janpfeifer
check_and_run_autostart.sh should allow execution of autostart.sh even if it's not mounted
I have a use case where I want to build on top the existing image like this:
FROM janpfeifer/gonb_jupyterlab
ADD script.sh /root/autostart/autostart.sh
RUN chmod +x /root/autostart/autostart.sh
and when I run the container I see:
/root/autostart/autostart.sh doesn't seem to be mounted readonly, NOT EXECUTING IT.
What if you simply make the file read only in addition to making it executable?
RUN chmod 500 /root/autostart/autostart.sh instead of the RUN chmod +x /root/autostart/autostart.sh
That still results in:
/root/autostart/autostart.sh doesn't seem to be mounted readonly, NOT EXECUTING IT.
I think I remember that I was not agreeing with having the check enforcing it to be "mounted read only". There must be some issue with that. But anyway:
Thus is what happens: https://github.com/janpfeifer/gonb/blob/main/cmd/check_and_run_autostart.sh
I guess you need to replace that check.
COPY cmd/check_and_run_autostart.sh /usr/local/bin/
ENTRYPOINT ["tini", "-g", "--", "/usr/local/bin/check_and_run_autostart.sh"]
So you need to either replace the check or change the entry point of your new container.
Apologies on the delay following up, I'm on vacation and not online very often.
@paololazzari : I'm no Docker expert, but would it work adding your script.sh to your docker and change the ENTRYPOINT to execute it instead, and then execute JupyterLab ?
The readonly requirement was for security (? it's arguable how much it gains, but again since I'm no Docker expert, I try to always err on the least permissions side).
ps.: To run JupyterLab (from check_and_run_autostart.sh):
# Run JupyterLab from $NOTEBOOKS as user $NB_USER.
su -l "${NB_USER}" -c "cd \"${NOTEBOOKS}\" ; jupyter lab"
