coreos-assembler icon indicating copy to clipboard operation
coreos-assembler copied to clipboard

Published 20 hours ago verified publisher icon coreos

RFC: Remove `builder` user from container image

Open jlebon opened this issue 4 years ago • 2 comments

Right now, we have

USER builder

in our Dockerfile. This causes incompatibilities with GitHub Action because it assumes that it runs as root.

We should consider removing it. This should not affect OpenShift, which always runs as non-root anyway (by default). It may affect developers who use the cosa bash alias though.

See related discussions in https://github.com/coreos/fedora-coreos-config/pull/932.

jlebon avatar Jun 10 '21 19:06 jlebon

Removing the USER builder would work just fine for the RHCOS pipelines, however, they need the user defined. Otherwise :+1:

darkmuggle avatar Jul 09 '21 19:07 darkmuggle

@cgwalters in https://github.com/coreos/rpm-ostree/pull/3576 used the following to work around this in GitHub Actions:

container:
  image: quay.io/coreos-assembler/coreos-assembler:latest
  options: "--user root --privileged -v /var/tmp:/var/tmp"

jlebon avatar Apr 06 '22 16:04 jlebon