Skip to content

Commit

Permalink
fix root group container permissions (open-telemetry#36170)
Browse files Browse the repository at this point in the history 
<!--Ex. Fixing a bug - Describe the bug and how this fixes the issue.
Ex. Adding a feature - Explain what this achieves.-->
#### Description

Sets a specific GID for the build container's image.

<!-- Issue number (e.g. open-telemetry#1234) or full URL to issue, if applicable. -->
#### Link to tracking issue
open-telemetry#35179

<!--Describe what testing was performed and which tests were added.-->
#### Testing

(Manual)

```
$ make docker-otelcontribcol
// create a sample config.yaml file
$ docker run -v .:/etc/otel/ otelcontribcol
$ ps -o user,group,pid,comm -ax | rg otelcontribcol
10001    10001    1903287 otelcontribcol
```

Without the changes:
```
$ ps -o user,group,pid,comm -ax | rg otelcontribcol
root     root     1940536 otelcontribcol
```

<!--Describe the documentation added.-->
#### Documentation

<!--Please delete paragraphs that you did not use before submitting.-->
  • Loading branch information
@rogercoll @sbylica-splunk
rogercoll authored and sbylica-splunk committed Dec 17, 2024
1 parent a7976f9 commit 28a71c7
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 2 deletions.
27 changes: 27 additions & 0 deletions .chloggen/fix_group_container_permissions.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# Use this changelog template to create an entry for release notes.

# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
change_type: 'enhancement'

# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
component: container

# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
note: Set non root group permissions for container image

# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
issues: [35179]

# (Optional) One or more lines of additional information to render under the primary note.
# These lines will be padded with 2 spaces and then inserted directly into the document.
# Use pipe (|) for multiline entries.
subtext:

# If your change doesn't affect end users or the exported elements of any package,
# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
# Optional: The change log or logs in which this entry should be included.
# e.g. '[user]' or '[user, api]'
# Include 'user' if the change is relevant to end users.
# Include 'api' if there is a change to a library API.
# Default: '[user]'
change_logs: []
3 changes: 2 additions & 1 deletion cmd/otelcontribcol/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ RUN apk --update add ca-certificates
FROM scratch

ARG USER_UID=10001
USER ${USER_UID}
ARG USER_GID=10001
USER ${USER_UID}:${USER_GID}

COPY --from=prep /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY otelcontribcol /
Expand Down
3 changes: 2 additions & 1 deletion cmd/telemetrygen/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ RUN apk --update add ca-certificates
FROM scratch

ARG USER_UID=10001
USER ${USER_UID}
ARG USER_GID=10001
USER ${USER_UID}:${USER_GID}

ARG TARGETOS
ARG TARGETARCH
Expand Down

0 comments on commit 28a71c7

Please sign in to comment.