This PR fixes an issue with using bindfs to work around file ownership issues caused by running the Docker daemon as root (#594). This support is provided as a courtesy, but the better solution is to run Docker in "rootless" mode, which is done automatically when you use Docker Desktop. Support for running Docker as root should be considered deprecated.
what
Use bi-directional UID and GUID mapping in bindfs mount of host filesystem
Remove host username ($USER) from Geodesic environment
why
To guard against CVE-2022-24765, git checks the ownership of all directories it looks at for configuration, and complains if it finds a directory with a different owner.
The host's username was injected to support ansible 8 years ago (#65). It was never working properly on Debian due to the different structure of the adduser command on Debian vs Alpine, and should not be necessary now. If it turns out to be needed for some reason, we should develop a more robust solution.
REMINDER
This PR fixes an issue with using
bindfs
to work around file ownership issues caused by running the Docker daemon as root (#594). This support is provided as a courtesy, but the better solution is to run Docker in "rootless" mode, which is done automatically when you use Docker Desktop. Support for running Docker asroot
should be considered deprecated.what
bindfs
mount of host filesystem$USER
) from Geodesic environmentwhy
git
checks the ownership of all directories it looks at for configuration, and complains if it finds a directory with a different owner.ansible
8 years ago (#65). It was never working properly on Debian due to the different structure of theadduser
command on Debian vs Alpine, and should not be necessary now. If it turns out to be needed for some reason, we should develop a more robust solution.references