fix: Ensure container users always exist #427
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #427 +/- ##
==========================================
+ Coverage 76.70% 76.81% +0.10%
==========================================
Files 29 29
Lines 3439 3442 +3
Branches 537 538 +1
==========================================
+ Hits 2638 2644 +6
+ Misses 569 567 -2
+ Partials 232 231 -1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
apaleyes
left a comment
apaleyes
left a comment
There was a problem hiding this comment.
After thinking about this for a while and reading docker/linux docs, I am happy to approve it. Still can't claim full understanding though! But at least the general idea now makes sense.
Of course it would be nice to have @xalelax see this too, as he was involved in all earlier bugs/complications with setting users inside tesseracts
xalelax
left a comment
xalelax
left a comment
There was a problem hiding this comment.
I was originally puzzled by the approach, but tbh while looking for alternatives I didn't find anything better. Let's go with this
Relevant issue or PR
Fixes #425
Description of changes
addmepleaseexecutable to every container that adds the current user + group to/etc/passwdand a few other system files.We achieve this by compiling a simple C binary that we can run as root with
setuideven from non-privileged accounts.Testing done
Tested on reproducer from #425, and added new e2e test on CI.