- Notifications
You must be signed in to change notification settings - Fork926
fix(agent/agentcontainers): chown coder binary#18611
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Pull Request Overview
This PR adds achown step to ensure thecoder binary inside the container is owned by the container user, and updates tests to expect this new step.
- Inject a
chownExecAs call inmaybeInjectSubAgentIntoContainerLockedto set binary ownership. - Add matching mocked
ExecAs(... chown ...)expectations in multiple tests.
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| agent/agentcontainers/api.go | Insert a shell-basedchown call to set ownership on the agent binary |
| agent/agentcontainers/api_test.go | Add mockedExecAs expectations for thechown call in tests |
Comments suppressed due to low confidence (1)
agent/agentcontainers/api.go:1445
- [nitpick] The comment mentions ensuring the binary is executable, but this block actually changes ownership via chown. Consider updating the comment to reflect setting ownership (e.g., "Ensure the agent binary is owned by the container user").
// Make sure the agent binary is executable so we can run it.Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
5ae320e intomainUh oh!
There was an error while loading.Please reload this page.
| // Make sure the agent binary is executable so we can run it. | ||
| if _, err := api.ccli.ExecAs(ctx, container.ID, "root", "/bin/sh", "-c", fmt.Sprintf("chown $(id -u):$(id -g) %s", coderPathInsideContainer)); err != nil { | ||
| return xerrors.Errorf("set agent binary ownership: %w", err) | ||
| } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Do we need to chown the folder as well or not?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I don't think so.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
It worked for me without
| @@ -1442,6 +1442,11 @@ func (api *API) maybeInjectSubAgentIntoContainerLocked(ctx context.Context, dc c | |||
| return xerrors.Errorf("set agent binary executable: %w", err) | |||
| } | |||
| // Make sure the agent binary is executable so we can run it. | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
| // Make sure the agent binary isexecutable so we can run it. | |
| // Make sure the agent binary isowned by a valid user so we can run it. |
Perhaps?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Oops, just hit the green button as you replied 🤦♀️ Second time I've done this 😅
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I've got another PR up so I'll add add the change to that PR, I need to be a little less quick on merging
No description provided.