-
Notifications
You must be signed in to change notification settings - Fork 68
fix: Update Dev Spaces image to support sudo #736
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
@@ -49,6 +49,16 @@ setcap cap_setuid+ep /usr/bin/newuidmap | |||||||||||||||||||||||||||
| setcap cap_setgid+ep /usr/bin/newgidmap | ||||||||||||||||||||||||||||
| touch /etc/subgid /etc/subuid | ||||||||||||||||||||||||||||
| chown 0:0 /etc/subgid /etc/subuid | ||||||||||||||||||||||||||||
| # Remove the base image entries for user | ||||||||||||||||||||||||||||
| if id user >/dev/null 2>&1 | ||||||||||||||||||||||||||||
| then | ||||||||||||||||||||||||||||
| userdel user | ||||||||||||||||||||||||||||
| # Add the user with the UID that the SCC will enforce | ||||||||||||||||||||||||||||
| useradd -u 1000 -G wheel,root -d /home/user --shell /bin/bash -m user | ||||||||||||||||||||||||||||
| usermod -L user | ||||||||||||||||||||||||||||
|
Comment on lines
+55
to
+58
|
||||||||||||||||||||||||||||
| userdel user | |
| # Add the user with the UID that the SCC will enforce | |
| useradd -u 1000 -G wheel,root -d /home/user --shell /bin/bash -m user | |
| usermod -L user | |
| user_password_hash="$(getent shadow user | cut -d: -f2)" | |
| userdel user | |
| # Add the user with the UID that the SCC will enforce | |
| useradd -u 1000 -G wheel,root -d /home/user --shell /bin/bash -m user | |
| if [[ "${ENABLE_NOPASSWD_SUDO:-false}" == "true" ]]; then | |
| usermod -L user | |
| elif [[ -n "${user_password_hash}" && "${user_password_hash}" != '!' && "${user_password_hash}" != '!!' && "${user_password_hash}" != '*' ]]; then | |
| usermod -p "${user_password_hash}" user | |
| fi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The PR description says changing
USERhas “no runtime effect”, but updating the image default user to1000does change behavior when the image is run outside the Dev Spaces SCC context (e.g., localpodman rundefaults, file ownership, and permissions). Please either adjust the PR description or clarify in-file/comment text to reflect that this is a runtime/default-user change (even if Dev Spaces overrides it).