I have my docker application running on OpenShift. I am facing a permission issue in the container. My docker file looks like this:
.....
RUN chmod +x /tmp/ui-app/isf-management-api
RUN chgrp -R 0 /tmp/ui-app/build/ &&
chmod -R g=u /tmp/ui-app/build/
# Set the entry point
ENTRYPOINT (cd /tmp/ui-app && ./management-api)
USER 65534
EXPOSE 10555
I added chgrp and chmod so that I could create/update the file in the container programmatically. It works correctly on some clusters but some clusters still give the permission issue. After debugging more I found the user on containers are different.
In non-working case :
sh-4.4$ touch 1
touch: cannot touch '1': Permission denied
sh-4.4$ whoami
nobody
sh-4.4$
on the other hand, in the working case it is :
sh-4.4$ whoami
1000630000
sh-4.4$ touch 3
sh-4.4$
But the docker image is the same in both places.
Any idea what’s wrong here?
2
Answers
Got the issue. USER 65534 is nobody. DockerFile should contain 1001 as non-root user.
Quoting the docs:
The docs then give some example of how to build a Dockerfile that complies with this, as well as how to modify the SecurityContextConstraint if you really must violate this security policy. (Which it doesn’t sound like you need to.)