Skip to content

Commit 15a7c6a

Browse files
AlexeySachkovAlexeySachkov
committed
[SYCL][Devops] Fix AVD-DS-0002
See https://avd.aquasec.com/misconfig/ds002 Made it so that the last `USER` command in `base` and `build` is not `root`.
1 parent 045e856 commit 15a7c6a

File tree

4 files changed

+7
-2
lines changed

4 files changed

+7
-2
lines changed

devops/containers/ubuntu2204_base.Dockerfile

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,4 +29,6 @@ COPY actions/cleanup /actions/cleanup
2929
COPY scripts/docker_entrypoint.sh /docker_entrypoint.sh
3030
COPY scripts/install_drivers.sh /opt/install_drivers.sh
3131

32+
USER sycl
33+
3234
ENTRYPOINT ["/docker_entrypoint.sh"]

devops/containers/ubuntu2204_build.Dockerfile

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,5 +41,7 @@ RUN usermod -aG irc sycl
4141

4242
COPY scripts/docker_entrypoint.sh /docker_entrypoint.sh
4343

44+
USER sycl
45+
4446
ENTRYPOINT ["/docker_entrypoint.sh"]
4547

devops/containers/ubuntu2404_base.Dockerfile

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,4 +29,6 @@ COPY actions/cleanup /actions/cleanup
2929
COPY scripts/docker_entrypoint.sh /docker_entrypoint.sh
3030
COPY scripts/install_drivers.sh /opt/install_drivers.sh
3131

32+
USER sycl
33+
3234
ENTRYPOINT ["/docker_entrypoint.sh"]

devops/scripts/docker_entrypoint.sh

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,7 @@
11
#!/bin/bash
22

33
if [ -d "$GITHUB_WORKSPACE" ]; then
4-
chown -R sycl:sycl $GITHUB_WORKSPACE
5-
su sycl
4+
sudo chown -R sycl:sycl $GITHUB_WORKSPACE
65
fi
76

87
exec "$@"

0 commit comments

Comments
 (0)