Skip to content

restore gosu suid bit when container stops #333

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 18, 2020
Merged

restore gosu suid bit when container stops #333

merged 3 commits into from
Apr 18, 2020

Conversation

kaluzki
Copy link
Contributor

@kaluzki kaluzki commented Dec 1, 2019
edited
Loading

#226

thanks to these guys:

cd docker
docker build -t webdevops/base base/alpine

# interactive -> strg+c

docker run --name bug226 -ti --user 1000 webdevops/base
-> Executing /opt/docker/provision/entrypoint.d/05-gosu.sh
-> Executing /opt/docker/provision/entrypoint.d/05-permissions.sh
-> Executing /opt/docker/bin/service.d/supervisor.d//10-init.sh
2019-12-01 17:10:00,860 INFO Included extra file "/opt/docker/etc/supervisor.d/cron.conf" during parsing
2019-12-01 17:10:00,860 INFO Included extra file "/opt/docker/etc/supervisor.d/dnsmasq.conf" during parsing
2019-12-01 17:10:00,860 INFO Included extra file "/opt/docker/etc/supervisor.d/postfix.conf" during parsing
2019-12-01 17:10:00,860 INFO Included extra file "/opt/docker/etc/supervisor.d/ssh.conf" during parsing
2019-12-01 17:10:00,860 INFO Included extra file "/opt/docker/etc/supervisor.d/syslog.conf" during parsing
2019-12-01 17:10:00,860 INFO Set uid to user 0 succeeded
2019-12-01 17:10:00,868 INFO RPC interface 'supervisor' initialized
2019-12-01 17:10:00,868 INFO supervisord started with pid 19
^C
2019-12-01 17:10:17,702 WARN received SIGINT indicating exit request
Container stopped, performing teardown...
-> Executing /opt/docker/provision/entrypoint.d/teardown/05-gosu.sh

docker start bug226
docker logs bug226
...
-> Executing /opt/docker/provision/entrypoint.d/05-gosu.sh
-> Executing /opt/docker/provision/entrypoint.d/05-permissions.sh
-> Executing /opt/docker/bin/service.d/supervisor.d//10-init.sh
2019-12-01 17:11:43,870 INFO Included extra file "/opt/docker/etc/supervisor.d/cron.conf" during parsing
2019-12-01 17:11:43,870 INFO Included extra file "/opt/docker/etc/supervisor.d/dnsmasq.conf" during parsing
2019-12-01 17:11:43,870 INFO Included extra file "/opt/docker/etc/supervisor.d/postfix.conf" during parsing
2019-12-01 17:11:43,870 INFO Included extra file "/opt/docker/etc/supervisor.d/ssh.conf" during parsing
2019-12-01 17:11:43,870 INFO Included extra file "/opt/docker/etc/supervisor.d/syslog.conf" during parsing
2019-12-01 17:11:43,870 INFO Set uid to user 0 succeeded
2019-12-01 17:11:43,878 INFO RPC interface 'supervisor' initialized
2019-12-01 17:11:43,878 INFO supervisord started with pid 17

docker exec -ti bug226 whoami
whoami: unknown uid 1000



docker stop bug226 
docker rm bug226



# daemon

docker run --name bug226 -d --user 1000 webdevops/base
...
docker logs bug226
-> Executing /opt/docker/provision/entrypoint.d/05-gosu.sh
-> Executing /opt/docker/provision/entrypoint.d/05-permissions.sh
-> Executing /opt/docker/bin/service.d/supervisor.d//10-init.sh
2019-12-01 17:15:40,460 INFO Included extra file "/opt/docker/etc/supervisor.d/cron.conf" during parsing
2019-12-01 17:15:40,460 INFO Included extra file "/opt/docker/etc/supervisor.d/dnsmasq.conf" during parsing
2019-12-01 17:15:40,460 INFO Included extra file "/opt/docker/etc/supervisor.d/postfix.conf" during parsing
2019-12-01 17:15:40,460 INFO Included extra file "/opt/docker/etc/supervisor.d/ssh.conf" during parsing
2019-12-01 17:15:40,460 INFO Included extra file "/opt/docker/etc/supervisor.d/syslog.conf" during parsing
2019-12-01 17:15:40,460 INFO Set uid to user 0 succeeded
2019-12-01 17:15:40,468 INFO RPC interface 'supervisor' initialized
2019-12-01 17:15:40,468 INFO supervisord started with pid 17

docker stop bug226
docker logs bug226
...
Container stopped, performing teardown...
-> Executing /opt/docker/provision/entrypoint.d/teardown/05-gosu.sh

docker start bug226
docker logs bug226
...
-> Executing /opt/docker/provision/entrypoint.d/05-gosu.sh
-> Executing /opt/docker/provision/entrypoint.d/05-permissions.sh
-> Executing /opt/docker/bin/service.d/supervisor.d//10-init.sh
2019-12-01 17:17:39,927 INFO Included extra file "/opt/docker/etc/supervisor.d/cron.conf" during parsing
2019-12-01 17:17:39,927 INFO Included extra file "/opt/docker/etc/supervisor.d/dnsmasq.conf" during parsing
2019-12-01 17:17:39,927 INFO Included extra file "/opt/docker/etc/supervisor.d/postfix.conf" during parsing
2019-12-01 17:17:39,927 INFO Included extra file "/opt/docker/etc/supervisor.d/ssh.conf" during parsing
2019-12-01 17:17:39,927 INFO Included extra file "/opt/docker/etc/supervisor.d/syslog.conf" during parsing
2019-12-01 17:17:39,927 INFO Set uid to user 0 succeeded
Unlinking stale socket /.supervisor.sock
2019-12-01 17:17:40,261 INFO RPC interface 'supervisor' initialized
2019-12-01 17:17:40,261 INFO supervisord started with pid 19

docker exec -ti bug226 whoami
whoami: unknown uid 1000

@kaluzki kaluzki changed the title restore gosu suid bit when container stops #226 restore gosu suid bit when container stops Dec 1, 2019
@kaluzki kaluzki force-pushed the issue-226-trap-sigterm branch from 916236b to 8318e99 Compare December 1, 2019 16:43
@kaluzki kaluzki force-pushed the issue-226-trap-sigterm branch from 8318e99 to 4ea729e Compare December 1, 2019 17:19
@kaluzki kaluzki mentioned this pull request Dec 1, 2019
Closed
htuscher
htuscher reviewed Dec 1, 2019
View reviewed changes
provisioning/base/general/bin/entrypoint.d/run.sh Outdated
includeScriptDir /opt/docker/provision/entrypoint.d/teardown
}
trap 'teardownEntrypoint' SIGTERM
runEntrypoints &
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You must hand over the first argument given by the general entrypoint.sh script.
The entrypoint system is constructed to have alternative services instead of supervisord to run.
By omitting that argument that becomes impossible and will break many setups.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

im not very experienced in bash, and was a little bit confused by the fact that
the function runEntrypoints doesn't expect any argument and also doesn't provide it
explicitely to its task scripts. so i assumed the parameter handling in the task doesn't
work anyway. but now i just tried some scripts and was very suprised :)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, the "$@" is basically a ... in other programming languages

@htuscher htuscher merged commit 760bcf8 into webdevops:master Apr 18, 2020
This was referenced Apr 18, 2020
Closed
Closed
@htuscher
Copy link
Member

htuscher commented Apr 18, 2020
edited
Loading

@kaluzki Unfortunately I had to revert the merge, because a very widely usage to get an interactive shell doesn't work anymore with this solution:

docker run --rm -ti --user 1000 webdevops/php:7.3 bash
Container stopped, performing teardown...
-> Executing /opt/docker/provision/entrypoint.d/teardown/05-gosu.sh

Expected:

docker run --rm -ti --user 1000 webdevops/php:7.3 bash
root@ca4f47973adb:/#

I've backuped the merged result in the branch merge_trap. If you find a solution it would be great.

Thx for contributing

@TiiFuchs TiiFuchs mentioned this pull request Oct 1, 2020
Closed
@kaluzki kaluzki mentioned this pull request Dec 19, 2020
Open
@rhyek rhyek mentioned this pull request Jul 28, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@htuscher htuscher htuscher left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kaluzki @htuscher