1
0
mirror of https://github.com/stucki/docker-lineageos synced 2024-12-19 17:12:29 -05:00

Don't run as root

This commit is contained in:
Michael Stucki 2015-03-16 10:19:07 +01:00
parent 275d35d8ab
commit 80450d6cc1
3 changed files with 25 additions and 2 deletions

View File

@ -25,12 +25,22 @@ RUN chmod 755 /var/run/screen
RUN apt-get -qqy upgrade
RUN mkdir -p /home/cmbuild && useradd --no-create-home cmbuild && rsync -a /etc/skel/ /home/cmbuild/ && chown -R cmbuild:cmbuild /home/cmbuild
RUN mkdir -p /home/cmbuild && useradd --no-create-home cmbuild && rsync -a /etc/skel/ /home/cmbuild/
RUN mkdir /home/cmbuild/bin
RUN curl http://commondatastorage.googleapis.com/git-repo-downloads/repo > /home/cmbuild/bin/repo
RUN chmod a+x /home/cmbuild/bin/repo
# Add sudo permission
RUN echo "cmbuild ALL=NOPASSWD: ALL" > /etc/sudoers.d/cmbuild
# Fix ownership
RUN chown -R cmbuild:cmbuild /home/cmbuild
ADD startup.sh /root/startup.sh
RUN chmod a+x /root/startup.sh
# Set global variables
ADD android-env-vars.sh /etc/android-env-vars.sh
RUN echo "source /etc/android-env-vars.sh" >> /etc/bash.bashrc
@ -40,3 +50,8 @@ VOLUME /home/cmbuild/android
VOLUME /srv/ccache
RUN CCACHE_DIR=/srv/ccache ccache -M 50G
CMD /root/startup.sh
# This does not work yet, see https://github.com/docker/docker/issues/9806
#USER cmbuild

2
run.sh
View File

@ -31,7 +31,7 @@ if [[ $IS_RUNNING == "true" ]]; then
elif [[ $IS_RUNNING == "false" ]]; then
docker start -i $CONTAINER
else
docker run -v $SOURCE:$CONTAINER_HOME/android -v $CCACHE:/srv/ccache -i -t --name $CONTAINER $REPOSITORY sh -c "screen -s /bin/bash"
docker run -v $SOURCE:$CONTAINER_HOME/android -v $CCACHE:/srv/ccache -i -t --name $CONTAINER $REPOSITORY
fi
exit $?

8
startup.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/sh
# Fix console permissions as long as https://github.com/docker/docker/issues/9806 is not fixed
usermod --groups tty --append cmbuild
chgrp tty /dev/console
chmod g+rw /dev/console
su -c "cd /home/cmbuild/android; screen -s /bin/bash" cmbuild