Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix default user/groups in buildpack builds. #3396

Merged
merged 1 commit into from
Mar 26, 2024
Merged

Fix default user/groups in buildpack builds. #3396

merged 1 commit into from
Mar 26, 2024

Conversation

Roadmaster
Copy link
Contributor

Change Summary

What and Why:
Pass magic "make file ownership match the user running the process" to packclient's BuildArgs when using github.com/buildpacks/pack.

The Pack library started supporting (commit) custom groups and users owning files in the image - unfortunately the "default" behavior changed to be "make all files owned by UID/GID 0" and the old "make file ownership match the user running the process" behavior now requires passing a magic constant for the new GroupID and UserID parameters to the build arguments.

The symptom we saw is that files in buildpack-generated images were all owned by root, while the running process was non-root, causing ENOACCES errors when running images and VMs.

How:

This fixes the described problem by passing the new magic constant for GroupID and UserID in buildargs for buildpack-based images.

Related to:
(Multiple reports in community forum about ENOACCES, permission denied errors in buildpack deploys.)

Documentation

  • n/a

@Roadmaster Roadmaster requested a review from rubys March 22, 2024 15:52
@Roadmaster Roadmaster marked this pull request as ready for review March 22, 2024 17:09
@Roadmaster Roadmaster marked this pull request as draft March 22, 2024 19:27
@Roadmaster Roadmaster removed the request for review from rubys March 22, 2024 19:32
@Roadmaster Roadmaster marked this pull request as ready for review March 22, 2024 19:32
@kzys kzys mentioned this pull request Mar 22, 2024
Closed
3 tasks
@Roadmaster
Fix default user/groups in buildpack builds.
f753345 
The Pack library started supporting custom groups and users
owning files in the image - unfortunately the "default" behavior
changed to be "make all files owned by UID/GID 0" and the old
"make file ownership match the user running the process" behavior was
placed behind a magic constant for the new GroupID and UserID parameters
to the build arguments.

The symptom we saw is that files in buildpack-generated images were all
owned by root, while the running process was non-root, causing ENOACCES
errors when running images and VMs.

This fixes the problem by passing the new magic constant for GroupID
and UserID in buildargs for buildpack-based images.
@Roadmaster Roadmaster force-pushed the fix-buildpack-user-group branch from a704442 to f753345 Compare March 26, 2024 13:30
@Roadmaster Roadmaster merged commit 8185d9f into master Mar 26, 2024
39 checks passed
@Roadmaster Roadmaster deleted the fix-buildpack-user-group branch March 26, 2024 14:26
@edmorley edmorley mentioned this pull request Apr 1, 2024
Closed
@edmorley edmorley mentioned this pull request Apr 29, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benbjohnson benbjohnson benbjohnson approved these changes

@kzys kzys kzys approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Roadmaster @kzys @benbjohnson