Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Non root devcontainer #458

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Non root devcontainer #458

wants to merge 4 commits into from

Conversation

texhnolyze
Copy link
Contributor

@texhnolyze texhnolyze commented May 16, 2024
edited
Loading

Summary

This fixes the issue, that when utilizing the devcontainer but at the same time interacting with the repository from the host we run into issues, as files within the repo have the wrong UID/GID from within the container and are not readable, because we use the root user in the container.

Proposed changes

  • update Dockerfile to include a bitbots user with uid=1000, gid=1000
  • make the user configurable both in name and UID, GID by utilizing Dockerfile ARG
  • allow bitbots user to run privileged commands by adjusting /etc/sudoers
  • remove the users group in the container

With these changes, the devcontainer will use the bitbots user internally, which is initially setup with uid=1000, gid=1000, but vscode will switch the uid and gid dynamically to the one of the host user (see microsoft/vscode-remote-release#1155).

Checklist

  • Test on your machine
  • Test on CL
  • Triage this PR and label it

@texhnolyze texhnolyze added bug Something isn't working tooling labels May 16, 2024
@texhnolyze texhnolyze force-pushed the feature/non-root-dev-container branch from b58a99e to c180773 Compare June 20, 2024 15:23
@texhnolyze texhnolyze self-assigned this Jun 20, 2024
@texhnolyze texhnolyze marked this pull request as ready for review June 20, 2024 16:20
@texhnolyze texhnolyze requested review from Flova and jaagut June 20, 2024 16:31
@jaagut
Copy link
Member

jaagut commented Jun 24, 2024

When testing with a fresh container, i get this:

 🐋  ~/colcon_ws/src/bitbots_main  gc --allow-empty -m "Foo"
ruff.................................................(no files to check)Skipped
ruff-format..........................................(no files to check)Skipped
clang-format.........................................(no files to check)Skipped
cppcheck.............................................(no files to check)Skipped
cmake-format.........................................(no files to check)Skipped
cmake-lint...........................................(no files to check)Skipped
check for merge conflicts............................(no files to check)Skipped
check toml...........................................(no files to check)Skipped
check xml............................................(no files to check)Skipped
check yaml...........................................(no files to check)Skipped
detect private key...................................(no files to check)Skipped
fatal: cannot lock ref 'HEAD': Unable to create '/home/bitbots/colcon_ws/src/bitbots_main/.git/refs/heads/feature/non-root-dev-container.lock': Permission denied

@texhnolyze texhnolyze force-pushed the feature/non-root-dev-container branch from 28e3086 to e9c612d Compare June 25, 2024 07:31
@texhnolyze
refactor(devcontainer): use non absolute path in PROMPT
0d4cbcf 
starting from `~` instead of using the whole path
@texhnolyze
feat(devcontainer): use non root user bitbots
5946e01 
to prevent issues when interacting with the repository both from within
the container and outside the container, due to permissions not being
correct
@texhnolyze
fix(devcontainer): delete users group from container
5818cea 
in `Dockerfile`, because the `updateRemoteUserUID` setting of the
devcontainer does not change the `GID` of the `containerUser`
dynamically to the one of the host user if the group exists in the
container already microsoft/vscode-remote-release#2402.

In our case the `containerUser` is set to `bitbots`, because it
automatically uses the last `USER` instruction from the `Dockerfile` and
the `remoteUser` inherits from `containerUser`.

For reference see: microsoft/vscode-remote-release#1155
@texhnolyze texhnolyze force-pushed the feature/non-root-dev-container branch from e9c612d to 5818cea Compare June 25, 2024 07:32
@texhnolyze
Copy link
Contributor Author

Interesting, I am unable to reproduce the issue. I would assume that the lock file can either not be created due to some issues with permissions or because you have some other git process running already, which has already created the file.
Could you tell me which user/group the files under /home/bitbots/colcon_ws/src/bitbots_main/.git/refs belong to?
For me, it is bitbots:bitbots, but if you are on an Ubuntu host for example it would most likely be bitbots:users as we are using the same primary group as the host user account.
But that should still not be an issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Flova Flova Awaiting requested review from Flova

@jaagut jaagut Awaiting requested review from jaagut

At least 1 approving review is required to merge this pull request.

Assignees

@texhnolyze texhnolyze

Labels
bug Something isn't working tooling
Projects
Software
Status: 👀 In review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@texhnolyze @jaagut