-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changed prepare-log-file to take args for setting uid/gid for log files. #70094
Changed prepare-log-file to take args for setting uid/gid for log files. #70094
Conversation
/assign @mikedanese |
I signed it |
function prepare-log-file { | ||
touch $1 | ||
chmod 644 $1 | ||
chown "${LOG_OWNER_USER:-root}":"${LOG_OWNER_GROUP:-root}" $1 | ||
chown "${2:-${LOG_OWNER_USER:-root}}":"${3:-${LOG_OWNER_GROUP:-root}}" $1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we intend to assign owners by name or integer id? If name, how are we going to synchronize /etc/passwd between the host and container fs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
By integer id. When we set the user to run as in the security context for the container manifest, it needs to be an integer. I think it would be a bit more maintainable with what we currently have to use the UID in both the security context and configure-helper, because otherwise we're going to have to modify the container image every time to change the user.
/ok-to-test |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mikedanese, mwwolters The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This adds the option to pass log owner user + group which means other functions in configure-helper.sh can be modified to specify those and components can eventually be spun up as non-root users with permission to write to /var/log.
Part of #70093
/kind cleanup
/sig gcp