From 0d0848b807d560aa490a9ad8fb692e2a6b84ea88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Carvalho?= Date: Thu, 22 Mar 2018 14:44:44 -0300 Subject: [PATCH] docker/executor: support running commands as user --- internal/docker/executor.go | 9 ++++++--- internal/user/user.go | 5 +++++ main.go | 7 ++++++- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/internal/docker/executor.go b/internal/docker/executor.go index 963ac76..73de41e 100644 --- a/internal/docker/executor.go +++ b/internal/docker/executor.go @@ -16,13 +16,15 @@ import ( type Executor struct { ContainerID string Client *Client + DefaultUser string } func (d *Executor) Execute(opts exec.ExecuteOptions) error { + return d.ExecuteAsUser(d.DefaultUser, opts) +} + +func (d *Executor) ExecuteAsUser(user string, opts exec.ExecuteOptions) error { cmd := append([]string{opts.Cmd}, opts.Args...) - if cmd[0] != "/bin/sh" && (opts.Dir != "" || len(opts.Envs) > 0) { - cmd = append([]string{"/bin/sh", "-c"}, strings.Join(cmd, " ")) - } if opts.Dir != "" { cmd = append(cmd[:2], fmt.Sprintf("cd %s && %s", opts.Dir, strings.Join(cmd[2:], " "))) } @@ -35,6 +37,7 @@ func (d *Executor) Execute(opts exec.ExecuteOptions) error { AttachStdin: opts.Stdin != nil, AttachStdout: opts.Stdout != nil, AttachStderr: opts.Stderr != nil, + User: user, }) if err != nil { return err diff --git a/internal/user/user.go b/internal/user/user.go index e90b87d..3f29e31 100644 --- a/internal/user/user.go +++ b/internal/user/user.go @@ -93,6 +93,11 @@ type userExecutor struct { } func (e *userExecutor) Execute(opts exec.ExecuteOptions) error { + if ue, ok := e.baseExecutor.(interface { + ExecuteAsUser(string, exec.ExecuteOptions) error + }); ok { + return ue.ExecuteAsUser(strconv.Itoa(e.uid), opts) + } args := []string{ "-u", fmt.Sprintf("#%d", e.uid), "--", opts.Cmd, } diff --git a/main.go b/main.go index 3f44c4b..a6261b6 100644 --- a/main.go +++ b/main.go @@ -34,6 +34,7 @@ type Config struct { RegistryAuthPass string `split_words:"true"` RegistryAuthUser string `split_words:"true"` RegistryAddress string `split_words:"true"` + RunAsUser string `split_words:"true"` } func main() { @@ -76,7 +77,11 @@ func main() { if err != nil { fatal("failed to get main container: %v", err) } - executor = &docker.Executor{Client: dockerClient, ContainerID: mainContainer.ID} + executor = &docker.Executor{ + Client: dockerClient, + ContainerID: mainContainer.ID, + DefaultUser: config.RunAsUser, + } filesystem = &executorFS{executor: executor} err = uploadFile(context.Background(), dockerClient, mainContainer.ID, config.InputFile) if err != nil {