diff options
author | Adin Scannell <ascannell@google.com> | 2020-10-30 09:39:16 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-10-30 09:41:04 -0700 |
commit | 3a6f046ae8d852210ae2b82ba35e9a8c2e6757b9 (patch) | |
tree | 46d4dea4851e2b1c45d334359391634966eeea60 /tools | |
parent | dd056112b72abde9f570a69ad7cfc2a0a6beed14 (diff) |
Avoid creating users if user is root already.
PiperOrigin-RevId: 339886754
Diffstat (limited to 'tools')
-rw-r--r-- | tools/bazel.mk | 40 |
1 files changed, 26 insertions, 14 deletions
diff --git a/tools/bazel.mk b/tools/bazel.mk index 88431ce66..3a7de427f 100644 --- a/tools/bazel.mk +++ b/tools/bazel.mk @@ -26,13 +26,13 @@ BRANCH_NAME := $(shell (git branch --show-current 2>/dev/null || \ BUILD_ROOTS := bazel-bin/ bazel-out/ # Bazel container configuration (see below). -USER ?= gvisor -HASH ?= $(shell readlink -m $(CURDIR) | md5sum | cut -c1-8) +USER := $(shell whoami) +HASH := $(shell readlink -m $(CURDIR) | md5sum | cut -c1-8) BUILDER_BASE := gvisor.dev/images/default BUILDER_IMAGE := gvisor.dev/images/builder -BUILDER_NAME ?= gvisor-builder-$(HASH) -DOCKER_NAME ?= gvisor-bazel-$(HASH) -DOCKER_PRIVILEGED ?= --privileged +BUILDER_NAME := gvisor-builder-$(HASH) +DOCKER_NAME := gvisor-bazel-$(HASH) +DOCKER_PRIVILEGED := --privileged BAZEL_CACHE := $(shell readlink -m ~/.cache/bazel/) GCLOUD_CONFIG := $(shell readlink -m ~/.config/gcloud/) DOCKER_SOCKET := /var/run/docker.sock @@ -59,6 +59,25 @@ ifeq (true,$(shell [[ -t 0 ]] && echo true)) FULL_DOCKER_EXEC_OPTIONS += --tty endif +# Add basic UID/GID options. +# +# Note that USERADD_DOCKER and GROUPADD_DOCKER are both defined as "deferred" +# variables in Make terminology, that is they will be expanded at time of use +# and may include other variables, including those defined below. +# +# NOTE: we pass -l to useradd below because otherwise you can hit a bug +# best described here: +# https://github.com/moby/moby/issues/5419#issuecomment-193876183 +# TLDR; trying to add to /var/log/lastlog (sparse file) runs the machine out +# out of disk space. +ifneq ($(UID),0) +USERADD_DOCKER += useradd -l --uid $(UID) --non-unique --no-create-home \ + --gid $(GID) $(USERADD_OPTIONS) -d $(HOME) $(USER) && +endif +ifneq ($(GID),0) +GROUPADD_DOCKER += groupadd --gid $(GID) --non-unique $(USER) && +endif + # Add docker passthrough options. ifneq ($(DOCKER_PRIVILEGED),) FULL_DOCKER_RUN_OPTIONS += -v "$(DOCKER_SOCKET):$(DOCKER_SOCKET)" @@ -91,19 +110,12 @@ ifneq (,$(BAZEL_CONFIG)) OPTIONS += --config=$(BAZEL_CONFIG) endif -# NOTE: we pass -l to useradd below because otherwise you can hit a bug -# best described here: -# https://github.com/moby/moby/issues/5419#issuecomment-193876183 -# TLDR; trying to add to /var/log/lastlog (sparse file) runs the machine out -# out of disk space. bazel-image: load-default @if docker ps --all | grep $(BUILDER_NAME); then docker rm -f $(BUILDER_NAME); fi docker run --user 0:0 --entrypoint "" --name $(BUILDER_NAME) \ $(BUILDER_BASE) \ - sh -c "groupadd --gid $(GID) --non-unique $(USER) && \ - $(GROUPADD_DOCKER) \ - useradd -l --uid $(UID) --non-unique --no-create-home \ - --gid $(GID) $(USERADD_OPTIONS) -d $(HOME) $(USER) && \ + sh -c "$(GROUPADD_DOCKER) \ + $(USERADD_DOCKER) \ if [[ -e /dev/kvm ]]; then chmod a+rw /dev/kvm; fi" docker commit $(BUILDER_NAME) $(BUILDER_IMAGE) @docker rm -f $(BUILDER_NAME) |