From 5427f069a664cd8c2aa0affcbc7e54c240589a4f Mon Sep 17 00:00:00 2001 From: satlus Date: Fri, 12 Apr 2019 10:02:15 -0400 Subject: [PATCH 01/15] adding sr229s --- entrypoint | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 entrypoint diff --git a/entrypoint b/entrypoint new file mode 100644 index 000000000000..d7134306d0a1 --- /dev/null +++ b/entrypoint @@ -0,0 +1,9 @@ +#!/bin/sh + +export HOME=/home/coder +export USER_ID=$(id -u) +export GROUP_ID=$(id -g) + +sudo usermod -u $USER_ID coder && sudo groupmod -g $GROUP_ID coder + +exec "$@" \ No newline at end of file From 9fe6c36d5a421b45eea1e245e1af4a6edbceeb21 Mon Sep 17 00:00:00 2001 From: satlus Date: Fri, 12 Apr 2019 10:17:32 -0400 Subject: [PATCH 02/15] Fixed the entrypoint copy command --- Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e00bd66a5a87..e4dc9959b017 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,6 +35,8 @@ RUN adduser --gecos '' --disabled-password coder RUN echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd USER coder +COPY entrypoint /home/coder/project/ + # We create first instead of just using WORKDIR as when WORKDIR creates, the user is root. RUN mkdir -p /home/coder/project WORKDIR /home/coder/project @@ -42,4 +44,4 @@ WORKDIR /home/coder/project COPY --from=0 /src/packages/server/cli-linux-x64 /usr/local/bin/code-server EXPOSE 8443 -ENTRYPOINT ["dumb-init", "code-server"] +ENTRYPOINT ["dumb-init", "entrypoint", "code-server"] From 051b5ea62fd3c5f54b06bae28b853b276365f27c Mon Sep 17 00:00:00 2001 From: satlus Date: Sat, 13 Apr 2019 07:55:11 -0600 Subject: [PATCH 03/15] Renaming entrypoint to get free syntax highlighting --- entrypoint.sh | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 entrypoint.sh diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 000000000000..d7134306d0a1 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +export HOME=/home/coder +export USER_ID=$(id -u) +export GROUP_ID=$(id -g) + +sudo usermod -u $USER_ID coder && sudo groupmod -g $GROUP_ID coder + +exec "$@" \ No newline at end of file From 09c5556f6f06cd88e4c739228181d260c1797b84 Mon Sep 17 00:00:00 2001 From: satlus Date: Sat, 13 Apr 2019 07:56:26 -0600 Subject: [PATCH 04/15] Docker file updated to point to entrypoint.sh --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index e4dc9959b017..9a72ce2a7b84 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,7 +35,7 @@ RUN adduser --gecos '' --disabled-password coder RUN echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd USER coder -COPY entrypoint /home/coder/project/ +COPY entrypoint.sh /home/coder/project/ # We create first instead of just using WORKDIR as when WORKDIR creates, the user is root. RUN mkdir -p /home/coder/project @@ -44,4 +44,4 @@ WORKDIR /home/coder/project COPY --from=0 /src/packages/server/cli-linux-x64 /usr/local/bin/code-server EXPOSE 8443 -ENTRYPOINT ["dumb-init", "entrypoint", "code-server"] +ENTRYPOINT ["dumb-init", "entrypoint.sh", "code-server"] From 1504dfdf73fd366dc9bbcef7a4da3226c3b56b0d Mon Sep 17 00:00:00 2001 From: satlus Date: Thu, 25 Apr 2019 07:50:14 -0400 Subject: [PATCH 05/15] Removed entrypoint without .sh extension --- entrypoint | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 entrypoint diff --git a/entrypoint b/entrypoint deleted file mode 100644 index d7134306d0a1..000000000000 --- a/entrypoint +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -export HOME=/home/coder -export USER_ID=$(id -u) -export GROUP_ID=$(id -g) - -sudo usermod -u $USER_ID coder && sudo groupmod -g $GROUP_ID coder - -exec "$@" \ No newline at end of file From 42bb4dae93bcf4d2a8500b3c6fcc2c0680b27fa7 Mon Sep 17 00:00:00 2001 From: satlus Date: Thu, 25 Apr 2019 07:52:17 -0400 Subject: [PATCH 06/15] added code-server dir to ignore list --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index ffaa56b42253..fb8cdf949ee9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ /lib +code-server node_modules dist out From efe1ca8b0b60e2aff97547570131658e88e3ea07 Mon Sep 17 00:00:00 2001 From: satlus Date: Thu, 25 Apr 2019 10:34:37 -0400 Subject: [PATCH 07/15] entrypoint.sh is working for defaults `docker run` in README --- Dockerfile | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index ab5e85519377..45960c43d53b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,14 +37,15 @@ ENV LC_ALL=en_US.UTF-8 RUN adduser --gecos '' --disabled-password coder && \ echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd +COPY entrypoint.sh /home/coder/workdir/ +RUN chmod +x /home/coder/workdir/entrypoint.sh + USER coder -COPY entrypoint.sh /home/coder/project/ # We create first instead of just using WORKDIR as when WORKDIR creates, the user is root. -RUN mkdir -p /home/coder/project && \ - chmod g+rw /home/coder/project; +RUN mkdir -p /home/coder/workdir -WORKDIR /home/coder/project +WORKDIR /home/coder/workdir # This assures we have a volume mounted even if the user forgot to do bind mount. # XXX: Workaround for GH-459 and for OpenShift compatibility. @@ -53,4 +54,4 @@ VOLUME [ "/home/coder/project" ] COPY --from=0 /src/packages/server/cli-linux-x64 /usr/local/bin/code-server EXPOSE 8443 -ENTRYPOINT ["dumb-init", "entrypoint.sh", "code-server"] +ENTRYPOINT ["dumb-init", "/home/coder/workdir/entrypoint.sh", "code-server"] From 70424c8edcadb7f15f2890b38e9f3d01a5de2496 Mon Sep 17 00:00:00 2001 From: satlus Date: Fri, 26 Apr 2019 14:31:23 -0400 Subject: [PATCH 08/15] There was an attempt.. it seems the usermod approach won't work Checking this non working code for the record. The idea is to usermod to change the uid:gid in entrypoint script. There are two approaches I took to do this: 1. pass the -u flag to docker run and try to do the usermod. Won't work because we're not in the passwd file aand so user mod fails 2. pass env vars with the host uid:gid you want to run as, and then usermod to change in-flight (fails, as we're trying to change the uid while logged in/running proc It seems eding the container /etc/passwd file is the only workable approach. One more thing to try is to run eentrypoint.sh before dumbinit - will do that next --- entrypoint.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index d7134306d0a1..e30b6601122f 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,9 +1,13 @@ -#!/bin/sh +#!/bin/bash export HOME=/home/coder -export USER_ID=$(id -u) -export GROUP_ID=$(id -g) -sudo usermod -u $USER_ID coder && sudo groupmod -g $GROUP_ID coder +if [[ -z $CODER_UID || -z $CODER_GID ]]; + then + echo "didn't find CODER_UID or CODER_GID env vars, running with container default uid:gid" + else + echo "found CODER_UID and CODER_GID env vars, running usermod..."; + usermod -u $CODER_UID coder && sudo usermod -g $CODER_GID coder372 +fi exec "$@" \ No newline at end of file From 31906266afc23d7712920547e7422b8f7443e8ea Mon Sep 17 00:00:00 2001 From: satlus Date: Fri, 26 Apr 2019 14:55:00 -0400 Subject: [PATCH 09/15] Adding docker run commands used for testing --- DockerLaunchCommands.MD | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 DockerLaunchCommands.MD diff --git a/DockerLaunchCommands.MD b/DockerLaunchCommands.MD new file mode 100644 index 000000000000..2833d46b9d1e --- /dev/null +++ b/DockerLaunchCommands.MD @@ -0,0 +1,32 @@ +# Docker launch commands for coder + +## default coder uid:guid +docker run -it -p 127.0.0.1:8443:8443 \ + -v "${PWD}/code-server:/home/coder/project" \ + satlus-code-server:latest --allow-http --no-auth + + ## passing `id(-g|-u)` through the system +docker run -it -p 127.0.0.1:8443:8443 \ +-v "${PWD}/code-server:/home/coder/project" \ +-v "${PWD}/code-server/.cache:/home/coder/.cache" \ +-v "${PWD}/code-server/.local:/home/coder/.local" \ +-u $(id -u):$(id -g) \ +-e CODER_UID=$(id -u) \ +-e CODER_GID=$(id -g) \ +satlus-code-server:latest --allow-http --no-auth + +### Error +found CODER_UID and CODER_GID env vars, running usermod... +sudo: unknown uid 501: who are you? +usermod: Permission denied. +usermod: cannot lock /etc/passwd; try again later. +sudo: unknown uid 501: who are you? + +## the `usermod -g|-u` approach, by passing env var +docker run -it -p 127.0.0.1:8443:8443 \ +-v "${PWD}/code-server:/home/coder/project" \ +-v "${PWD}/code-server/.cache:/home/coder/.cache" \ +-v "${PWD}/code-server/.local:/home/coder/.local" \ +-e CODER_UID=$(id -u) \ +-e CODER_GID=$(id -g) \ +satlus-code-server:latest --allow-http --no-auth \ No newline at end of file From 08ca5beaf2c4081de97e7d9a811419849eff6de9 Mon Sep 17 00:00:00 2001 From: satlus Date: Fri, 26 Apr 2019 15:40:40 -0400 Subject: [PATCH 10/15] fixing bug in usermod -g --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index e30b6601122f..e485101f1e73 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -7,7 +7,7 @@ if [[ -z $CODER_UID || -z $CODER_GID ]]; echo "didn't find CODER_UID or CODER_GID env vars, running with container default uid:gid" else echo "found CODER_UID and CODER_GID env vars, running usermod..."; - usermod -u $CODER_UID coder && sudo usermod -g $CODER_GID coder372 + usermod -u $CODER_UID coder && sudo usermod -g $CODER_GID coder fi exec "$@" \ No newline at end of file From 7ed73050d9df7734c8ec6dd83289b1b9774e4561 Mon Sep 17 00:00:00 2001 From: satlus Date: Fri, 3 May 2019 11:28:11 -0400 Subject: [PATCH 11/15] non root execution works via boxboat/fixuid I added fixuid to the image to support non root execution. --- DockerLaunchCommands.MD | 18 ------------------ Dockerfile | 18 ++++++++++-------- entrypoint.sh | 13 ------------- 3 files changed, 10 insertions(+), 39 deletions(-) delete mode 100644 entrypoint.sh diff --git a/DockerLaunchCommands.MD b/DockerLaunchCommands.MD index 2833d46b9d1e..91b5cd9cd35e 100644 --- a/DockerLaunchCommands.MD +++ b/DockerLaunchCommands.MD @@ -11,22 +11,4 @@ docker run -it -p 127.0.0.1:8443:8443 \ -v "${PWD}/code-server/.cache:/home/coder/.cache" \ -v "${PWD}/code-server/.local:/home/coder/.local" \ -u $(id -u):$(id -g) \ --e CODER_UID=$(id -u) \ --e CODER_GID=$(id -g) \ -satlus-code-server:latest --allow-http --no-auth - -### Error -found CODER_UID and CODER_GID env vars, running usermod... -sudo: unknown uid 501: who are you? -usermod: Permission denied. -usermod: cannot lock /etc/passwd; try again later. -sudo: unknown uid 501: who are you? - -## the `usermod -g|-u` approach, by passing env var -docker run -it -p 127.0.0.1:8443:8443 \ --v "${PWD}/code-server:/home/coder/project" \ --v "${PWD}/code-server/.cache:/home/coder/.cache" \ --v "${PWD}/code-server/.local:/home/coder/.local" \ --e CODER_UID=$(id -u) \ --e CODER_GID=$(id -g) \ satlus-code-server:latest --allow-http --no-auth \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index e5f662eea018..04d660d6ee98 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,20 +34,22 @@ RUN locale-gen en_US.UTF-8 # configured in /etc/default/locale so we need to set it manually. ENV LC_ALL=en_US.UTF-8 -RUN adduser --gecos '' --disabled-password coder && \ +RUN addgroup --gid 1000 coder && \ + adduser --uid 1000 --ingroup coder --home /home/coder --shell /bin/sh --disabled-password --gecos "" coder && \ echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd -COPY entrypoint.sh /home/coder/workdir/ -RUN chmod +x /home/coder/workdir/entrypoint.sh +RUN USER=coder && \ + GROUP=coder && \ + curl -SsL https://github.com/boxboat/fixuid/releases/download/v0.4/fixuid-0.4-linux-amd64.tar.gz | tar -C /usr/local/bin -xzf - && \ + chown root:root /usr/local/bin/fixuid && \ + chmod 4755 /usr/local/bin/fixuid && \ + mkdir -p /etc/fixuid && \ + printf "user: $USER\ngroup: $GROUP\n" > /etc/fixuid/config.yml USER coder # We create first instead of just using WORKDIR as when WORKDIR creates, the user is root. -<<<<<<< HEAD RUN mkdir -p /home/coder/workdir -======= -RUN mkdir -p /home/coder/project ->>>>>>> master WORKDIR /home/coder/workdir @@ -58,4 +60,4 @@ VOLUME [ "/home/coder/project" ] COPY --from=0 /src/packages/server/cli-linux-x64 /usr/local/bin/code-server EXPOSE 8443 -ENTRYPOINT ["dumb-init", "/home/coder/workdir/entrypoint.sh", "code-server"] +ENTRYPOINT ["dumb-init", "fixuid", "code-server"] diff --git a/entrypoint.sh b/entrypoint.sh deleted file mode 100644 index e485101f1e73..000000000000 --- a/entrypoint.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -export HOME=/home/coder - -if [[ -z $CODER_UID || -z $CODER_GID ]]; - then - echo "didn't find CODER_UID or CODER_GID env vars, running with container default uid:gid" - else - echo "found CODER_UID and CODER_GID env vars, running usermod..."; - usermod -u $CODER_UID coder && sudo usermod -g $CODER_GID coder -fi - -exec "$@" \ No newline at end of file From b328da9942ad5064e576777b534ab0005d15cb95 Mon Sep 17 00:00:00 2001 From: satlus Date: Fri, 3 May 2019 18:01:43 -0400 Subject: [PATCH 12/15] Fixuid is now configurable via entrypoint script Added the entrypoint script back in to make fixuid configurable. By default the container will run without invoking fixuid. If the user sets the FIXUID env var in the container it will set the coder user to UID:GID values passed by the `docker -u` cli argument. If the user also sets the FIXUID_QUIET env var, it will disable the warning message. Also cleaned up stuff based on comments on the PR --- DockerLaunchCommands.MD | 14 -------------- Dockerfile | 5 ++++- README.md | 26 ++++++++++++++++++++++++++ entrypoint.sh | 19 +++++++++++++++++++ 4 files changed, 49 insertions(+), 15 deletions(-) delete mode 100644 DockerLaunchCommands.MD create mode 100755 entrypoint.sh diff --git a/DockerLaunchCommands.MD b/DockerLaunchCommands.MD deleted file mode 100644 index 91b5cd9cd35e..000000000000 --- a/DockerLaunchCommands.MD +++ /dev/null @@ -1,14 +0,0 @@ -# Docker launch commands for coder - -## default coder uid:guid -docker run -it -p 127.0.0.1:8443:8443 \ - -v "${PWD}/code-server:/home/coder/project" \ - satlus-code-server:latest --allow-http --no-auth - - ## passing `id(-g|-u)` through the system -docker run -it -p 127.0.0.1:8443:8443 \ --v "${PWD}/code-server:/home/coder/project" \ --v "${PWD}/code-server/.cache:/home/coder/.cache" \ --v "${PWD}/code-server/.local:/home/coder/.local" \ --u $(id -u):$(id -g) \ -satlus-code-server:latest --allow-http --no-auth \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 04d660d6ee98..8e95cb891070 100644 --- a/Dockerfile +++ b/Dockerfile @@ -50,9 +50,12 @@ USER coder # We create first instead of just using WORKDIR as when WORKDIR creates, the user is root. RUN mkdir -p /home/coder/workdir +copy entrypoint.sh /home/coder/workdir/ +RUN sudo chmod +x /home/coder/workdir/entrypoint.sh WORKDIR /home/coder/workdir + # This assures we have a volume mounted even if the user forgot to do bind mount. # So that they do not lose their data if they delete the container. VOLUME [ "/home/coder/project" ] @@ -60,4 +63,4 @@ VOLUME [ "/home/coder/project" ] COPY --from=0 /src/packages/server/cli-linux-x64 /usr/local/bin/code-server EXPOSE 8443 -ENTRYPOINT ["dumb-init", "fixuid", "code-server"] +ENTRYPOINT ["dumb-init", "/home/coder/workdir/entrypoint.sh", "code-server"] diff --git a/README.md b/README.md index c4ce894a9bae..7d6c7eef5a78 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,32 @@ Use [sshcode](https://github.com/codercom/sshcode) for a simple setup. See docker oneliner mentioned above. Dockerfile is at [/Dockerfile](/Dockerfile). +**Run as Non-root user dynamically mapped at runtime in docker** +You can configure code server to run as a UID:GID of your choice. This uses the [boxboat/fixuid](https://github.com/boxboat/fixuid) utility to dynmaically remap the coder uid/gid at runtime. This is especially useful in environments where UIDs change, affect volume mount permissions, and process ownership. You can enable this feature easily with env variables, and the `docker -u` cli flag. + +WARNING: there are some concerns around [security](https://github.com/boxboat/fixuid/issues/1) with this approach, ensure you understand the implications + +Example 1: Run as the host UID:GID, by setting the FIXUID docker env var +```bash +docker run -it -p 127.0.0.1:8443:8443 \ +-v "${PWD}:/home/coder/project" \ +-u $(id -u):$(id -g) \ +-e FIXUID=y \ +codercom/code-server:latest --allow-http --no-auth +``` + +Example 2: Same as above, but disable the fixuid warning message +```bash +docker run -it -p 127.0.0.1:8443:8443 \ +-v "${PWD}:/home/coder/project" \ +-u $(id -u):$(id -g) \ +-e FIXUID=y \ +-e FIXUID_QUIET=y \ +codercom/code-server:latest --allow-http --no-auth +``` + + + ### Binaries 1. [Download a binary](https://github.com/cdr/code-server/releases) (Linux and OS X supported. Windows coming soon) diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 000000000000..dfc9aa0c9b76 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +export HOME=/home/coder + +if [[ -z $FIXUID ]]; + then + echo "fixuid flag not set..." + else + echo "fixuid is set..." + if [[ -z $FIXUID_QUIET ]]; + then + fixuid + else + fixuid -q + fi +fi + +echo "starting coder..." +exec "$@" \ No newline at end of file From dfce54b05b34db2fd5ad77c6a630daa487e35df6 Mon Sep 17 00:00:00 2001 From: satlus Date: Sat, 4 May 2019 07:11:55 -0400 Subject: [PATCH 13/15] I added back the mkdir for /home/coder/project --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 8e95cb891070..7507bbe60f50 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,6 +49,9 @@ RUN USER=coder && \ USER coder # We create first instead of just using WORKDIR as when WORKDIR creates, the user is root. +RUN mkdir -p /home/coder/project + +# Create for our entrypoint RUN mkdir -p /home/coder/workdir copy entrypoint.sh /home/coder/workdir/ RUN sudo chmod +x /home/coder/workdir/entrypoint.sh From b232cc5a0498d1d481f0af956d70b5d0fb347f5b Mon Sep 17 00:00:00 2001 From: satlus Date: Sun, 5 May 2019 09:30:32 -0400 Subject: [PATCH 14/15] Fixed lowercase COPY instruction --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7507bbe60f50..636066fba018 100644 --- a/Dockerfile +++ b/Dockerfile @@ -53,7 +53,7 @@ RUN mkdir -p /home/coder/project # Create for our entrypoint RUN mkdir -p /home/coder/workdir -copy entrypoint.sh /home/coder/workdir/ +COPY entrypoint.sh /home/coder/workdir/ RUN sudo chmod +x /home/coder/workdir/entrypoint.sh WORKDIR /home/coder/workdir From daa96b8bbb1c6c1441a2f92484cccabf8233dfcd Mon Sep 17 00:00:00 2001 From: satlus Date: Sun, 5 May 2019 21:14:11 -0400 Subject: [PATCH 15/15] WORKDIR no longer required, added support for externally mounting /home/coder The entrypoint.sh script is now copied to /usr/local/bin, companion to the code-server binary. The WORKDIR directory is no longer created as nothing is copied to it. Lastly, we've modified the external volume mount to export the entire home directory. This will avoid UFS layer creation for .cache and .local directory writes, which appears to happen by default. --- Dockerfile | 17 +++++------------ README.md | 6 +++--- 2 files changed, 8 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index 636066fba018..83a951403d46 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,22 +48,15 @@ RUN USER=coder && \ USER coder -# We create first instead of just using WORKDIR as when WORKDIR creates, the user is root. -RUN mkdir -p /home/coder/project - -# Create for our entrypoint -RUN mkdir -p /home/coder/workdir -COPY entrypoint.sh /home/coder/workdir/ -RUN sudo chmod +x /home/coder/workdir/entrypoint.sh - -WORKDIR /home/coder/workdir - +# Setup our entrypoint +COPY entrypoint.sh /usr/local/bin/ +RUN sudo chmod +x /usr/local/bin/entrypoint.sh # This assures we have a volume mounted even if the user forgot to do bind mount. # So that they do not lose their data if they delete the container. -VOLUME [ "/home/coder/project" ] +VOLUME [ "/home/coder" ] COPY --from=0 /src/packages/server/cli-linux-x64 /usr/local/bin/code-server EXPOSE 8443 -ENTRYPOINT ["dumb-init", "/home/coder/workdir/entrypoint.sh", "code-server"] +ENTRYPOINT ["dumb-init", "entrypoint.sh", "code-server"] diff --git a/README.md b/README.md index 7d6c7eef5a78..a345ff616923 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ Try it out: ```bash -docker run -it -p 127.0.0.1:8443:8443 -v "${PWD}:/home/coder/project" codercom/code-server --allow-http --no-auth +docker run -it -p 127.0.0.1:8443:8443 -v "${PWD}/code-server:/home/coder" codercom/code-server --allow-http --no-auth ``` - Code on your Chromebook, tablet, and laptop with a consistent dev environment. @@ -39,7 +39,7 @@ WARNING: there are some concerns around [security](https://github.com/boxboat/fi Example 1: Run as the host UID:GID, by setting the FIXUID docker env var ```bash docker run -it -p 127.0.0.1:8443:8443 \ --v "${PWD}:/home/coder/project" \ +-v "${PWD}/code-server:/home/coder" \ -u $(id -u):$(id -g) \ -e FIXUID=y \ codercom/code-server:latest --allow-http --no-auth @@ -48,7 +48,7 @@ codercom/code-server:latest --allow-http --no-auth Example 2: Same as above, but disable the fixuid warning message ```bash docker run -it -p 127.0.0.1:8443:8443 \ --v "${PWD}:/home/coder/project" \ +-v "${PWD}/code-server:/home/coder" \ -u $(id -u):$(id -g) \ -e FIXUID=y \ -e FIXUID_QUIET=y \