Don't run as root

Dockerfile

@@ -25,12 +25,22 @@ RUN chmod 755 /var/run/screen
 
 RUN apt-get -qqy upgrade
 
-RUN mkdir -p /home/cmbuild && useradd --no-create-home cmbuild && rsync -a /etc/skel/ /home/cmbuild/ && chown -R cmbuild:cmbuild /home/cmbuild
+RUN mkdir -p /home/cmbuild && useradd --no-create-home cmbuild && rsync -a /etc/skel/ /home/cmbuild/
 
 RUN mkdir /home/cmbuild/bin
 RUN curl http://commondatastorage.googleapis.com/git-repo-downloads/repo > /home/cmbuild/bin/repo
 RUN chmod a+x /home/cmbuild/bin/repo
 
+# Add sudo permission
+RUN echo "cmbuild ALL=NOPASSWD: ALL" > /etc/sudoers.d/cmbuild
+
+# Fix ownership
+RUN chown -R cmbuild:cmbuild /home/cmbuild
+
+ADD startup.sh /root/startup.sh
+RUN chmod a+x /root/startup.sh
+
+# Set global variables
 ADD android-env-vars.sh /etc/android-env-vars.sh
 RUN echo "source /etc/android-env-vars.sh" >> /etc/bash.bashrc
 
@@ -40,3 +50,8 @@ VOLUME /home/cmbuild/android
 VOLUME /srv/ccache
 
 RUN CCACHE_DIR=/srv/ccache ccache -M 50G
+
+CMD /root/startup.sh
+
+# This does not work yet, see https://github.com/docker/docker/issues/9806
+#USER cmbuild

run.sh

@@ -31,7 +31,7 @@ if [[ $IS_RUNNING == "true" ]]; then
 elif [[ $IS_RUNNING == "false" ]]; then
 	docker start -i $CONTAINER
 else
-	docker run -v $SOURCE:$CONTAINER_HOME/android -v $CCACHE:/srv/ccache -i -t --name $CONTAINER $REPOSITORY sh -c "screen -s /bin/bash"
+	docker run -v $SOURCE:$CONTAINER_HOME/android -v $CCACHE:/srv/ccache -i -t --name $CONTAINER $REPOSITORY
 fi
 
 exit $?

startup.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+# Fix console permissions as long as https://github.com/docker/docker/issues/9806 is not fixed
+usermod --groups tty --append cmbuild
+chgrp tty /dev/console
+chmod g+rw /dev/console
+
+su -c "cd /home/cmbuild/android; screen -s /bin/bash" cmbuild