-
Bug
-
Resolution: Unresolved
-
Minor
-
None
Hi,
I have rhel 9.6 with selinux enabled. I run a jenkins agent as systemd service. The user which runs the agent has rootless docker.
My pipeline job first downloads a repo from git (this set runs outside of docker), then runs build steps in docker.
The issue is that withDockerContainer starts the docker container with -u user_pid:user_group (in my case it is -u 1013:1013) which causes the processes inside of docker to not be able to modify files created by git (or create new directories).
I suspect that the issue in this case is that the user inside of docker is mapped to root, but by providing -u option the applications inside of docker run with another user.
I do not have any special configuration for docker.
systemd file:
[Unit] Description=Jenkins JNLP Slave service After=network.target [Service] Type=simple Environment=LANG=C Environment=DOCKER_HOST=unix:///run/user/1013/docker.sock WorkingDirectory=/var/agent ExecStart=/usr/lib/jvm/java-21-zulu-openjdk/bin/java -jar /home/jenkins/agent.jar -url https://ANONYMIZED/ -secret ANONMIZED -name "ANONYMIZED" -webSocket -workDir "/var/agent" Restart=always RestartSec=30s WantedBy=multi-user.target
rootless docker is installed according to the docs, without any options.
I am able to run the pipeline if I provide args to withDockerContainer that overwrite -u by providing -u root:root. But I have to do it for each withDockerContainer execution.