From bbae4a54bd63ef67d273bbe1a84e1eff9c810108 Mon Sep 17 00:00:00 2001 From: Anmol Sethi Date: Thu, 22 Oct 2020 02:13:38 -0400 Subject: [PATCH] release-image: Remap UID within the image before handling $DOCKER_USER If do not update the UID within the passwd database to match whatever uid the container is being ran as, then sudo will not work when renaming the user to match $DOCKER_USER as it will complain about the current user being non-existent. --- ci/release-image/entrypoint.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ci/release-image/entrypoint.sh b/ci/release-image/entrypoint.sh index abf9fddb3b25..4f2f7cfe2391 100755 --- a/ci/release-image/entrypoint.sh +++ b/ci/release-image/entrypoint.sh @@ -1,7 +1,11 @@ #!/bin/sh set -eu -if [ "${DOCKER_USER-}" ] && [ "$DOCKER_USER" != "$USER" ]; then +# We do this first to ensure sudo works below when renaming the user. +# Otherwise the current container UID may not exist in the passwd database. +eval "$(fixuid -q)" + +if [ "${DOCKER_USER-}" ]; then echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd > /dev/null # Unfortunately we cannot change $HOME as we cannot move any bind mounts # nor can we bind mount $HOME into a new home as that requires a privileged container. @@ -11,7 +15,6 @@ if [ "${DOCKER_USER-}" ] && [ "$DOCKER_USER" != "$USER" ]; then USER="$DOCKER_USER" sudo sed -i "/coder/d" /etc/sudoers.d/nopasswd - sudo sed -i "s/coder/$DOCKER_USER/g" /etc/fixuid/config.yml fi -dumb-init fixuid -q /usr/bin/code-server "$@" +dumb-init /usr/bin/code-server "$@"