From 2dc1deeb8799db9ae41da19821f2033e532a216d Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Tue, 19 Nov 2024 15:15:12 +0100
Subject: [PATCH] infra/image/dockerfile/c10s: Fix client part deployment for
 the server

The client part deployment fails in the configuration of NIS. The command
/usr/bin/nisdomainname is failing in a container in this task as the
container is not privileged.

The hostnamectl-wrapper is copied from the freeipa-container container
project to replace /usr/bin/nisdomainname in the container.
---
 infra/image/dockerfile/c10s           |  9 ++++++++-
 infra/image/utils/hostnamectl-wrapper | 12 ++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 infra/image/utils/hostnamectl-wrapper

diff --git a/infra/image/dockerfile/c10s b/infra/image/dockerfile/c10s
index 3710cdc..969e8f6 100644
--- a/infra/image/dockerfile/c10s
+++ b/infra/image/dockerfile/c10s
@@ -9,9 +9,16 @@ dnf --assumeyes install \
     bash \
     systemd \
     procps-ng \
-    iproute; \
+    iproute \
+    hostname; \
 rm -rf /var/cache/dnf/;
 
+# Prepare for basic ipa-server-install in container
+# Address failing nis-domainname.service in the ipa-client-install step
+RUN mv /usr/bin/nisdomainname /usr/bin/nisdomainname.orig
+ADD utils/hostnamectl-wrapper /usr/bin/nisdomainname
+RUN chmod a+rx /usr/bin/nisdomainname
+
 RUN (cd /lib/systemd/system/; \
     if [ -e dbus-broker.service ] && [ ! -e dbus.service ]; then \
        ln -s dbus-broker.service dbus.service; \
diff --git a/infra/image/utils/hostnamectl-wrapper b/infra/image/utils/hostnamectl-wrapper
new file mode 100644
index 0000000..19e6f8d
--- /dev/null
+++ b/infra/image/utils/hostnamectl-wrapper
@@ -0,0 +1,12 @@
+#!/bin/bash -eu
+
+if setpriv --dump | grep -q sys_admin ; then
+	if [[ "$( basename $0 )" =~ "domainname" ]] ; then
+		/usr/bin/hostname -y "$@"
+	else
+		$0.orig "$@"
+	fi
+else
+	echo "Skipping invocation of $0 $@ in unprivileged container." >&2
+	exit
+fi
-- 
GitLab