Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scuba doesn't work with images that have USER set #109

Open
JonathonReinhart opened this issue Aug 6, 2018 · 4 comments
Open

Scuba doesn't work with images that have USER set #109

JonathonReinhart opened this issue Aug 6, 2018 · 4 comments
Labels
bug

Comments

@JonathonReinhart
Copy link
Owner

No description provided.

@mpdude
Copy link
Contributor

mpdude commented Sep 29, 2019

I've been trying to use:

image: none

aliases:
    yarn:
        image: node:12-alpine
        script: yarn install

Which results in scubainit: GID 1000 already exists in /etc/group.

Is this the same issue?

@mpdude
Copy link
Contributor

mpdude commented Sep 29, 2019

nodejs/docker-node#289 seems related as well.

@mpdude mpdude mentioned this issue Sep 29, 2019
Merged
@Kfeavel Kfeavel mentioned this issue Jan 2, 2023
Open
@JonathonReinhart JonathonReinhart mentioned this issue Jan 3, 2023
Open
@JonathonReinhart
Copy link
Owner Author

Here's one way that Scuba fails if you try to run it with an image that has USER set:

docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "/.scuba/scubainit": stat /.scuba/scubainit: permission denied: unknown.

I'm guessing this is because Docker changes UID to the given USER before it tries to exec scubainit, which in this case, is inaccessible because /.scuba is 700:

jrreinhart@113a76961813:/tmp/scubademo$ ls -al /.scuba
total 84
drwx------ 2 jrreinhart primarygroup  4096 Sep  6 18:31 .
drwxr-xr-x 1 root       root          4096 Sep  6 18:31 ..
-rw-r--r-- 1 jrreinhart primarygroup    40 Sep  6 18:31 command.sh
-rwxr-xr-x 1 jrreinhart primarygroup 71104 Sep  6 18:08 scubainit

Why is it 700? Well tempfile.mkdtemp(prefix="TESTING") (as used in __make_scubadir) results in a mkdir("/temp/TESTINGxxxxxxxx", 0700) syscall. So maybe it's always been this way.

Scuba should probably just inspect the image prior to running, and throw its hands up if USER is set.

cc @rpasek

@JonathonReinhart
Copy link
Owner Author

JonathonReinhart commented Sep 10, 2023
edited
Loading

There are a few ways scuba can fail when running an image with USER set:

  • Running scuba normally:

    • If run from a directory beneath /home/$USER:

      scubainit: Failed to chmod /home/jreinhart: Operation not permitted

    • If run from a directory outside of /home/$USER:

      scubainit: Failed to create /home/jreinhart: Permission denied
      • We're trying to create a directory in /home (owned by root as part of the image), while running as USER.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mpdude @JonathonReinhart