QNAP LXD Unprivileged Container ACL Fix

change-permissions-for-unprivileged-container.sh

#!/bin/sh

# From https://discuss.linuxcontainers.org/t/failing-to-start-unprivileged-container-qnap/12235/9

# Change these values to match your configuration!
CONTAINER_VOLUME="/share/CACHEDEV3_DATA"
CONTAINER_FOLDER="Container"

if [ -z "$1" ] || [ -z "$2" ]; then
  echo "Use as $0 [set|unset] <UID>"
  exit 1
fi

# Seems like 1000000 is generally the container root user
userid="$2"

if [ "$1" == "set" ]; then
  # setfacl -R -m user:$userid:rx /share/CACHEDEV3_DATA/.qpkg/container-station
  setfacl -m user:$userid:rx "$CONTAINER_VOLUME"/.qpkg/container-station
  setfacl -m user:$userid:rx "$CONTAINER_VOLUME"/.qpkg/container-station/lib
  setfacl -m user:$userid:rx "$CONTAINER_VOLUME"/.qpkg/container-station/var
  setfacl -R -m user:$userid:rx "$CONTAINER_VOLUME"/.qpkg/container-station/usr

  setfacl -m user:$userid:rx "$CONTAINER_VOLUME/$CONTAINER_FOLDER"
  setfacl -m user:$userid:rx "$CONTAINER_VOLUME/$CONTAINER_FOLDER"/container-station-data/lib
  setfacl -m user:$userid:rx "$CONTAINER_VOLUME/$CONTAINER_FOLDER"/container-station-data/lib/lxd
  setfacl -m user:$userid:rx /var/lib/lxd
  setfacl -m user:$userid:rx /var/lib/lxd/containers
  setfacl -m user:$userid:rx /var/lib/lxd/devices
  setfacl -m user:$userid:rx /var/lib/lxd/shmounts
  setfacl -m user:$userid:rx /var/lib/lxd/snapshots
  setfacl -m user:$userid:rx /var/lib/lxd/storage-pools
  setfacl -m user:$userid:rx /var/lib/lxd/storage-pools/default/containers
elif [ "$1" == "unset" ]; then
  setfacl -R -x user:$userid "$CONTAINER_VOLUME"/.qpkg/container-station
  setfacl -R -x user:$userid "$CONTAINER_VOLUME/$CONTAINER_FOLDER"
  setfacl -R -x user:$userid /var/lib/lxd/
  setfacl -x user:$userid /var/lib/lxd
else
  echo "Invalid operation"
  exit 1
fi