Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[MRG] Do not try to build the image with root as the primary user. #676

Merged
merged 1 commit into from May 8, 2019
Merged

[MRG] Do not try to build the image with root as the primary user. #676

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 2 additions & 0 deletions docs/source/changelog.rst
View file
Open in desktop
Expand Up @@ -16,6 +16,8 @@ API changes

Bug fixes
---------
- Prevent building the image as root if --user-id and --user-name are not specified
in :pr:`676` by :user:`Xarthisius`.


Version 0.9.0
Expand Down
14 changes: 14 additions & 0 deletions repo2docker/app.py
View file
Open in desktop
Expand Up @@ -8,6 +8,7 @@
python -m repo2docker https://github.com/you/your-repo
"""
import argparse
import errno
import json
import sys
import logging
Expand Down Expand Up @@ -650,6 +651,19 @@ def build(self):
extra=dict(phase='building'))

if not self.dry_run:
if os.geteuid() == 0:
self.log.error(
'Root as the primary user in the image is not permitted.\n'
)
self.log.info(
"The uid and the username of the user invoking repo2docker "
"is used to create a mirror account in the image by default. "
"To override that behavior pass --user-id <numeric_id> and "
" --user-name <string> to repo2docker.\n"
"Please see repo2docker --help for more details.\n"
)
sys.exit(errno.EPERM)

build_args = {
'NB_USER': self.user_name,
'NB_UID': str(self.user_id),
Expand Down
15 changes: 14 additions & 1 deletion tests/unit/test_app.py
View file
Open in desktop
@@ -1,3 +1,5 @@
import errno
import pytest
from tempfile import TemporaryDirectory
from unittest.mock import patch

Expand Down Expand Up @@ -101,4 +103,15 @@ def test_run_kwargs(repo_with_content):
containers.run.assert_called_once()
args, kwargs = containers.run.call_args
assert 'somekey' in kwargs
assert kwargs['somekey'] == "somevalue"
assert kwargs['somekey'] == "somevalue"


def test_root_not_allowed():
with TemporaryDirectory() as src, patch('os.geteuid') as geteuid:
geteuid.return_value = 0
app = Repo2Docker()
argv = [src]
app = make_r2d(argv)
with pytest.raises(SystemExit) as exc:
app.build()
assert exc.code == errno.EPERM