Skip to content

Commit

Permalink
Make router user the owner of the docker image's /dist/data directory (
Browse files Browse the repository at this point in the history
…#4898)

Since we made our images more secure, we run our router process as user
'router'. If we are running under 'heaptrack', e.g.: in a debug image,
then we cannot write to /dist/data because it is owned by 'root'.

This changes the ownership of /dist/data from 'root' to 'router' to
allow writes to succeed.
  • Loading branch information
garypen authored Apr 4, 2024
1 parent a544287 commit 9c21f92
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 2 deletions.
7 changes: 7 additions & 0 deletions .changesets/fix_garypen_revive_docker_heaptrack.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
### Make 'router' user the owner of the docker image's /dist/data directory ([PR #4898](https://github.com/apollographql/router/pull/4898))

Since we made our images more secure, we run our router process as user 'router'. If we are running under 'heaptrack', e.g.: in a debug image, then we cannot write to /dist/data because it is owned by 'root'.

This changes the ownership of /dist/data from 'root' to 'router' to allow writes to succeed.

By [@garypen](https://github.com/garypen) in https://github.com/apollographql/router/pull/4898
3 changes: 2 additions & 1 deletion dockerfiles/Dockerfile.router
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,8 @@ RUN \
RUN \
if [ "${DEBUG_IMAGE}" = "true" ]; then \
apt-get install -y heaptrack && \
mkdir data; \
mkdir data && \
chown router data; \
fi

# Clean up apt lists
Expand Down
3 changes: 2 additions & 1 deletion dockerfiles/diy/dockerfiles/Dockerfile.repo
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,8 @@ RUN \
heaptrack-gui \
x11-apps \
iputils-ping && \
mkdir data; \
mkdir data && \
chown router data; \
fi

# Clean up apt lists
Expand Down

0 comments on commit 9c21f92

Please sign in to comment.