Merge 90ee1a2e3e into 7153e1443a

docs: added more detail about autopauase rootless usage (#2814 )
Correctly map legacy whitelist vars APPEND_WHITELIST and OVERRIDE_WHITELIST
2024-05-05 20:50:03 +01:00 · 2024-05-04 18:41:49 -05:00 · 2024-04-29 15:53:08 -05:00
2 changed files with 18 additions and 8 deletions
--- a/docs/misc/autopause-autostop/autopause.md
+++ b/docs/misc/autopause-autostop/autopause.md
@ -45,7 +45,9 @@ The following environment variables define the behaviour of auto-pausing:

 ## Rootless Auto-Pause

-If you're running the container as rootless, you might need to set change the default port forwarder from RootlessKit to slirp4netns.
+If you're running the container as rootless, then it is necessary to add the `CAP_NET_RAW` capability to the container, such as using [the `cap_add` service field](https://docs.docker.com/compose/compose-file/05-services/#cap_add) in a compose file or [`--cap-add` docker run argument](https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities). It may also be necessary to set the environment variable `SKIP_SUDO` to "true". 
+
+You might need to set change the default port forwarder from RootlessKit to slirp4netns.

 For Docker, see the following for setup:

@ -54,8 +56,9 @@ For Docker, see the following for setup:

 For Podman, see the following for setup:
 - https://rootlesscontaine.rs/getting-started/podman/#changing-the-port-forwarder
- Run with

-  ```
-  -e AUTOPAUSE_KNOCK_INTERFACE=tap0 --cap-add=CAP_NET_RAW --network slirp4netns:port_handler=slirp4netns
-  ```
+
+!!! example "Using docker run"
+
+    -e AUTOPAUSE_KNOCK_INTERFACE=tap0 --cap-add=CAP_NET_RAW --network slirp4netns:port_handler=slirp4netns
+
--- a/scripts/start-setupRbac
+++ b/scripts/start-setupRbac
@ -77,13 +77,20 @@ if [[ -v WHITELIST_FILE ]]; then
 fi
 if [[ -v WHITELIST ]]; then
  args=()
-  if isTrue "${APPEND_WHITELIST:-false}" || isFalse "${OVERRIDE_WHITELIST:-true}"; then
-    args+=(--append-only)
-  fi
  existing="$EXISTING_WHITELIST_FILE"
+  # Working with an OPS list, so normalize the value to a "non-file" mode
  if [[ "$EXISTING_WHITELIST_FILE" = SYNC_FILE_MERGE_LIST ]]; then
    existing=MERGE
  fi
+  # legacy option
+  if [[ -v APPEND_WHITELIST ]] && isTrue "${APPEND_WHITELIST}"; then
+    existing=MERGE
+  fi
+  # legacy option
+  if [[ -v OVERRIDE_WHITELIST ]] && isFalse "${OVERRIDE_WHITELIST}"; then
+    existing=SKIP
+  fi
+
  # shellcheck disable=SC2086
  mc-image-helper manage-users \
    "${sharedArgs[@]}" "${args[@]}" \
Author	SHA1	Message	Date
Geoff Bourne	8531f23c1e	Merge `90ee1a2e3e` into `7153e1443a`	2024-05-05 20:50:03 +01:00
Geoff Bourne	7153e1443a	docs: added more detail about autopauase rootless usage (#2814 )	2024-05-04 18:41:49 -05:00
Geoff Bourne	90ee1a2e3e	Correctly map legacy whitelist vars APPEND_WHITELIST and OVERRIDE_WHITELIST	2024-04-29 15:53:08 -05:00