Comments (7)
I'm guessing this issue should be opened against https://github.com/sclorg/s2i-base-container rather than the python image. But has my full support!
from s2i-python-container.
One thing you may have to be careful of in doing this is that you may want to skip setting up libnss_wrapper
if the user ID is the default 1001
user. There would strictly be no need to do it in that case.
Not that situation would arise under OpenShift, but `libnss_wrappershould never be setup when the user ID is
0``. It will not work in that situation.
This would only ever arise if for some reason someone took an image generated by S2I and used it with normal Docker service and forced it to run as root
by using docker run -u
option.
from s2i-python-container.
we've actually started to move away from libnss wrapper and instead are just chmod'ing /etc/passwd to make it group-writable and then updating it during startup:
https://github.com/openshift/jenkins/blob/master/2/Dockerfile#L53
https://github.com/openshift/jenkins/blob/master/2/contrib/s2i/run#L59-L61
https://github.com/openshift/jenkins/blob/master/2/contrib/jenkins/jenkins-common.sh#L12-L22
it's a much simpler approach and should address the issue described here. I would recommend the SCL images adopt it.
from s2i-python-container.
@hhorak see my last comment.
from s2i-python-container.
@bparees Does that approach have any drawbacks over libnss wrapper?
Also, I agree with @soltysh, this should be opened against s2i-base. If there's no opposition, I'll do it later today.
from s2i-python-container.
@bparees Does that approach have any drawbacks over libnss wrapper?
it makes people nervous because /etc/passwd is writable by anyone. but we haven't actually found a way to exploit that fact, so assuming someone doesn't come up with something, i don't think there are any drawbacks... from a functional perspective it's certainly much nicer/simpler.
from s2i-python-container.
Let's track this issue only in sclorg/s2i-base-container#116.
from s2i-python-container.
Related Issues (20)
- Poetry backed project is not installed HOT 8
- Streamlit Update HOT 1
- No Action Required !! Testing automation workflow HOT 1
- No Action Required !! Testing automation workflow HOT 4
- Remove verification of installed packages HOT 3
- 3.9 Readme Instructions unclear HOT 6
- Python 3.10 RHEL image missing in RHEL Container catalog? HOT 4
- Unable to build a Python image from scratch on MacOS HOT 1
- Python 3.9+ for Centos 7 docker images HOT 4
- tests: test case should fail early when the prepare function fails HOT 3
- Distgen errors HOT 11
- Incorrect py-3 image HOT 11
- Support gunicorn >=20.1.0 defaults (do not require APP_ environment variables) HOT 1
- Add RHEL images for Python 3.11 HOT 4
- ERROR: No matching distribution found for numpy==1.19.2 HOT 4
- Use PIP_INDEX_URL with pipenv HOT 1
- ubi9/python-311:latest is using python3.9-rpm HOT 2
- Publish arm64 images HOT 8
- rh-python38 failed on `'npm-virtualenv-uwsgi-test-app' run_s2i_build` & `'pin-pipenv-version-test-app' run_s2i_build` HOT 2
- python311-devel not found by microdnf in python 3.11 minimal EL8 and C9s variants HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from s2i-python-container.