fix: Ensure container users always exist #427
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #427 +/- ##
==========================================
+ Coverage 66.91% 76.76% +9.84%
==========================================
Files 29 29
Lines 3431 3434 +3
Branches 535 536 +1
==========================================
+ Hits 2296 2636 +340
+ Misses 945 569 -376
- Partials 190 229 +39 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| ) | ||
|
|
||
|
|
||
| # |
There was a problem hiding this comment.
delete all commented stuff?
| description: "" | ||
|
|
||
| build_config: | ||
| # Base image to use for the container, must be Ubuntu or Debian-based |
There was a problem hiding this comment.
Somewhere, maybe here in the description, it would be nice to have an explanation of what this example demonstrates
apaleyes
left a comment
apaleyes
left a comment
There was a problem hiding this comment.
After thinking about this for a while and reading docker/linux docs, I am happy to approve it. Still can't claim full understanding though! But at least the general idea now makes sense.
Of course it would be nice to have @xalelax see this too, as he was involved in all earlier bugs/complications with setting users inside tesseracts
Relevant issue or PR
Fixes #425
Description of changes
addmepleaseexecutable to every container that adds the current user + group to/etc/passwdand a few other system files.We achieve this by compiling a simple C binary that we can run as root with
setuideven from non-privileged accounts.Testing done
Tested on reproducer from #425, and added new e2e test on CI.