Skip to content

RHOAIENG-21691: mitigate undesirable /opt/app-root ownership and permissions change caused by a Dockerfile COPY #986

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 24, 2025
Merged

RHOAIENG-21691: mitigate undesirable /opt/app-root ownership and permissions change caused by a Dockerfile COPY #986

merged 1 commit into from
Mar 24, 2025

Conversation

jiridanek
Copy link
Member

@jiridanek jiridanek commented Mar 21, 2025
edited
Loading

Description of the bug

Before:

podman run --entrypoint /bin/bash --rm -it 7616b6ee0ff8 -c 'ls -AlFd $VIRTUAL_ENV'
drwxrwxr-x. 1 default root 40 Mar 16 09:57 /opt/app-root/

The Dockerfile command causing trouble:

USER 0
# Copy extra files to the image.
COPY ${RSTUDIO_SOURCE_CODE}/nginx/root/ /

After:

podman run --entrypoint /bin/bash --rm -it 237a5692c108 -c 'ls -AlFd $VIRTUAL_ENV'
drwxr-xr-x. 1 root root 38 Mar 14 14:16 /opt/app-root/

Description of the fix

COPY --chown 1001:0 ...

How Has This Been Tested?

Merge criteria:

  • The commits are squashed in a cohesive manner and have meaningful messages.
  • Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
  • The developer has manually tested the changes and verified that the changes work

@jiridanek
RHOAIENG-21691: mitigate undesirable /opt/app-root ownership and pe…
b41802d 
…rmissions change caused by a Dockerfile `COPY`

Before:

```
podman run --entrypoint /bin/bash --rm -it 7616b6ee0ff8 -c 'ls -AlFd $VIRTUAL_ENV'
drwxrwxr-x. 1 default root 40 Mar 16 09:57 /opt/app-root/
```

The Dockerfile command causing trouble:

```
USER 0
# Copy extra files to the image.
COPY ${RSTUDIO_SOURCE_CODE}/nginx/root/ /
```

After:

```
podman run --entrypoint /bin/bash --rm -it 237a5692c108 -c 'ls -AlFd $VIRTUAL_ENV'
drwxr-xr-x. 1 root root 38 Mar 14 14:16 /opt/app-root/
```
@openshift-ci openshift-ci bot requested review from andyatmiami and atheo89 March 21, 2025 15:40
@openshift-ci openshift-ci bot added the size/xs label Mar 21, 2025
@jiridanek jiridanek mentioned this pull request Mar 21, 2025
Merged
3 tasks
@openshift-ci openshift-ci bot added size/xs and removed size/xs labels Mar 21, 2025
@andyatmiami
Copy link
Contributor

/lgtm

built locally:

➜ notebooks/ git:(jd_fix_perms) $ podman images
REPOSITORY                                  TAG                                              IMAGE ID      CREATED       SIZE
quay.io/rh-ee-astonebe/workbench-images     cuda-rstudio-c9s-python-3.11-rhoaieng_21691_fix  d7f19e57dd7c  23 hours ago  12.4 GB
quay.io/rh-ee-astonebe/workbench-images     codeserver-ubi9-python-3.11-rhoaieng_21691_fix   1f5123ecb2fc  23 hours ago  2.64 GB
quay.io/rh-ee-astonebe/workbench-images     rstudio-c9s-python-3.11-rhoaieng_21691_fix       b4a84efb3af4  23 hours ago  3.31 GB

perms check out:

➜ notebooks/ git:(jd_fix_perms) $ podman run -it --platform linux/amd64 --entrypoint /bin/bash --rm d7f19e57dd7c -c 'ls -ld /opt/app-root'
drwxrwxr-x. 8 default root 128 Mar 21 22:12 /opt/app-root

➜ notebooks/ git:(jd_fix_perms) $ podman run -it --platform linux/amd64 --entrypoint /bin/bash --rm 1f5123ecb2fc -c 'ls -ld /opt/app-root'
drwxrwxr-x. 10 default root 164 Mar 21 22:03 /opt/app-root

➜ notebooks/ git:(jd_fix_perms) $ podman run -it --platform linux/amd64 --entrypoint /bin/bash --rm b4a84efb3af4 -c 'ls -ld /opt/app-root'
drwxrwxr-x. 8 default root 128 Mar 21 22:00 /opt/app-root

@openshift-ci openshift-ci bot added the lgtm label Mar 22, 2025
@jstourac
Copy link
Member

/lgtm

@jiridanek
Copy link
Member Author

/approve

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Mar 24, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jiridanek

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jiridanek
Copy link
Member Author

/override ci/prow/rstudio-notebook-e2e-tests
flaky infra

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Mar 24, 2025

@jiridanek: Overrode contexts on behalf of jiridanek: ci/prow/rstudio-notebook-e2e-tests

In response to this:

/override ci/prow/rstudio-notebook-e2e-tests
flaky infra

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-merge-bot openshift-merge-bot bot merged commit 2c18a50 into opendatahub-io:main Mar 24, 2025
21 checks passed
@jiridanek jiridanek deleted the jd_fix_perms branch March 24, 2025 11:16
jiridanek pushed a commit to jiridanek/notebooks that referenced this pull request Jul 10, 2025
@github-actions
Merge pull request opendatahub-io#986 from red-hat-data-services/konf…
be8d683 
…lux/component-updates/component-update-odh-workbench-jupyter-pytorch-rocm-py311-ubi9-n-v2-23

chore(deps): update odh-workbench-jupyter-pytorch-rocm-py311-ubi9-n-v2-23 to 327828d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andyatmiami andyatmiami Awaiting requested review from andyatmiami

@atheo89 atheo89 Awaiting requested review from atheo89

Assignees

@jstourac jstourac

@andyatmiami andyatmiami

Labels
approved lgtm size/xs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jiridanek @andyatmiami @jstourac