Evaluate strategies to avoid any need for sudoer calls on VMs and docker images. #5748
jeremy-donson
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The two associated VM problems that have been recurrent are the tip of the potential iceberg here:
I believe this issue arises due to two roles:
Package builder MIGHT need sudo but should not... Package service runner should NEVER have sudo access.
Frankly, when there is a single user on an entire host (vm or docker container) access issues are avoidable.
This should go for VMs and for docker images as well.
Things worth testing:
A 'magma' service user might make some good sense.
How about a builder user who is sudoer who gets deleted after the build is over? 🙂
We could call set -a to export all vars.
We could use umask....
https://widerin.net/blog/change-umask-in-docker-containers/
Beta Was this translation helpful? Give feedback.
All reactions