38 lines
1.0 KiB
YAML
38 lines
1.0 KiB
YAML
---
|
|
|
|
- name: check if user is in subuid file
|
|
find:
|
|
path: /etc/subuid
|
|
contains: '^{{ container_run_as_user }}:.*$'
|
|
register: uid_line_found
|
|
when: container_run_as_user != 'root'
|
|
|
|
- name: check if group is in subgid file
|
|
find:
|
|
path: /etc/subgid
|
|
contains: '^{{ container_run_as_group }}:.*$'
|
|
register: gid_line_found
|
|
when: container_run_as_group != 'root'
|
|
|
|
- name: ensure user is in subuid file, if it was missing
|
|
lineinfile:
|
|
path: /etc/subuid
|
|
regexp: "^{{ container_run_as_user }}:.*"
|
|
line: "{{ container_run_as_user }}:165536:65536"
|
|
create: true
|
|
mode: '0644'
|
|
owner: root
|
|
group: root
|
|
when: container_run_as_user != 'root' and not uid_line_found.matched
|
|
|
|
- name: ensure group is in subgid file, if it was missing
|
|
lineinfile:
|
|
path: /etc/subgid
|
|
regexp: "^{{ container_run_as_group }}:.*"
|
|
line: "{{ container_run_as_group }}:165536:65536"
|
|
create: true
|
|
mode: '0644'
|
|
owner: root
|
|
group: root
|
|
when: container_run_as_group != 'root' and not gid_line_found.matched
|