Skip to content

Enable NSS wrapper only if /tmp is writable#3

Merged
sivanov-nuodb merged 1 commit intomainfrom
sivanov/readOnlyRootFilesystem
Jan 21, 2025
Merged

Enable NSS wrapper only if /tmp is writable#3
sivanov-nuodb merged 1 commit intomainfrom
sivanov/readOnlyRootFilesystem

Conversation

@sivanov-nuodb
Copy link
Collaborator

@sivanov-nuodb sivanov-nuodb commented Jan 20, 2025
edited
Loading

Issue

The container will fail if readOnlyRootFilesystem=true and no volume is
mounted in /tmp. This is the case in NuoDB Helm charts with
nuocollector-config and backup-hooks containers.

Changes

Enable NSS wrapper only if /tmp is writable.

Notes

The changes are reviewed more easily with show whitespaces checkbox disabled.

adriansuarez
adriansuarez approved these changes Jan 21, 2025
View reviewed changes
Copy link

@adriansuarez adriansuarez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

The way we deal with this in the main container is that the /tmp directory has an ephemeral volume mounted on it. I wonder if we can do the same thing here, or use the same volume (though there might be a timing issue with which container creates the virtual user and group entries).

But this might not even matter if we only need the uid and gid to match.

@sivanov-nuodb sivanov-nuodb merged commit 073b355 into main Jan 21, 2025
2 checks passed
@sivanov-nuodb sivanov-nuodb deleted the sivanov/readOnlyRootFilesystem branch January 21, 2025 13:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adriansuarez adriansuarez adriansuarez approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sivanov-nuodb @adriansuarez