-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
Jenkins Core 2.73
When running a build inside a docker container, some commands don't work because they rely on the user being properly set. For example, ssh doesn't work with the following error:
No user exists for uid 150.
I think this could be solved by append to passwd on container startup, something like this (untested, for proof of concept):
if [ "$(id -u)" != "0" ]; then
echo "jenkins:x:$(id -u):$(id -g):Jenkins:${HOME}:/sbin/nologin" >> /etc/passwd
fi
- relates to
-
JENKINS-31944 Docker commandline passed wrong user id when executing.
-
- Closed
-
-
JENKINS-49416 Agent Dockerfile Overrides Entrypoint and User
-
- Open
-
[JENKINS-47026] User not completely set in docker containers
Link |
New:
This issue relates to |
Attachment | New: build_log.txt [ 41383 ] |
Attachment | New: Jenkinsfile [ 41384 ] |
Component/s | New: declarative-pipeline-when-conditions-plugin [ 23168 ] | |
Component/s | Original: docker [ 20834 ] |
Component/s | New: docker-workflow-plugin [ 20625 ] | |
Component/s | Original: declarative-pipeline-when-conditions-plugin [ 23168 ] |
Manually modifying /etc/passwd like this feels quite wrong to me. I understand that this is intended to be a lightweight fix that doesn't rely on extraneous system maintenance packages, but who is to say that any given Docker container is even configured to perform a lookup using /etc/passwd?
I think the root problem here is that Jenkins relies upon a shared volume model as the transport mechanism to get source into the container, and the build artefacts back out. While this is arguably reasonable for the input vector (permissions of the files being injected can be left fairly open), we clearly see the problems when trying to get files back out.
Would a better approach be to decouple container workspace filesystem from the host, and implement an RPC mechanism to deliver the build artefacts back to Jenkins.
I believe GitLab CI does something similar with its job caching and artefact management, so running tasks inside the Docker container as root is not a problem.