-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The fixed user seems to lose other groups #30
Comments
Secondary groups are specified in In the case the container is run with the UID of an existing user that does not match the name of the configured fixuid user, the UID is not changed, so secondary groups will not match: Lines 138 to 147 in 4467c25
But in the typical case that the container is run with a UID that does not match any user in |
@caleblloyd so sorry, but I didn't understand much of your reply. I'm back to say that, if a group is required to be present you can ensure its presence with |
This issue is still present. |
The problem lies in the ExitOrExec function that is executing the next process after doing all the changes. It is setting the euid and egid, but not looking up and setting additional groups from /etc/group from inside the container. |
As the new fixuid version correctly retains the groups for the user. Refs boxboat/fixuid#30
As the new fixuid version correctly retains the groups for the user. Refs boxboat/fixuid#30 Refs boxboat/fixuid#37
With this fix I was able to greatly simplify |
If the user is part of more groups than the
dockergroup
(the group which fixuid changes), those groups do not get applied in the new user.The text was updated successfully, but these errors were encountered: