Skip to content

Commit

Permalink
🐛 Cherry picks to release-0.6 for hub SCC fixes (#765)
Browse files Browse the repository at this point in the history
Co-authored-by: Jason Montleon <jmontleo@redhat.com>
  • Loading branch information
dymurray and jmontleon authored Nov 20, 2024
1 parent f99f88d commit 95745ea
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 0 deletions.
1 change: 1 addition & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ COPY --from=report /usr/local/static-report /tmp/analysis/report
RUN microdnf -y install \
sqlite \
&& microdnf -y clean all
RUN echo "hub:x:1001:0:hub:/:/sbin/nologin" >> /etc/passwd
ENTRYPOINT ["/usr/local/bin/tackle-hub"]

LABEL name="konveyor/tackle2-hub" \
Expand Down
24 changes: 24 additions & 0 deletions settings/hub.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package settings

import (
"os"
"os/user"
"strconv"
"time"
)
Expand All @@ -28,6 +29,7 @@ const (
EnvTaskPreemptDelayed = "TASK_PREEMPT_DELAYED"
EnvTaskPreemptPostponed = "TASK_PREEMPT_POSTPONED"
EnvTaskPreemptRate = "TASK_PREEMPT_RATE"
EnvTaskUid = "TASK_UID"
EnvFrequencyTask = "FREQUENCY_TASK"
EnvFrequencyReaper = "FREQUENCY_REAPER"
EnvDevelopment = "DEVELOPMENT"
Expand Down Expand Up @@ -94,6 +96,7 @@ type Hub struct {
Failed int
}
}
UID int64
}
// Frequency
Frequency struct {
Expand Down Expand Up @@ -257,6 +260,27 @@ func (r *Hub) Load() (err error) {
} else {
r.Task.Preemption.Rate = 10
}
s, found = os.LookupEnv(EnvTaskUid)
if found {
var uid int64
uid, err = strconv.ParseInt(s, 10, 64)
if err != nil {
return
}
r.Task.UID = uid
} else {
var uid int64
var hubUser *user.User
hubUser, err = user.Current()
if err != nil {
return
}
uid, err = strconv.ParseInt(hubUser.Uid, 10, 64)
if err != nil {
return
}
r.Task.UID = uid
}
s, found = os.LookupEnv(EnvDevelopment)
if found {
b, _ := strconv.ParseBool(s)
Expand Down
4 changes: 4 additions & 0 deletions task/manager.go
Original file line number Diff line number Diff line change
Expand Up @@ -1699,6 +1699,7 @@ func (r *Task) containers(
},
},
}
uid := Settings.Hub.Task.UID
plain = append(plain, addon.Spec.Container)
plain[0].Name = "addon"
for i := range extensions {
Expand All @@ -1714,6 +1715,9 @@ func (r *Task) containers(
container := &plain[i]
injector.Inject(container)
r.propagateEnv(&plain[0], container)
container.SecurityContext = &core.SecurityContext{
RunAsUser: &uid,
}
container.VolumeMounts = append(
container.VolumeMounts,
core.VolumeMount{
Expand Down

0 comments on commit 95745ea

Please sign in to comment.