diff --git a/sdk_lib/Dockerfile.sdk-import b/sdk_lib/Dockerfile.sdk-import index 10a625a319..a8e75e5d12 100644 --- a/sdk_lib/Dockerfile.sdk-import +++ b/sdk_lib/Dockerfile.sdk-import @@ -17,11 +17,6 @@ RUN if ! grep -q portage /etc/passwd; then \ echo "portage:x:250:250:portage:/var/tmp/portage:/bin/false" >>/etc/passwd; \ fi -# fix "Unable to unshare: EPERM ..." in containers -# (see https://github.com/gentoo/gentoo-docker-images/issues/81) -RUN echo 'export FEATURES="-ipc-sandbox -network-sandbox -pid-sandbox"' \ - >> /etc/skel/.bashrc - RUN groupadd sdk RUN useradd -g sdk -G portage sdk RUN echo "sdk ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/sdk-user diff --git a/sdk_lib/Dockerfile.sdk-update b/sdk_lib/Dockerfile.sdk-update index a102b656cb..3ddb82d1c8 100644 --- a/sdk_lib/Dockerfile.sdk-update +++ b/sdk_lib/Dockerfile.sdk-update @@ -4,22 +4,13 @@ FROM ${BASE} COPY --chown=sdk:sdk sdk_container/ /mnt/host/source COPY --chown=sdk:sdk . /mnt/host/source/src/scripts -# Disable all sandboxing for SDK updates since some core packages -# (like GO) fail to build from a permission error otherwise. -RUN cp /home/sdk/.bashrc /home/sdk/.bashrc.bak -RUN echo 'export FEATURES="-sandbox -usersandbox -ipc-sandbox -network-sandbox -pid-sandbox"' \ - >> /home/sdk/.bashrc - RUN chown sdk:sdk /mnt/host/source -RUN /home/sdk/sdk_entry.sh ./update_chroot --toolchain_boards="amd64-usr arm64-usr" +RUN FEATURES="-ipc-sandbox -network-sandbox -pid-sandbox" \ + /home/sdk/sdk_entry.sh ./update_chroot --toolchain_boards="amd64-usr arm64-usr" RUN /home/sdk/sdk_entry.sh ./setup_board --board="arm64-usr" --regen_configs RUN /home/sdk/sdk_entry.sh ./setup_board --board="amd64-usr" --regen_configs -# Restore original .bashrc to remove sandbox disablement -RUN mv /home/sdk/.bashrc.bak /home/sdk/.bashrc -RUN chown sdk:sdk /home/sdk/.bashrc - # Clean up ephemeral key directory variables that were added during build RUN sed -i -e '/export MODULE_SIGNING_KEY_DIR=/d' \ -e '/export MODULES_SIGN_KEY=/d' \