Closed yuanxingyang closed 6 months ago
yuanxingyang
commented
7 months ago The sandbox recipes will be like the following:
`provideSandbox: paths: [ "/bin", "/usr/bin", "/sbin","usr/include"] mount:
jkloetzke
commented
7 months ago Thanks for the PR. Interesting that the license check is somehow influenced by the user/group id. Anyway, I think we shall support this.
I don't think we need a fully generic solution here, do we? Currently I see three sensible behaviours:
namespace-sandbox but not exposed in Bob.I would propose a new sandbox property that allows just the three cases above:
provideSandbox:
user: "nobody" / "current" / "root"Would you mind to update the PR in this direction? A couple of additional thoughts:
default.yaml too (sandbox key)test/black-box/sandbox/... a bit?)yuanxingyang
commented
7 months ago I don't mind and I'm very happy if you can make direct modifications on this PR.
I have a few ideas, see if you can adopt them:
Use '\$USER' instead of 'current', this way it's more intuitive and easier to understand provideSandbox: user: "nobody" / "\$USER" / "root"
When obtaining information about the current user, avoid accessing the /etc/passwd file. In some organizations, accounts are managed through the Active Directory mechanism, so there is no user information in the /etc/passwd file
jkloetzke
commented
6 months ago Please have a look at the current state of the PR. Let me know if it fits your needs...
yuanxingyang
commented
6 months ago Please have a look at the current state of the PR. Let me know if it fits your needs...
This PR perfectly implements my requirements, and I have validated it locally without any issues.
jkloetzke
commented
6 months ago Perfect. Thanks!
This patch is used to address the issue of needing to use a specific user ID during the compilation phase to connect to the server and validate the compiler license legality, e.g. QNX project qcc compiler need to check license via online server