Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rootless container #1

Open
Eliav2 opened this issue Jun 22, 2023 · 3 comments
Open

rootless container #1

Eliav2 opened this issue Jun 22, 2023 · 3 comments

Comments

@Eliav2
Copy link

Eliav2 commented Jun 22, 2023

This does not seems to be rootless container as it is written in the readme

$  docker run --user 1000 -it --rm docker.io/kalaksi/phpldapadmin
Unable to find image 'kalaksi/phpldapadmin:latest' locally
latest: Pulling from kalaksi/phpldapadmin
bff3e048017e: Pull complete
ddf93b070b14: Pull complete
b08a99ffbe87: Pull complete
a74618c25e7c: Pull complete
66bcb28135fe: Pull complete
bec860703ad9: Pull complete
Digest: sha256:e721ba8ec03feb01de5622b09892941712461ca253baaabbc665d486a834cb4a
Status: Downloaded newer image for kalaksi/phpldapadmin:latest
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./add_attr_form.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./add_oclass_form.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./add_value_form.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./cmd.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./collapse.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./common.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./compare.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./compare_form.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./copy.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./copy_form.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./create.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./create_confirm.php': Permission denied
cp: cannot create directory '/usr/share/phpldapadmin/htdocs/./css': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./delete.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./delete_attr.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./delete_form.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./download_binary_attr.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./draw_tree_node.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./entry_chooser.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./expand.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./export.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./export_form.php': Permission denied
cp: cannot create directory '/usr/share/phpldapadmin/htdocs/./images': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./import.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./import_form.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./index.php': Permission denied
cp: cannot create directory '/usr/share/phpldapadmin/htdocs/./js': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./login.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./login_form.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./logout.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./mass_delete.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./mass_edit.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./mass_update.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./modify_member_form.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./monitor.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./password_checker.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./purge_cache.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./query_engine.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./rdelete.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./refresh.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./rename.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./rename_form.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./schema.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./server_info.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./show_cache.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./template_engine.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./update.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./update_confirm.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./view_jpeg_photo.php': Permission denied
cp: cannot create regular file '/usr/share/phpldapadmin/htdocs/./welcome.php': Permission denied
cp: preserving times for '/usr/share/phpldapadmin/htdocs/.': Operation not permitted
@kalaksi
Copy link
Owner

kalaksi commented Jun 22, 2023

It is a rootless container and you can see the default uid (70859) and gid (70859) in the Dockerfile .

If you want to specify your own uid/gid, you need to do more than just run it, as you have seen. The permissions have to be correct for the PHP runtime directory and the htdocs. This means that you will need to rebuild the image with environment variables PHPLDAPADMIN_UID and PHPLDAPADMIN_GID set to your liking. It will then configure the ownerships during the build process since those can't be set during running without root privileges.

@kalaksi kalaksi closed this as completed Jun 22, 2023
@Eliav2
Copy link
Author

Eliav2 commented Jun 24, 2023

this is actually not a rootless container.

when creating a pod in OpenShift uses a random UID user and if you don't have permissions on your OpenShift cluster you don't have control on the specific UID that would be used when running the container.

A rootless container is a container that all of the necessary files that is used to run the application are accessible by ANY USER.

the problem is that the base image you used is not rootless. see osixia/container-baseimage#31

you can verify it by running any of these commands:

# docker run --user 1000 -it --rm osixia/phpldapadmin:0.9.0 bash
# docker run --user 1000 -it --rm osixia/light-baseimage bash
# docker run --user 1000 -it --rm phusion/baseimage:jammy-1.0.1 bash

the process immedicably exits:

lousk@Eliavs-PC MINGW64 /c/Windows/system32
$ docker run --user 1000 -it --rm osixia/phpldapadmin:0.9.0 bash
*** CONTAINER_LOG_LEVEL = 3 (info)
*** Killing all processes...

This issue is not resolved. (but I'm not sure you can do anything about it except provide completely new image build that preferably don't use ubuntu because running rootless containers in ubuntu is quite hard)

@kalaksi
Copy link
Owner

kalaksi commented Jun 24, 2023
edited
Loading

Okay, sure. The readme doesn't talk about that, though, it just says that this container is run without root (which it is). Apparently, there are issues with OpenShift, or similar setups, which is not ideal.

@kalaksi kalaksi reopened this Jun 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kalaksi @Eliav2