1

我有一个安装了 docker 的自定义映像(docker-in-docker)。运行映像时,用户需要是$USERNAME(而不是 root)。但是,docker 服务需要 root 才能启动。

让 docker 以非 root 身份运行似乎过于复杂。所以我尝试su在入口点中使用,它可以工作,但它不是交互式的。

FROM ubuntu:18.04

# ... A lot of steps here to install stuff that are not really relevant to the problem.

COPY container-helpers/entrypoint.sh .
USER root
ENV ENTRYUSER $USERNAME
ENTRYPOINT [ "./entrypoint.sh" ]
CMD "pulumi up"

并且entrypoint.sh是:

#!/bin/bash
set -e
service docker start
export ENV_PATH=$PATH
su $ENTRY_USER -lp <<EOSU
set -e
export PATH=$ENV_PATH
. $NVM_DIR/nvm.sh
pulumi stack select -c dev
npx meteor-deploy stack configure default
$@ # Run given argument as a command
EOSU

我将其运行为:

$ docker run --env-file local.env --privileged -it meteor-deploy-leaderboard
 * Starting Docker: docker                                                                                                                                                                                                                                 [ OK ] 
Logging in using access token from PULUMI_ACCESS_TOKEN
error: --yes must be passed in to proceed when running in non-interactive mode

或者,如果您不想接受 pulumi 的话:

$ docker run --env-file local.env --privileged -it meteor-deploy-leaderboard bash; echo "exited"
 * Starting Docker: docker                                                                                                                                                                                                                                 [ OK ] 
Logging in using access token from PULUMI_ACCESS_TOKEN
exited

知道如何正确地将 tty 传递给 su 命令吗?

4

0 回答 0