Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(cnbBuild): do not set supplementary groups for lifecycle #4675

Merged
merged 1 commit into from
Nov 14, 2023

Conversation

pbusko
Copy link
Member

@pbusko pbusko commented Nov 14, 2023

Changes

This change allows to override the dockerOptions to run the step as CNB_USER_ID and CNB_GROUP_ID instead of root.

https://pubs.opengroup.org/onlinepubs/9699919799/functions/setuid.html

If the process does not have appropriate privileges, but uid is equal to the real user ID or the saved set-user-ID, setuid() shall set the effective user ID to uid; the real user ID and saved set-user-ID shall remain unchanged.

  • Tests
  • Documentation

Co-authored-by: Pavel Busko <pavel.busko@sap.com>
@pbusko pbusko requested a review from a team as a code owner November 14, 2023 12:34
@pbusko
Copy link
Member Author

pbusko commented Nov 14, 2023

/it-go

Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@pbusko pbusko enabled auto-merge (squash) November 14, 2023 12:42
@pbusko pbusko merged commit 63b7fd7 into master Nov 14, 2023
11 checks passed
@pbusko pbusko deleted the cnbbuild-allow-noroot branch November 14, 2023 13:01
maxatsap pushed a commit to maxatsap/jenkins-library that referenced this pull request Jul 23, 2024
Co-authored-by: Johannes Dillmann <j.dillmann@sap.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants