mirror of
https://github.com/stucki/docker-lineageos
synced 2024-12-19 17:12:29 -05:00
Don't run as root
This commit is contained in:
parent
275d35d8ab
commit
80450d6cc1
17
Dockerfile
17
Dockerfile
@ -25,12 +25,22 @@ RUN chmod 755 /var/run/screen
|
||||
|
||||
RUN apt-get -qqy upgrade
|
||||
|
||||
RUN mkdir -p /home/cmbuild && useradd --no-create-home cmbuild && rsync -a /etc/skel/ /home/cmbuild/ && chown -R cmbuild:cmbuild /home/cmbuild
|
||||
RUN mkdir -p /home/cmbuild && useradd --no-create-home cmbuild && rsync -a /etc/skel/ /home/cmbuild/
|
||||
|
||||
RUN mkdir /home/cmbuild/bin
|
||||
RUN curl http://commondatastorage.googleapis.com/git-repo-downloads/repo > /home/cmbuild/bin/repo
|
||||
RUN chmod a+x /home/cmbuild/bin/repo
|
||||
|
||||
# Add sudo permission
|
||||
RUN echo "cmbuild ALL=NOPASSWD: ALL" > /etc/sudoers.d/cmbuild
|
||||
|
||||
# Fix ownership
|
||||
RUN chown -R cmbuild:cmbuild /home/cmbuild
|
||||
|
||||
ADD startup.sh /root/startup.sh
|
||||
RUN chmod a+x /root/startup.sh
|
||||
|
||||
# Set global variables
|
||||
ADD android-env-vars.sh /etc/android-env-vars.sh
|
||||
RUN echo "source /etc/android-env-vars.sh" >> /etc/bash.bashrc
|
||||
|
||||
@ -40,3 +50,8 @@ VOLUME /home/cmbuild/android
|
||||
VOLUME /srv/ccache
|
||||
|
||||
RUN CCACHE_DIR=/srv/ccache ccache -M 50G
|
||||
|
||||
CMD /root/startup.sh
|
||||
|
||||
# This does not work yet, see https://github.com/docker/docker/issues/9806
|
||||
#USER cmbuild
|
||||
|
2
run.sh
2
run.sh
@ -31,7 +31,7 @@ if [[ $IS_RUNNING == "true" ]]; then
|
||||
elif [[ $IS_RUNNING == "false" ]]; then
|
||||
docker start -i $CONTAINER
|
||||
else
|
||||
docker run -v $SOURCE:$CONTAINER_HOME/android -v $CCACHE:/srv/ccache -i -t --name $CONTAINER $REPOSITORY sh -c "screen -s /bin/bash"
|
||||
docker run -v $SOURCE:$CONTAINER_HOME/android -v $CCACHE:/srv/ccache -i -t --name $CONTAINER $REPOSITORY
|
||||
fi
|
||||
|
||||
exit $?
|
||||
|
8
startup.sh
Normal file
8
startup.sh
Normal file
@ -0,0 +1,8 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Fix console permissions as long as https://github.com/docker/docker/issues/9806 is not fixed
|
||||
usermod --groups tty --append cmbuild
|
||||
chgrp tty /dev/console
|
||||
chmod g+rw /dev/console
|
||||
|
||||
su -c "cd /home/cmbuild/android; screen -s /bin/bash" cmbuild
|
Loading…
Reference in New Issue
Block a user