From 4d964b8fefe37564875eb3491d18e31345ecaabe Mon Sep 17 00:00:00 2001 From: Kieren Evans Date: Wed, 14 Jun 2017 18:43:05 +0100 Subject: [PATCH 1/3] Use the build user, and add passwordless sudo for the build user. --- ubuntu/16.04/Dockerfile | 2 ++ ubuntu/16.04/etc/sudoers.d/build | 1 + 2 files changed, 3 insertions(+) create mode 100644 ubuntu/16.04/etc/sudoers.d/build diff --git a/ubuntu/16.04/Dockerfile b/ubuntu/16.04/Dockerfile index 94573fa6..6fc74d4b 100644 --- a/ubuntu/16.04/Dockerfile +++ b/ubuntu/16.04/Dockerfile @@ -44,4 +44,6 @@ RUN echo 'APT::Install-Recommends 0;' >> /etc/apt/apt.conf.d/01norecommends \ COPY ./etc/ /etc/ COPY ./usr/ /usr/ +USER build + CMD ["/usr/local/bin/container", "start_supervisord"] diff --git a/ubuntu/16.04/etc/sudoers.d/build b/ubuntu/16.04/etc/sudoers.d/build new file mode 100644 index 00000000..e0f21f01 --- /dev/null +++ b/ubuntu/16.04/etc/sudoers.d/build @@ -0,0 +1 @@ +build ALL = (ALL) NOPASSWD: ALL From 20f5987a4901b10e0a3de0529029f48d23952a58 Mon Sep 17 00:00:00 2001 From: Kieren Evans Date: Wed, 14 Jun 2017 18:44:48 +0100 Subject: [PATCH 2/3] Launch supervisord as sudo. --- ubuntu/16.04/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ubuntu/16.04/Dockerfile b/ubuntu/16.04/Dockerfile index 6fc74d4b..75234cd8 100644 --- a/ubuntu/16.04/Dockerfile +++ b/ubuntu/16.04/Dockerfile @@ -46,4 +46,4 @@ COPY ./usr/ /usr/ USER build -CMD ["/usr/local/bin/container", "start_supervisord"] +CMD ["/usr/bin/sudo", "/usr/local/bin/container", "start_supervisord"] From 34f9a266c9169584f5745682d15c30437b4ae0dd Mon Sep 17 00:00:00 2001 From: Kieren Evans Date: Wed, 14 Jun 2017 21:24:48 +0100 Subject: [PATCH 3/3] Fix sudoers ownership. --- ubuntu/16.04/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ubuntu/16.04/Dockerfile b/ubuntu/16.04/Dockerfile index 75234cd8..9d646c5f 100644 --- a/ubuntu/16.04/Dockerfile +++ b/ubuntu/16.04/Dockerfile @@ -44,6 +44,8 @@ RUN echo 'APT::Install-Recommends 0;' >> /etc/apt/apt.conf.d/01norecommends \ COPY ./etc/ /etc/ COPY ./usr/ /usr/ +RUN chown -R root:root /etc/sudoers.d/ + USER build CMD ["/usr/bin/sudo", "/usr/local/bin/container", "start_supervisord"]