From 862960dac331075dc69f92c08ec858db50416c01 Mon Sep 17 00:00:00 2001 From: Craig Anderson Date: Mon, 28 Aug 2017 12:00:23 -0700 Subject: [PATCH] Prevent kubeadm-aio being run as root. Prevent duplicate docker mounts by disallowing root in kubeadm-aio. Change-Id: I3e743a0d82e03b9d2ffb3af685c27dd15415ab81 Closes-Bug: #1711744 --- tools/kubeadm-aio/kubeadm-aio-launcher.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tools/kubeadm-aio/kubeadm-aio-launcher.sh b/tools/kubeadm-aio/kubeadm-aio-launcher.sh index 8b2d176fe5..18d1f56e79 100755 --- a/tools/kubeadm-aio/kubeadm-aio-launcher.sh +++ b/tools/kubeadm-aio/kubeadm-aio-launcher.sh @@ -15,6 +15,12 @@ # under the License. set -xe +# Exit if run as root +if [[ $EUID -eq 0 ]]; then + echo "This script cannot be run as root" 1>&2 + exit 1 +fi + # Setup shared mounts for kubelet sudo mkdir -p /var/lib/kubelet sudo mount --bind /var/lib/kubelet /var/lib/kubelet @@ -38,6 +44,7 @@ sudo rm -rfv \ : ${KUBE_CNI:="calico"} : ${CNI_POD_CIDR:="192.168.0.0/16"} + # Launch Container sudo docker run \ -dt \ @@ -67,7 +74,7 @@ while true; do if [ -f ${HOME}/.kubeadm-aio/admin.conf ]; then READY="True" fi - [ $READY == "True" ] && break || true + [ "$READY" == "True" ] && break || true sleep 1 now=$(date +%s) [ $now -gt $end ] && \