Add Docker build target for container that doesn't run as root #174
Conversation
Running `docker build --target no-root` will build a container image
without sudo and as the user/group `chia`. UID and GID can be adjusted
with the UID and GID build-arg parameters.
Gotchas:
* if volumes are mounted in the container, they must have open read/write
permissions if the host uid:gid for them is different than the
container's or the must have the same uid:gid as the container
* if the volumes are mounted but the intervening directories in the
mount path inside the container do not exist, docker will create those
directories as root:root by default, this will break permissions
|
the lint errors reported are not caused directly by this PR, but older code that may have existed before the linters were enabled |
|
'This PR has been flagged as stale due to no activity for over 60 |
|
It would be very, very nice to not run as root, especially in a Kubernetes environment. |
|
'This PR has been flagged as stale due to no activity for over 60 |
|
'This PR has been flagged as stale due to no activity for over 60 |
#163
Add a Dockerfile target
no-rootthat will run chia blockchain binary as user/groupchia:chiaand does not havesudoinstalled. Final target in the Dockerfile allows building a container that runs as root and hassudo. People building the container can set the UID/GID that chia:chia will map to at build time. End users running the container must ensure that permissions work out properly for mounted directories in the chia:chia user/group if they are using the non-root container. This means either matching chia:chia's UID/GID with the host system user's UID/GID or modifying directory permissions on the host to allow read/writes by others (writes may be required for storing config files in a host-mounted directory)New no-root version with UID/GID matching the current user can be built with
docker build -t <tags> --build-arg UID=$(id -u) --build-arg GID=$(id -g) --build-arg BRANCH=<target version> --target no-root -f Dockerfile .