From 834e0c11d728e6fb35d8870bae2e9ddbee8a0891 Mon Sep 17 00:00:00 2001 From: Kai Lueke Date: Wed, 31 Aug 2022 14:01:35 +0200 Subject: [PATCH] Support running under UID 500 When started by the Flatcar core user, the SDK failed to use UID 500 because inside the SDK there already is the core user from nss-altfiles with the same ID. This way, the SDK user was continuing with UID 1000 and had permission errors. Allow to reuse an existing ID for the SDK user. However, this only works when usermod doesn't find a process that uses this ID, and we had a race between the SDK entry points called by "docker start" and by "docker exec". The race is unwanted anyway because we don't want to execute the commands while setup_board is still running. Solve it by setting the entrypoint for "docker start" directly to "bash -l" in "docker create" (this is also what the entry point does as last step: sudo su -l). --- run_sdk_container | 3 ++- sdk_lib/sdk_entry.sh | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/run_sdk_container b/run_sdk_container index 4579186512..41aff89c59 100755 --- a/run_sdk_container +++ b/run_sdk_container @@ -129,7 +129,8 @@ if [ -z "$stat" ] ; then -e SDK_GROUP_ID="$(id -g)" \ --name="$name" \ --hostname="$hostname" \ - "${container_image_name}" + --entrypoint /bin/bash \ + "${container_image_name}" -l fi if [ "$stat" != "Up" ] ; then diff --git a/sdk_lib/sdk_entry.sh b/sdk_lib/sdk_entry.sh index e8a4ad4c23..eca47d7fa8 100755 --- a/sdk_lib/sdk_entry.sh +++ b/sdk_lib/sdk_entry.sh @@ -1,10 +1,11 @@ #!/bin/bash if [ -n "${SDK_USER_ID:-}" ] ; then - usermod -u $SDK_USER_ID sdk + # If the "core" user from /usr/share/baselayout/passwd has the same ID, allow to take it instead + usermod --non-unique -u $SDK_USER_ID sdk fi if [ -n "${SDK_GROUP_ID:-}" ] ; then - groupmod -g $SDK_GROUP_ID sdk + groupmod --non-unique -g $SDK_GROUP_ID sdk fi chown -R sdk:sdk /home/sdk