makisu icon indicating copy to clipboard operation
makisu copied to clipboard

Published 20 hours ago verified publisher icon uber-archive

Rootless Makisu

Open AurelienGasser opened this issue 4 years ago • 3 comments

Does Makisu currently support being run as a non-root user? The documentation doesn't seem to mention it.

If it's not currently possible, can Makisu eventually be made runnable as a non-root user, or does Makisu's design or other limitations fundamentally prevent it?

AurelienGasser avatar Jun 19 '20 21:06 AurelienGasser

Nothing really requires root by design - it just read directories/files and sometimes move them around (needed for multi-phase builds).

However normally the base image (unless you use FROM scratch) would contain files owned by root, and in that case you will need run makisu as root in container. In that case maybe you can also get around this by using user namespace.

yiranwang52 avatar Jun 24 '20 04:06 yiranwang52

Have you any list of files/directories that makisu should have access to? Or maybe any tutorial, how to run the makisu image without root?

@AurelienGasser asked a good question because, for example, gardener can create Kubernetes cluster without permission to run any image with root or with other privileges (more info)

pPrecel avatar Nov 25 '20 21:11 pPrecel

What exactly are you trying to do?

Ideally, you'd want to run makisu inside docker. If you also don't want to run docker, you might get away with using podman to run makisu inside a container.

WhyNotHugo avatar Dec 04 '20 21:12 WhyNotHugo