From 80450d6cc10e301a0757b7d982fbedbec13a477d Mon Sep 17 00:00:00 2001
From: Michael Stucki <michael.stucki@typo3.org>
Date: Mon, 16 Mar 2015 10:19:07 +0100
Subject: [PATCH] Don't run as root

---
 Dockerfile | 17 ++++++++++++++++-
 run.sh     |  2 +-
 startup.sh |  8 ++++++++
 3 files changed, 25 insertions(+), 2 deletions(-)
 create mode 100644 startup.sh

diff --git a/Dockerfile b/Dockerfile
index 1bea865..800607b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -25,12 +25,22 @@ RUN chmod 755 /var/run/screen
 
 RUN apt-get -qqy upgrade
 
-RUN mkdir -p /home/cmbuild && useradd --no-create-home cmbuild && rsync -a /etc/skel/ /home/cmbuild/ && chown -R cmbuild:cmbuild /home/cmbuild
+RUN mkdir -p /home/cmbuild && useradd --no-create-home cmbuild && rsync -a /etc/skel/ /home/cmbuild/
 
 RUN mkdir /home/cmbuild/bin
 RUN curl http://commondatastorage.googleapis.com/git-repo-downloads/repo > /home/cmbuild/bin/repo
 RUN chmod a+x /home/cmbuild/bin/repo
 
+# Add sudo permission
+RUN echo "cmbuild ALL=NOPASSWD: ALL" > /etc/sudoers.d/cmbuild
+
+# Fix ownership
+RUN chown -R cmbuild:cmbuild /home/cmbuild
+
+ADD startup.sh /root/startup.sh
+RUN chmod a+x /root/startup.sh
+
+# Set global variables
 ADD android-env-vars.sh /etc/android-env-vars.sh
 RUN echo "source /etc/android-env-vars.sh" >> /etc/bash.bashrc
 
@@ -40,3 +50,8 @@ VOLUME /home/cmbuild/android
 VOLUME /srv/ccache
 
 RUN CCACHE_DIR=/srv/ccache ccache -M 50G
+
+CMD /root/startup.sh
+
+# This does not work yet, see https://github.com/docker/docker/issues/9806
+#USER cmbuild
diff --git a/run.sh b/run.sh
index f6dfbdc..a3f103f 100755
--- a/run.sh
+++ b/run.sh
@@ -31,7 +31,7 @@ if [[ $IS_RUNNING == "true" ]]; then
 elif [[ $IS_RUNNING == "false" ]]; then
 	docker start -i $CONTAINER
 else
-	docker run -v $SOURCE:$CONTAINER_HOME/android -v $CCACHE:/srv/ccache -i -t --name $CONTAINER $REPOSITORY sh -c "screen -s /bin/bash"
+	docker run -v $SOURCE:$CONTAINER_HOME/android -v $CCACHE:/srv/ccache -i -t --name $CONTAINER $REPOSITORY
 fi
 
 exit $?
diff --git a/startup.sh b/startup.sh
new file mode 100644
index 0000000..b93f581
--- /dev/null
+++ b/startup.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+# Fix console permissions as long as https://github.com/docker/docker/issues/9806 is not fixed
+usermod --groups tty --append cmbuild
+chgrp tty /dev/console
+chmod g+rw /dev/console
+
+su -c "cd /home/cmbuild/android; screen -s /bin/bash" cmbuild