Skip to content

Commit fb58ec0

Browse files
jiridanekjiridanek
committed
RHOAIENG-21691: mitigate undesirable /opt/app-root ownership and permissions change caused by a Dockerfile COPY
Before: ``` podman run --entrypoint /bin/bash --rm -it 7616b6ee0ff8 -c 'ls -AlFd $VIRTUAL_ENV' drwxrwxr-x. 1 default root 40 Mar 16 09:57 /opt/app-root/ ``` The Dockerfile command causing trouble: ``` USER 0 # Copy extra files to the image. COPY ${RSTUDIO_SOURCE_CODE}/nginx/root/ / ``` After: ``` podman run --entrypoint /bin/bash --rm -it 237a5692c108 -c 'ls -AlFd $VIRTUAL_ENV' drwxr-xr-x. 1 root root 38 Mar 14 14:16 /opt/app-root/ ```
1 parent 45681a6 commit fb58ec0

File tree

3 files changed

+3
-3
lines changed

3 files changed

+3
-3
lines changed

codeserver/ubi9-python-3.11/Dockerfile.cpu

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,7 @@ RUN yum install -y https://download.fedoraproject.org/pub/epel/epel-release-late
8181
COPY --chown=1001:0 ${CODESERVER_SOURCE_CODE}/supervisord/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
8282

8383
# Copy extra files to the image.
84-
COPY ${CODESERVER_SOURCE_CODE}/nginx/root/ /
84+
COPY --chown=1001:0 ${CODESERVER_SOURCE_CODE}/nginx/root/ /
8585

8686
# Changing ownership and user rights to support following use-cases:
8787
# 1) running container on OpenShift, whose default security model

rstudio/c9s-python-3.11/Dockerfile.cpu

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,7 +116,7 @@ RUN yum -y module enable nginx:$NGINX_VERSION && \
116116
COPY --chown=1001:0 ${RSTUDIO_SOURCE_CODE}/supervisord/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
117117

118118
# Copy extra files to the image.
119-
COPY ${RSTUDIO_SOURCE_CODE}/nginx/root/ /
119+
COPY --chown=1001:0 ${RSTUDIO_SOURCE_CODE}/nginx/root/ /
120120

121121
# Changing ownership and user rights to support following use-cases:
122122
# 1) running container on OpenShift, whose default security model

rstudio/c9s-python-3.11/Dockerfile.cuda

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -240,7 +240,7 @@ RUN yum -y module enable nginx:$NGINX_VERSION && \
240240
COPY --chown=1001:0 ${RSTUDIO_SOURCE_CODE}/supervisord/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
241241

242242
# Copy extra files to the image.
243-
COPY ${RSTUDIO_SOURCE_CODE}/nginx/root/ /
243+
COPY --chown=1001:0 ${RSTUDIO_SOURCE_CODE}/nginx/root/ /
244244

245245
# Changing ownership and user rights to support following use-cases:
246246
# 1) running container on OpenShift, whose default security model

0 commit comments

Comments
 (0)