- Notifications
You must be signed in to change notification settings - Fork1
fix: run code-server as the appropriate user#1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
Rather than run code-server as root, we instead run it as theappropriate user.
src/code-server/install.sh Outdated
| @@ -22,7 +22,7 @@ cat > /usr/local/bin/code-server-entrypoint \ | |||
| #!/usr/bin/env bash | |||
| set -e | |||
| code-server --bind-addr "$HOST:$PORT" \$ARGS | |||
| runuser -l $_REMOTE_USER -c 'code-server --bind-addr "$HOST:$PORT" \$ARGS' | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Is there anything that guaranteesrunuser is present? I know it's present in both Debian and Ubuntu, but for instance containers like Alpine and Fedora don't have it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
That's a good point, I've switched tosu instead.
Some linux distributions do not ship with runuser
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
| @@ -22,7 +22,7 @@ cat > /usr/local/bin/code-server-entrypoint \ | |||
| #!/usr/bin/env bash | |||
| set -e | |||
| code-server --bind-addr "$HOST:$PORT" \$ARGS | |||
| su $_REMOTE_USER -c 'code-server --bind-addr "$HOST:$PORT" \$ARGS' | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Sanity check: Is this remote user env always set?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
According to the docs it should behttps://containers.dev/implementors/features/#user-env-var
a49fbbb intomainUh oh!
There was an error while loading.Please reload this page.
Rather than run code-server as root, we instead run it as the appropriate user.