This PR fixes an issue with using bindfs to work around file ownership issues caused by running the Docker daemon as root (#594). This support is provided as a courtesy, but the better solution is to run Docker in "rootless" mode, which is done automatically when you use Docker Desktop. Support for running Docker as root should be considered deprecated.
what
Use bi-directional UID and GUID mapping in bindfs mount of host filesystem
Remove host username ($USER) from Geodesic environment
why
To guard against CVE-2022-24765, git checks the ownership of all directories it looks at for configuration, and complains if it finds a directory with a different owner.
The host's username was injected to support ansible 8 years ago (#65). It was never working properly on Debian due to the different structure of the adduser command on Debian vs Alpine, and should not be necessary now. If it turns out to be needed for some reason, we should develop a more robust solution.
REMINDER
This PR fixes an issue with using
bindfsto work around file ownership issues caused by running the Docker daemon as root (#594). This support is provided as a courtesy, but the better solution is to run Docker in "rootless" mode, which is done automatically when you use Docker Desktop. Support for running Docker asrootshould be considered deprecated.what
bindfsmount of host filesystem$USER) from Geodesic environmentwhy
gitchecks the ownership of all directories it looks at for configuration, and complains if it finds a directory with a different owner.ansible8 years ago (#65). It was never working properly on Debian due to the different structure of theaddusercommand on Debian vs Alpine, and should not be necessary now. If it turns out to be needed for some reason, we should develop a more robust solution.references