From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail-eopbgr60133.outbound.protection.outlook.com ([40.107.6.133] helo=EUR04-DB3-obe.outbound.protection.outlook.com) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from ) id 1iKVnZ-00047W-37 for ptxdist@pengutronix.de; Wed, 16 Oct 2019 01:00:13 +0200 From: Andreas Friesen Date: Tue, 15 Oct 2019 23:00:07 +0000 Message-ID: <87eezdipiy.fsf@faix.i-did-not-set--mail-host-address--so-tickle-me> References: In-Reply-To: Content-Language: en-US MIME-Version: 1.0 Subject: Re: [ptxdist] ptxdist: support podman List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: "ptxdist@pengutronix.de" Hi > I am currently migrating our containerized CI pipelines from docker (moby= ) to > podman as it's more secure[1]. But ptxdist refuse to run as "root", but i= n reality > it's running with less privileges then the user that started it. > > ptxdist: error: refusing to run PTXdist as root Yesterday I had the same problem, but with docker container... creating a buildbot user solves the problem: --8<--- Dockefile FROM ubuntu:18.04 ... RUN groupadd -r buildbot && useradd -r -g buildbot buildbot -m -d /buildbot USER buildbot ## END -->8--- Dockerfile > Is it possible to do an extra podman check? > > I found "/run/.containerenv" documented as an official flag to detect tha= t a program > is in a container. > > Bruno > > [1] https://eur01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fc= loudnweb.dev%2F2019%2F06%2Freplacing-docker-with-podman-power-of-podman%2F&= amp;data=3D02%7C01%7Candreas.friesen%40hbkworld.com%7Cb1fdce80d12a425cb8d80= 8d7517496dd%7C6cce74a3397545e09893b072988b30b6%7C0%7C1%7C637067433499587697= &sdata=3DElDMLtqmeC0MCpolB%2FJBOY4ychVC0nZLilAPXqPSZAo%3D&reserved= =3D0 > [2] https://eur01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fg= ithub.com%2Fcontainers%2Flibpod%2Fblob%2Fmaster%2Fdocs%2Fpodman-run.1.md&am= p;data=3D02%7C01%7Candreas.friesen%40hbkworld.com%7Cb1fdce80d12a425cb8d808d= 7517496dd%7C6cce74a3397545e09893b072988b30b6%7C0%7C1%7C637067433499587697&a= mp;sdata=3D%2FiB%2Bm9OI18uE8Tq0FH%2FHpJ8DeX0ZTEZ%2F0sLmNzDlFxQ%3D&reser= ved=3D0 > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de -- Andreas Friesen R&D Embedded Control Software Tel. : +49 6151-803445 Fax : +49 6151-8039445 E-Mail : andreas.friesen@hbkworld.com Web : www.hbkworld.com Hottinger Baldwin Messtechnik GmbH, Im Tiefen See 45, 64293 Darmstadt, Germ= any | www.hbm.com Registered as GmbH (German limited liability corporation)= in the commercial register at the local court of Darmstadt, HRB 1147 Compa= ny domiciled in Darmstadt | Managing Directors: Thomas Lippok & Jens Wiegan= d | Chairman of the board: Joe Vorih Als Gesellschaft mit beschr=E4nkter Ha= ftung eingetragen im Handelsregister des Amtsgerichts Darmstadt unter HRB 1= 147 Sitz der Gesellschaft: Darmstadt | Gesch=E4ftsf=FChrung: Thomas Lippok = & Jens Wiegand | Aufsichtsratsvorsitzender: Joe Vorih The information in th= is email is confidential. It is intended solely for the addressee. If you a= re not the intended recipient, please let me know and delete this email. Di= e in dieser E-Mail enthaltene Information ist vertraulich und lediglich f= =FCr den Empf=E4nger bestimmt. Sollten Sie nicht der eigentliche Empf=E4nge= r sein, informieren Sie mich bitte kurz und l=F6schen diese E-Mail. _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de