From 9c87e52dfc5036e59bdc0b8bc6f4ef5b6afe11b0 Mon Sep 17 00:00:00 2001 From: Codex Date: Fri, 12 Jun 2026 15:18:19 +0000 Subject: [PATCH] Prepare SQLite bind mount permissions --- README.md | 5 +++++ scripts/export-to-old-redis.sh | 15 +++++++++++++++ scripts/import-from-old-redis.sh | 15 +++++++++++++++ 3 files changed, 35 insertions(+) diff --git a/README.md b/README.md index cb9e666..0dcf8e2 100644 --- a/README.md +++ b/README.md @@ -80,6 +80,11 @@ container's network namespace. `--sqlite` may point to a SQLite database file or to a directory. When it points to a directory, the scripts use `kosync.sqlite3` inside that directory. +When run as root, the scripts chown the SQLite directory and existing database +file to UID/GID `10001`, matching the published image's `kosync` user. Override +with `KOSYNC_UID` and `KOSYNC_GID` only if you run the container with a different +runtime user. + ```sh scripts/import-from-old-redis.sh \ --old-container kosync \ diff --git a/scripts/export-to-old-redis.sh b/scripts/export-to-old-redis.sh index 65918eb..cb6a285 100755 --- a/scripts/export-to-old-redis.sh +++ b/scripts/export-to-old-redis.sh @@ -7,6 +7,8 @@ IMAGE=sodium/kosync-rs:v2.1.1 REDIS_URL=redis://127.0.0.1:6379/1 PULL=1 FLUSH_TARGET=0 +KOSYNC_UID=${KOSYNC_UID:-10001} +KOSYNC_GID=${KOSYNC_GID:-10001} usage() { echo "Usage: $0 [--old-container NAME] [--sqlite PATH] [--image IMAGE] [--redis-url URL] [--flush-target] [--no-pull]" >&2 @@ -65,6 +67,18 @@ SQLITE_DIR=$(dirname "$SQLITE_ABS") SQLITE_BASE=$(basename "$SQLITE_ABS") mkdir -p "$SQLITE_DIR" +DOCKER_USER_ARGS= +if [ "$(id -u)" -eq 0 ]; then + chown "$KOSYNC_UID:$KOSYNC_GID" "$SQLITE_DIR" + for path in "$SQLITE_ABS" "$SQLITE_ABS-wal" "$SQLITE_ABS-shm" "$SQLITE_ABS-journal"; do + if [ -e "$path" ]; then + chown "$KOSYNC_UID:$KOSYNC_GID" "$path" + fi + done +else + DOCKER_USER_ARGS="--user $(id -u):$(id -g)" +fi + if [ "$PULL" -eq 1 ]; then docker pull "$IMAGE" fi @@ -80,6 +94,7 @@ if [ "$FLUSH_TARGET" -eq 1 ]; then fi docker run --rm \ + $DOCKER_USER_ARGS \ --network "container:$OLD_CONTAINER" \ -v "$SQLITE_DIR:/data" \ "$IMAGE" \ diff --git a/scripts/import-from-old-redis.sh b/scripts/import-from-old-redis.sh index f43a39e..bf6ca6b 100755 --- a/scripts/import-from-old-redis.sh +++ b/scripts/import-from-old-redis.sh @@ -6,6 +6,8 @@ SQLITE=./data/kosync.sqlite3 IMAGE=sodium/kosync-rs:v2.1.1 REDIS_URL=redis://127.0.0.1:6379/1 PULL=1 +KOSYNC_UID=${KOSYNC_UID:-10001} +KOSYNC_GID=${KOSYNC_GID:-10001} usage() { echo "Usage: $0 [--old-container NAME] [--sqlite PATH] [--image IMAGE] [--redis-url URL] [--no-pull]" >&2 @@ -60,6 +62,18 @@ SQLITE_DIR=$(dirname "$SQLITE_ABS") SQLITE_BASE=$(basename "$SQLITE_ABS") mkdir -p "$SQLITE_DIR" +DOCKER_USER_ARGS= +if [ "$(id -u)" -eq 0 ]; then + chown "$KOSYNC_UID:$KOSYNC_GID" "$SQLITE_DIR" + for path in "$SQLITE_ABS" "$SQLITE_ABS-wal" "$SQLITE_ABS-shm" "$SQLITE_ABS-journal"; do + if [ -e "$path" ]; then + chown "$KOSYNC_UID:$KOSYNC_GID" "$path" + fi + done +else + DOCKER_USER_ARGS="--user $(id -u):$(id -g)" +fi + if [ "$PULL" -eq 1 ]; then docker pull "$IMAGE" fi @@ -70,6 +84,7 @@ echo "redis url: $REDIS_URL" echo "sqlite: $SQLITE_ABS" docker run --rm \ + $DOCKER_USER_ARGS \ --network "container:$OLD_CONTAINER" \ -v "$SQLITE_DIR:/data" \ "$IMAGE" \