Skip to content

Commit

Permalink
drop permissions of container to match host system (#8007)
Browse files Browse the repository at this point in the history
  • Loading branch information
gdams authored Mar 10, 2023
1 parent 110b441 commit 1cf4924
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
7 changes: 7 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
FROM ubuntu:18.04

ARG USER_ID
ARG GROUP_ID
ARG DEBIAN_FRONTEND=noninteractive
# WARNING: DON'T PUT A SPACE AFTER ANY BACKSLASH OR APT WILL BREAK
# One -q produces output suitable for logging (mostly hides
Expand Down Expand Up @@ -29,4 +31,9 @@ RUN apt-get -yqq update && apt-get -yqq install \

ENV FWROOT=/FrameworkBenchmarks PYTHONPATH=/FrameworkBenchmarks

# Drop permissions of user to match those of the host system
RUN addgroup --gid $GROUP_ID user
RUN adduser --disabled-password --gecos '' --uid $USER_ID --gid $GROUP_ID user
USER user

ENTRYPOINT ["python", "/FrameworkBenchmarks/toolset/run-tests.py"]
2 changes: 1 addition & 1 deletion tfb
Original file line number Diff line number Diff line change
Expand Up @@ -102,5 +102,5 @@ if ! docker network inspect tfb >/dev/null 2>&1; then
fi

test -t 1 && USE_TTY="-t"
docker build -t techempower/tfb - < ${SCRIPT_ROOT}/Dockerfile
docker build -t techempower/tfb --build-arg USER_ID=$(id -u) --build-arg GROUP_ID=$(id -g) - < ${SCRIPT_ROOT}/Dockerfile
exec docker run -i ${USE_TTY} ${EXTRA_DOCKER_ARGS} --rm --network tfb -v /var/run/docker.sock:/var/run/docker.sock -v ${SCRIPT_ROOT}:/FrameworkBenchmarks techempower/tfb "${@}"

0 comments on commit 1cf4924

Please sign in to comment.