Skip to content

Commit c32f1ed

Browse files
danielckvdanielckv
authored
Refactor Dockerfile comments and user setup
Updated Dockerfile comments for clarity and added home directory for non-root user.
1 parent aeb93d3 commit c32f1ed

File tree

1 file changed

+13
-12
lines changed

1 file changed

+13
-12
lines changed

Dockerfile

Lines changed: 13 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,11 @@
1-
# 1. PLATFORM PINNING
1+
# 1. PLATFORM PINNING: Essential for SAM 3 & CUDA wheels
22
FROM --platform=linux/amd64 python:3.11-slim
33

44
# 2. ENVIRONMENT VARIABLES
55
ENV PYTHONDONTWRITEBYTECODE=1 \
66
PYTHONUNBUFFERED=1 \
77
PIP_NO_CACHE_DIR=1 \
8+
# Set CUDA Architectures for SAM 3 compilation
89
TORCH_CUDA_ARCH_LIST="7.0;7.5;8.0;8.6;8.9;9.0"
910

1011
WORKDIR /app
@@ -15,12 +16,12 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
1516
git \
1617
libgl1 \
1718
libglib2.0-0 \
18-
# wget/curl often useful in notebooks
1919
wget \
2020
curl \
2121
&& rm -rf /var/lib/apt/lists/*
2222

2323
# 4. INSTALL PYTORCH (Heavy Layer)
24+
# We install this first to cache it effectively.
2425
RUN pip install --upgrade pip setuptools wheel && \
2526
pip install \
2627
torch==2.7.0 \
@@ -29,28 +30,28 @@ RUN pip install --upgrade pip setuptools wheel && \
2930
--index-url https://download.pytorch.org/whl/cu126
3031

3132
# 5. CLONE SAM 3 & INSTALL JUPYTER
32-
# We install sam3 AND jupyterlab here
33+
# We clone sam3, install it in editable mode, and add JupyterLab.
3334
RUN git clone https://github.com/facebookresearch/sam3.git && \
3435
cd sam3 && \
3536
pip install -e . && \
3637
pip install jupyterlab matplotlib ipywidgets
3738

38-
# 6. SECURITY: NON-ROOT USER
39+
# 6. SECURITY: NON-ROOT USER WITH HOME FIX
40+
# We explicitly set the home directory to /app so permissions work correctly.
3941
RUN addgroup --system --gid 1001 appgroup && \
40-
adduser --system --uid 1001 --gid 1001 appuser
42+
adduser --system --uid 1001 --gid 1001 --home /app appuser
4143

42-
# Grant ownership so Jupyter can write notebooks to /app
44+
# Grant ownership of /app to the new user
4345
RUN chown -R appuser:appgroup /app
4446

4547
# Switch to non-root user
4648
USER appuser
4749

48-
# 7. CONFIGURATION
49-
# Expose the standard Jupyter port
50+
# 7. FINAL ENVIRONMENT SETUP
51+
# CRITICAL: This tells Python tools (Jupyter, HF, Matplotlib) that /app is the home dir.
52+
ENV HOME=/app
5053
EXPOSE 8888
5154

5255
# 8. ENTRYPOINT
53-
# --ip=0.0.0.0: Allows connections from outside the container
54-
# --no-browser: Prevents it from trying to open a browser inside the container
55-
# --NotebookApp.token='': (Optional) Disables password for easier local dev
56-
CMD ["jupyter", "lab", "--ip=0.0.0.0", "--port=8888", "--no-browser", "--NotebookApp.token=''"]
56+
# Launches Jupyter Lab listening on all IPs, without a browser, and no token (for dev ease).
57+
CMD ["jupyter", "lab", "--ip=0.0.0.0", "--port=8888", "--no-browser", "--allow-root", "--NotebookApp.token=''"]

0 commit comments

Comments
 (0)