You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Talking with @sloretz it would be good to have the ability to do things as the user in the Dockerfile snippets.
I think that the recommended pattern would be that the snippet would switch to the USER command at the top of it and then return to the USER root at the end. To make this useful though a few helper functions would be valuable to let the plugins query for the username to switch to. Alternatively they could ask for their snippet to be run as user.
Also related the user account would need to be setup at the beginning before the snippet and the final USER setting postpended.
This would drive a need for extension point dependencies. And maybe the --user option would drive the --user-account option and anything that wants to run as a user would also require the --user-account option. And we could make sure that user-account is run first.
A slightly more integrated solution would be to allow the snippet to be registered with an option "run as user" and then the switch to and from USER would be handled by rocker instead of by the snippet. This would make it less likely that a snippet would forget to return the USER to root and break everything downstream.
The text was updated successfully, but these errors were encountered:
Talking with @sloretz it would be good to have the ability to do things as the user in the Dockerfile snippets.
I think that the recommended pattern would be that the snippet would switch to the USER command at the top of it and then return to the USER root at the end. To make this useful though a few helper functions would be valuable to let the plugins query for the username to switch to. Alternatively they could ask for their snippet to be run as user.
Also related the user account would need to be setup at the beginning before the snippet and the final USER setting postpended.
This would drive a need for extension point dependencies. And maybe the --user option would drive the --user-account option and anything that wants to run as a user would also require the --user-account option. And we could make sure that user-account is run first.
A slightly more integrated solution would be to allow the snippet to be registered with an option "run as user" and then the switch to and from USER would be handled by rocker instead of by the snippet. This would make it less likely that a snippet would forget to return the USER to root and break everything downstream.
The text was updated successfully, but these errors were encountered: