Custom Execution Containers are launched with a single user and changing user context will result in Access Denied

[danefalvo]

Team

• [X] I've assigned a team label to this issue

Severity

Not Blocking

Version

2022.4.4601 (hotfix: 5911)

Latest Version

I could reproduce the problem in the latest build

What happened?

When running Custom Execution containers, the Docker command that gets Generated, doesn't specify the username. So the user running the execution container and attempting to specify a USER in the Dockerfile will lead to Access Denied when trying to change the user context.

If the Execution Container was to be run while using the Docker run command with the argument '-u 0' the root user should have more permissions, including the ability to change USER context.

Reproduction

Working on a reproduction here: https://octopus-operations.octopus.app/app#/Spaces-162/projects/running-docker-execution-container-as-a-user-other-than-root/deployments

Error and Stacktrace

docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "/root/.octopus/OctopusServer/Server/Tools/Calamari.linux-x64/22.7.4/Calamari": stat /root/.octopus/OctopusServer/Server/Tools/Calamari.linux-x64/22.7.4/Calamari: permission denied: unknown.

More Information

https://octopus.zendesk.com/agent/tickets/95187

Workaround

No response