public_git
/
kaniko
mirror of https://github.com/GoogleContainerTools/kaniko
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix home and group set for user command

This commit is contained in:
Tejal Desai 2020-01-23 14:59:57 -08:00
parent a2aae6274d
commit 048de00c33
3 changed files with 19 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/commands/run.go
View File

@ -68,13 +68,12 @@ func (r *RunCommand) ExecuteCommand(config *v1.Config, buildArgs *dockerfile.Bui
cmd.Stdout = os.Stdout cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr cmd.Stderr = os.Stderr
replacementEnvs := buildArgs.ReplacementEnvs(config.Env) replacementEnvs := buildArgs.ReplacementEnvs(config.Env)
cmd.Env = addDefaultHOME(config.User, replacementEnvs)
cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true} cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true}
var userStr string
// If specified, run the command as a specific user // If specified, run the command as a specific user
if config.User != "" { if config.User != "" {
userAndGroup := strings.Split(config.User, ":") userAndGroup := strings.Split(config.User, ":")
userStr := userAndGroup[0] userStr = userAndGroup[0]
var groupStr string var groupStr string
if len(userAndGroup) > 1 { if len(userAndGroup) > 1 {
groupStr = userAndGroup[1] groupStr = userAndGroup[1]
@ -101,6 +100,7 @@ func (r *RunCommand) ExecuteCommand(config *v1.Config, buildArgs *dockerfile.Bui
} }
cmd.SysProcAttr.Credential = &syscall.Credential{Uid: uid, Gid: gid} cmd.SysProcAttr.Credential = &syscall.Credential{Uid: uid, Gid: gid}
} }
cmd.Env = addDefaultHOME(userStr, replacementEnvs)
if err := cmd.Start(); err != nil { if err := cmd.Start(); err != nil {
return errors.Wrap(err, "starting command") return errors.Wrap(err, "starting command")

7
pkg/commands/user.go
View File

@ -40,7 +40,7 @@ func (r *UserCommand) ExecuteCommand(config *v1.Config, buildArgs *dockerfile.Bu
if err != nil { if err != nil {
return err return err
} }
var groupStr string groupStr := userStr
if len(userAndGroup) > 1 { if len(userAndGroup) > 1 {
groupStr, err = util.ResolveEnvironmentReplacement(userAndGroup[1], replacementEnvs, false) groupStr, err = util.ResolveEnvironmentReplacement(userAndGroup[1], replacementEnvs, false)
if err != nil { if err != nil {
@ -48,9 +48,8 @@ func (r *UserCommand) ExecuteCommand(config *v1.Config, buildArgs *dockerfile.Bu
} }
} }
if groupStr != "" { userStr = userStr + ":" + groupStr
userStr = userStr + ":" + groupStr
}
config.User = userStr config.User = userStr
return nil return nil
} }

20
pkg/commands/user_test.go
View File

@ -28,22 +28,23 @@ import (
var userTests = []struct { var userTests = []struct {
user string user string
expectedUID string expectedUID string
expectedGID string
}{ }{
{ {
user: "root", user: "root",
expectedUID: "root", expectedUID: "root:root",
}, },
{ {
user: "root-add", user: "root-add",
expectedUID: "root-add", expectedUID: "root-add:root-add",
}, },
{ {
user: "0", user: "0",
expectedUID: "0", expectedUID: "0:0",
}, },
{ {
user: "fakeUser", user: "fakeUser",
expectedUID: "fakeUser", expectedUID: "fakeUser:fakeUser",
}, },
{ {
user: "root:root", user: "root:root",
@ -56,6 +57,7 @@ var userTests = []struct {
{ {
user: "root:0", user: "root:0",
expectedUID: "root:0", expectedUID: "root:0",
expectedGID: "f0",
}, },
{ {
user: "0:0", user: "0:0",
@ -63,11 +65,15 @@ var userTests = []struct {
}, },
{ {
user: "$envuser", user: "$envuser",
expectedUID: "root", expectedUID: "root:root",
}, },
{ {
user: "root:$envgroup", user: "root:$envgroup",
expectedUID: "root:root", expectedUID: "root:grp",
},
{
user: "some:grp",
expectedUID: "some:grp",
}, },
} }
@ -76,7 +82,7 @@ func TestUpdateUser(t *testing.T) {
cfg := &v1.Config{ cfg := &v1.Config{
Env: []string{ Env: []string{
"envuser=root", "envuser=root",
"envgroup=root", "envgroup=grp",
}, },
} }
cmd := UserCommand{ cmd := UserCommand{