我有一个安装了 docker 的自定义映像(docker-in-docker)。运行映像时,用户需要是$USERNAME(而不是 root)。但是,docker 服务需要 root 才能启动。
让 docker 以非 root 身份运行似乎过于复杂。所以我尝试su在入口点中使用,它可以工作,但它不是交互式的。
FROM ubuntu:18.04
# ... A lot of steps here to install stuff that are not really relevant to the problem.
COPY container-helpers/entrypoint.sh .
USER root
ENV ENTRYUSER $USERNAME
ENTRYPOINT [ "./entrypoint.sh" ]
CMD "pulumi up"
并且entrypoint.sh是:
#!/bin/bash
set -e
service docker start
export ENV_PATH=$PATH
su $ENTRY_USER -lp <<EOSU
set -e
export PATH=$ENV_PATH
. $NVM_DIR/nvm.sh
pulumi stack select -c dev
npx meteor-deploy stack configure default
$@ # Run given argument as a command
EOSU
我将其运行为:
$ docker run --env-file local.env --privileged -it meteor-deploy-leaderboard
* Starting Docker: docker [ OK ]
Logging in using access token from PULUMI_ACCESS_TOKEN
error: --yes must be passed in to proceed when running in non-interactive mode
或者,如果您不想接受 pulumi 的话:
$ docker run --env-file local.env --privileged -it meteor-deploy-leaderboard bash; echo "exited"
* Starting Docker: docker [ OK ]
Logging in using access token from PULUMI_ACCESS_TOKEN
exited
知道如何正确地将 tty 传递给 su 命令吗?