile b/plex_meta_manager/Dockerfile index 2bb47d764..331367b8a 100644 --- a/plex_meta_manager/Dockerfile +++ b/plex_meta_manager/Dockerfile @@ -34,8 +34,13 @@ RUN \ sed -i "s|/config|/config/addons_config/plex-meta-manager|g" /etc/services.d/*/run \ && sed -i "s|/config|/config/addons_config/plex-meta-manager|g" /etc/cont-init.d/* \ \ - # Allow UID and GID setting + # Avoid custom-init.d duplications && if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser \ diff --git a/prowlarr/Dockerfile b/prowlarr/Dockerfile index 469a04f15..cda38688f 100644 --- a/prowlarr/Dockerfile +++ b/prowlarr/Dockerfile @@ -28,8 +28,13 @@ ENV S6_CMD_WAIT_FOR_SERVICES=1 \ S6_SERVICES_GRACETIME=0 RUN \ - # Allow UID and GID setting + # Avoid custom-init.d duplications if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser \ diff --git a/qbittorrent/Dockerfile b/qbittorrent/Dockerfile index e1c6eb410..ecb33d28f 100644 --- a/qbittorrent/Dockerfile +++ b/qbittorrent/Dockerfile @@ -39,8 +39,13 @@ ENV \ # hadolint ignore=SC2015 RUN \ - # Allow UID and GID setting + # Avoid custom-init.d duplications if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser \ diff --git a/radarr/Dockerfile b/radarr/Dockerfile index df182f7ad..d17276469 100644 --- a/radarr/Dockerfile +++ b/radarr/Dockerfile @@ -32,8 +32,13 @@ RUN \ sed -i "s|/config|/config/addons_config/radarr|g" /etc/services.d/radarr/run \ && sed -i "s|/config|/config/addons_config/radarr|g" /etc/cont-init.d/30-config \ \ - # Allow UID and GID setting + # Avoid custom-init.d duplications && if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser diff --git a/readarr/Dockerfile b/readarr/Dockerfile index 883568e17..73c64d927 100644 --- a/readarr/Dockerfile +++ b/readarr/Dockerfile @@ -31,8 +31,13 @@ ENV S6_CMD_WAIT_FOR_SERVICES=1 \ RUN sed -i "s|/config|/config/addons_config/radarr/readarr|g" /etc/services.d/readarr/run \ && sed -i "s|/config|/config/addons_config/radarr/readarr|g" /etc/cont-init.d/30-config \ \ - # Allow UID and GID setting + # Avoid custom-init.d duplications && if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser diff --git a/requestrr/Dockerfile b/requestrr/Dockerfile index 6e020c829..743154acc 100644 --- a/requestrr/Dockerfile +++ b/requestrr/Dockerfile @@ -31,8 +31,13 @@ RUN \ # use /data instead of /config for hass.io environment sed -i 's|/config \\|/data \\|g' /etc/cont-init.d/30-config \ \ - # Allow UID and GID setting + # Avoid custom-init.d duplications && if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser diff --git a/resiliosync/Dockerfile b/resiliosync/Dockerfile index e27c4ce92..c4646cccf 100644 --- a/resiliosync/Dockerfile +++ b/resiliosync/Dockerfile @@ -33,8 +33,13 @@ RUN \ ############### # Adapt image # ############### - # Allow UID and GID setting + # Avoid custom-init.d duplications if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser \ diff --git a/scrutiny/Dockerfile b/scrutiny/Dockerfile index 7d6df1486..6ecb4e8ce 100644 --- a/scrutiny/Dockerfile +++ b/scrutiny/Dockerfile @@ -31,8 +31,13 @@ ENV S6_CMD_WAIT_FOR_SERVICES=1 \ # hadolint ignore=DL4006 RUN \ - # Allow UID and GID setting + # Avoid custom-init.d duplications if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser \ diff --git a/scrutiny_fa/Dockerfile b/scrutiny_fa/Dockerfile index 686e71b2d..aca96ee8a 100644 --- a/scrutiny_fa/Dockerfile +++ b/scrutiny_fa/Dockerfile @@ -30,8 +30,13 @@ ENV S6_CMD_WAIT_FOR_SERVICES=1 \ # hadolint ignore=DL4006 RUN \ - # Allow UID and GID setting + # Avoid custom-init.d duplications if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser \ diff --git a/sonarr/Dockerfile b/sonarr/Dockerfile index c77e49978..69d99e63c 100644 --- a/sonarr/Dockerfile +++ b/sonarr/Dockerfile @@ -33,8 +33,13 @@ RUN \ sed -i "s|/config|/config/addons_config/sonarr|g" /etc/services.d/sonarr/run \ && sed -i "s|/config|/config/addons_config/sonarr|g" /etc/cont-init.d/30-config \ \ - # Allow UID and GID setting + # Avoid custom-init.d duplications && if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser diff --git a/transmission/Dockerfile b/transmission/Dockerfile index e3c4e6f8b..e09ba20f0 100644 --- a/transmission/Dockerfile +++ b/transmission/Dockerfile @@ -30,8 +30,13 @@ ENV S6_CMD_WAIT_FOR_SERVICES=1 \ # MOFIFY DATA PATH RUN sed -i "s|config|config/transmission|g" /etc/services.d/transmission/run \ #&& sed -i "s|config|config/transmission|g" /etc/cont-init.d/20-config \ - # Allow UID and GID setting + # Avoid custom-init.d duplications && if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser diff --git a/webtop_kde/Dockerfile b/webtop_kde/Dockerfile index 0168f2b35..bc8bcdad3 100644 --- a/webtop_kde/Dockerfile +++ b/webtop_kde/Dockerfile @@ -29,6 +29,11 @@ ENV S6_CMD_WAIT_FOR_SERVICES=1 \ # Allow UID and GID setting RUN if [ -f /etc/cont-init.d/02-tamper-check ]; then rm /etc/cont-init.d/02-tamper-check; fi \ + \ + # Prevent changing ownership of /config + && if [ -f /etc/cont-init.d/10-adduser ]; then sed -i "/chown abc:abc \/config$/d" /etc/cont-init.d/10-adduser; fi \ + \ + # Allow UID and GID setting && sed -i 's/bash/bashio/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PUID:-911}/(bashio::config "PUID")/g' /etc/cont-init.d/10-adduser \ && sed -i 's/{PGID:-911}/(bashio::config "PGID")/g' /etc/cont-init.d/10-adduser \