Add a non root user (muslrust) #74
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a workaround the the (far to common) permission issues that usually arises when using docker images as build environments. Instead of running and building as root we now run as the muslrust user that has been added which gets the user-id and group-id of 1000:1000 that in many cases should also correspond to the default user for Linux users. It might not cover all cases and therefore there is also build arguments to configure the id of the user being created. Sadly it requires the users of the docker image to build their own version but at least it is doable to get around the issue.
|
Hey. Thank you for this. Had I done this from the beginning, I would have considered it, but at this stage it is too much of a breaking change for a docker image whose main api at this point is what tag people choose for CI. Even I have to build the image myself with this change (which goes against the point of having this on CI), so if people have to do that, they may as well fork it and build it (which they should do anyway, clux is not a trusted corporation an organisation should trust). This was wontfixed before in #65 |
|
Thanks and I understand that reasoning. muslrust is still probably the main reason why I will be able to put Rust in production at my company so I am very grateful for the hard work you put into it :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a workaround the the (far to common) permission issues that
usually arises when using docker images as build environments. Instead
of running and building as root we now run as the muslrust user that has
been added which gets the user-id and group-id of 1000:1000 that in
many cases should also correspond to the default user for Linux users.
It might not cover all cases and therefore there is also build arguments
to configure the id of the user being created. Sadly it requires the
users of the docker image to build their own version but at least it is
doable to get around the issue.
I have intentionally not updated the docs yet as I wanted to get some feedback on this solution first. It does seem to work for my use-case and I no longer need to require sudo in my build script to change the permission of the final artifact (and building locally works as expected).
I was inspired by the last solution in this blog https://jtreminio.com/blog/running-docker-containers-as-current-host-user/