[SYCL][Devops] Fix remaining AVD-DS-0002 issues

AlexeySachkov · AlexeySachkov · commit 10cc0e349f4e · 2024-12-13T05:11:06.000-08:00
See https://avd.aquasec.com/misconfig/ds002 Made it so our docker files have at least one `USER` command which is not `root`.
diff --git a/devops/containers/ubuntu2204_intel_drivers.Dockerfile b/devops/containers/ubuntu2204_intel_drivers.Dockerfile
@@ -25,5 +25,16 @@ RUN --mount=type=secret,id=github_token \
 
 COPY scripts/drivers_entrypoint.sh /drivers_entrypoint.sh
 
+# By default Ubuntu sets an arbitrary UID value, that is different from host
+# system. When CI passes default UID value of 1001, some of LLVM tools fail to
+# discover user home directory and fail a few LIT tests. Fixes UID and GID to
+# 1001, that is used as default by GitHub Actions.
+RUN groupadd -g 1001 sycl && useradd sycl -u 1001 -g 1001 -m -s /bin/bash
+# Add sycl user to video/irc groups so that it can access GPU
+RUN usermod -aG video sycl
+RUN usermod -aG irc sycl
+
+USER sycl
+
 ENTRYPOINT ["/bin/bash", "/drivers_entrypoint.sh"]
 
diff --git a/devops/containers/ubuntu2204_preinstalled.Dockerfile b/devops/containers/ubuntu2204_preinstalled.Dockerfile
@@ -10,5 +10,16 @@ ADD sycl_linux.tar.gz /opt/sycl/
 ENV PATH /opt/sycl/bin:$PATH
 ENV LD_LIBRARY_PATH /opt/sycl/lib:$LD_LIBRARY_PATH
 
+# By default Ubuntu sets an arbitrary UID value, that is different from host
+# system. When CI passes default UID value of 1001, some of LLVM tools fail to
+# discover user home directory and fail a few LIT tests. Fixes UID and GID to
+# 1001, that is used as default by GitHub Actions.
+RUN groupadd -g 1001 sycl && useradd sycl -u 1001 -g 1001 -m -s /bin/bash
+# Add sycl user to video/irc groups so that it can access GPU
+RUN usermod -aG video sycl
+RUN usermod -aG irc sycl
+
+USER sycl
+
 ENTRYPOINT ["/bin/bash", "/drivers_entrypoint.sh"]
 
diff --git a/devops/containers/ubuntu2404_intel_drivers.Dockerfile b/devops/containers/ubuntu2404_intel_drivers.Dockerfile
@@ -25,5 +25,16 @@ RUN --mount=type=secret,id=github_token \
 
 COPY scripts/drivers_entrypoint.sh /drivers_entrypoint.sh
 
+# By default Ubuntu sets an arbitrary UID value, that is different from host
+# system. When CI passes default UID value of 1001, some of LLVM tools fail to
+# discover user home directory and fail a few LIT tests. Fixes UID and GID to
+# 1001, that is used as default by GitHub Actions.
+RUN groupadd -g 1001 sycl && useradd sycl -u 1001 -g 1001 -m -s /bin/bash
+# Add sycl user to video/irc groups so that it can access GPU
+RUN usermod -aG video sycl
+RUN usermod -aG irc sycl
+
+USER sycl
+
 ENTRYPOINT ["/bin/bash", "/drivers_entrypoint.sh"]
 
diff --git a/devops/containers/ubuntu2404_intel_drivers_igc_dev.Dockerfile b/devops/containers/ubuntu2404_intel_drivers_igc_dev.Dockerfile
@@ -20,5 +20,16 @@ RUN --mount=type=secret,id=github_token \
 
 COPY scripts/drivers_entrypoint.sh /drivers_entrypoint.sh
 
+# By default Ubuntu sets an arbitrary UID value, that is different from host
+# system. When CI passes default UID value of 1001, some of LLVM tools fail to
+# discover user home directory and fail a few LIT tests. Fixes UID and GID to
+# 1001, that is used as default by GitHub Actions.
+RUN groupadd -g 1001 sycl && useradd sycl -u 1001 -g 1001 -m -s /bin/bash
+# Add sycl user to video/irc groups so that it can access GPU
+RUN usermod -aG video sycl
+RUN usermod -aG irc sycl
+
+USER sycl
+
 ENTRYPOINT ["/bin/bash", "/drivers_entrypoint.sh"]
 
