Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Docker rootless mode & fix file ownership in root mode #771

Merged
merged 5 commits into from
Feb 17, 2022
Merged

Support Docker rootless mode & fix file ownership in root mode #771

merged 5 commits into from
Feb 17, 2022

Conversation

Nuru
Copy link
Sponsor Contributor

@Nuru Nuru commented Feb 15, 2022
edited
Loading

what && why

notes

This release introduces a new customization:

export GEODESIC_HOST_BINDFS_ENABLED=true

When Geodesic is launched by a shell where $GEODESIC_HOST_BINDFS_ENABLED == true it will configure /localhost so that files created by root inside Geodesic will have their ownership mapped to the same user ID and group ID as on the host. This a solution for people experiencing #594 and ONLY them. If your present solution is not creating files on the host owned by root then option will likely cause new problems.

Note further that this is a workaround and not the desired solution. Our recommendation is that you resolve the underlying issue by running Docker in "rootless" mode. This is much more secure and avoids the issue causing problems in the first place.

@Nuru Nuru requested a review from a team as a code owner February 15, 2022 04:03
@github-actions github-actions bot added the shell label Feb 15, 2022
@Nuru Nuru mentioned this pull request Feb 15, 2022
Closed
@Nuru Nuru added bugfix Change that restores intended behavior enhancement New feature or request labels Feb 15, 2022
@Nuru Nuru mentioned this pull request Feb 15, 2022
Closed
@drmikecrowe
Copy link

By/Large, this works as expected and I'd approve this as-is.

I would suggest adding something about GEODESIC_HOST_BINDFS_ENABLED somewhere -- I had to search for how to enable this.

@github-actions github-actions bot added the docs label Feb 17, 2022
aknysh
aknysh reviewed Feb 17, 2022
View reviewed changes
Dockerfile.custom
@@ -3,6 +3,12 @@
# for a customer using the Cloud Posse Reference Architecture.
# Use it as a basis for your own customizations.
#
# Note that Geodesic supports runtime customizations that
# do not require a custome Dockerfile. See:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# do not require a custome Dockerfile. See:
# do not require a custom Dockerfile. See:

@Nuru Nuru merged commit 83919a0 into master Feb 17, 2022
@Nuru Nuru deleted the bindfs branch February 17, 2022 02:07
@Nuru Nuru mentioned this pull request Feb 17, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aknysh aknysh aknysh left review comments

@nitrocode nitrocode nitrocode approved these changes

@osterman osterman Awaiting requested review from osterman

Assignees
No one assigned
Labels
bugfix Change that restores intended behavior enhancement New feature or request
Projects
None yet
Milestone
No milestone
4 participants
@Nuru @drmikecrowe @aknysh @nitrocode