[01/12] CI: Fix CONTAINER_UID0=1 scripts/containerize

Message ID	20240711111517.3064810-2-andrew.cooper3@citrix.com (mailing list archive)
State	New
Headers	show Return-Path: <xen-devel-bounces@lists.xenproject.org> Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org> From: Andrew Cooper <andrew.cooper3@citrix.com> To: Xen-devel <xen-devel@lists.xenproject.org> Cc: Andrew Cooper <andrew.cooper3@citrix.com>, Anthony PERARD <anthony.perard@vates.tech>, Juergen Gross <jgross@suse.com>, =?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com>, Jan Beulich <JBeulich@suse.com>, Stefano Stabellini <sstabellini@kernel.org>, Julien Grall <julien@xen.org>, Oleksii Kurochko <oleksii.kurochko@gmail.com>, Shawn Anastasio <sanastasio@raptorengineering.com> Subject: [PATCH 01/12] CI: Fix CONTAINER_UID0=1 scripts/containerize Date: Thu, 11 Jul 2024 12:15:06 +0100 Message-Id: <20240711111517.3064810-2-andrew.cooper3@citrix.com> In-Reply-To: <20240711111517.3064810-1-andrew.cooper3@citrix.com> References: <20240711111517.3064810-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit
Series	CI: part 3 (slimline, and PPC/RISCV fixes) \| expand [for-4.19,v2,00/12] CI: part 3 (slimline, and PPC/RISCV fixes) [01/12] CI: Fix CONTAINER_UID0=1 scripts/containerize [02/12] CI: Remove useless/misleading randconfig jobs [03/12] CI: Drop Debian Jessie dockerfiles [04/12] CI: Drop Debian Stretch testing [05/12] CI: Drop Ubuntu Trusty testing [06/12] CI: Mark Archlinux/x86 as allowing failures [07/12] CI: Introduce a debian:12-ppc64le container [08/12] CI: Use debian:12-ppc64le for both build and test [09/12] CI: Refresh bullseye-ppc64le as debian:11-ppc64le [10/12] CI: Introduce debian:11/12-riscv64 containers [11/12] CI: Swap to debian for riscv64 build and test [12/12] CI: Refresh and upgrade the GCC-IBT container [13/12] CI: Refresh OpenSUSE Tumbleweed container [14/12] CI: Refresh OpenSUSE Leap container [15/12] CI: Refresh Ubuntu Xenial container as 16.04-x86_64 [16/12] CI: Refresh Ubuntu Bionic container as 18.04-x86_64 [17/12] CI: Refresh Ubuntu Focal container as 20.04-x86_64 [18/12] CI: Add Ubuntu 22.04 (Jammy) and 24.04 (Noble) testing [19/12] docs: Fix install-man$(1)-pages if no manpages are generated [20/12] CI: Swap from perl to perl-base in build containers [21/12] CI: Refresh and upgrade the Fedora container [22/12] tools/examples: Remove more obsolete content

Message ID

20240711111517.3064810-2-andrew.cooper3@citrix.com (mailing list archive)

State

New

Headers

Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
 Anthony PERARD <anthony.perard@vates.tech>, Juergen Gross <jgross@suse.com>,
	=?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com>,
 Jan Beulich <JBeulich@suse.com>, Stefano Stabellini <sstabellini@kernel.org>,
 Julien Grall <julien@xen.org>, Oleksii Kurochko <oleksii.kurochko@gmail.com>,
 Shawn Anastasio <sanastasio@raptorengineering.com>
Subject: [PATCH 01/12] CI: Fix CONTAINER_UID0=1 scripts/containerize
Date: Thu, 11 Jul 2024 12:15:06 +0100
Message-Id: <20240711111517.3064810-2-andrew.cooper3@citrix.com>
In-Reply-To: <20240711111517.3064810-1-andrew.cooper3@citrix.com>
References: <20240711111517.3064810-1-andrew.cooper3@citrix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Series

CI: part 3 (slimline, and PPC/RISCV fixes) | expand

Commit Message

Andrew Cooper July 11, 2024, 11:15 a.m. UTC

Right now, most build containers use root.  Archlinux, Fedora and Yocto set up
a regular user called `user`.

For those containers, trying to containerize as root fails, because
CONTAINER_UID0=1 does nothing, whereas CONTAINER_UID0=0 forces the user away
from root.

To make CONTAINER_UID0=1 work reliably, force to root if requested.

Fixes: 17fbe6504dfd ("automation: introduce a new variable to control container user")
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Anthony PERARD <anthony.perard@vates.tech>
CC: Juergen Gross <jgross@suse.com>
CC: Roger Pau Monné <roger.pau@citrix.com>
CC: Jan Beulich <JBeulich@suse.com>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: Julien Grall <julien@xen.org>
CC: Oleksii Kurochko <oleksii.kurochko@gmail.com>
CC: Shawn Anastasio <sanastasio@raptorengineering.com>

v2:
 * Add fixes tag
---
 automation/scripts/containerize | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Anthony PERARD July 11, 2024, 12:54 p.m. UTC | #1

On Thu, Jul 11, 2024 at 12:15:06PM +0100, Andrew Cooper wrote:
> Right now, most build containers use root.  Archlinux, Fedora and Yocto set up
> a regular user called `user`.
> 
> For those containers, trying to containerize as root fails, because
> CONTAINER_UID0=1 does nothing, whereas CONTAINER_UID0=0 forces the user away
> from root.
> 
> To make CONTAINER_UID0=1 work reliably, force to root if requested.
> 
> Fixes: 17fbe6504dfd ("automation: introduce a new variable to control container user")
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Anthony PERARD <anthony.perard@vates.tech>

Thanks,

diff --git a/automation/scripts/containerize b/automation/scripts/containerize
index acdef1b54813..03bc4837350c 100755
--- a/automation/scripts/containerize
+++ b/automation/scripts/containerize
@@ -51,7 +51,7 @@  esac
 
 # Use this variable to control whether root should be used
 case "_${CONTAINER_UID0}" in
-    _1)   userarg= ;;
+    _1)   userarg="-u 0" ;;
     _0|_) userarg="-u $(id -u) $userns_podman" ;;
 esac

[01/12] CI: Fix CONTAINER_UID0=1 scripts/containerize

Commit Message

Comments

Patch