Skip to content
Permalink
Browse files
fix(buildah): wrong UID/GID/workdir/entrypoint/cmd in stages
Those were inherited from the original container, which is not what we want
most of the time. Now they are always set to safe defaults, but only for
stages commands.

Signed-off-by: Ilya Lesikov <ilya@lesikov.com>
  • Loading branch information
ilya-lesikov committed Aug 19, 2022
1 parent 69dc039 commit 32843f2898c4fd79c13e552a909418fbf7874608
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 2 deletions.
@@ -53,8 +53,10 @@ type RunMount struct {

type RunCommandOpts struct {
CommonOpts
Args []string
Mounts []specs.Mount
WorkingDir string
User string
Args []string
Mounts []specs.Mount
}

type RmiOpts struct {
@@ -267,6 +267,10 @@ func (b *NativeBuildah) RunCommand(ctx context.Context, container string, comman
Mounts: opts.Mounts,
ConfigureNetwork: define.NetworkEnabled,
SystemContext: &b.DefaultSystemContext,
WorkingDir: opts.WorkingDir,
User: opts.User,
Entrypoint: []string{},
Cmd: []string{},
}

stderr := &bytes.Buffer{}
@@ -157,6 +157,8 @@ func (runtime *BuildahBackend) applyCommands(ctx context.Context, container *con

if err := runtime.buildah.RunCommand(ctx, container.Name, []string{"sh", destScriptPath}, buildah.RunCommandOpts{
CommonOpts: runtime.getBuildahCommonOpts(ctx, false),
User: "0:0",
WorkingDir: "/",
Mounts: mounts,
}); err != nil {
return fmt.Errorf("unable to run commands script: %w", err)
@@ -661,6 +663,8 @@ func (runtime *BuildahBackend) RemoveHostDirs(ctx context.Context, mountDir stri
}

return runtime.buildah.RunCommand(ctx, container.Name, append([]string{"rm", "-rf"}, containerDirs...), buildah.RunCommandOpts{
User: "0:0",
WorkingDir: "/",
Mounts: []specs.Mount{
{
Type: "bind",

0 comments on commit 32843f2

Please sign in to comment.