search

containers / buildah

A tool that facilitates building OCI images.
https://buildah.io
Apache License 2.0
7.43k stars 784 forks source link

$UID, $USER don't expand in storage.conf #2311

Closed mrinaldhillon closed 4 years ago

mrinaldhillon commented 4 years ago

Description $UID/$USER does not expand in storage.conf with exception of rootless_storage_path

Describe the results you received: runroot is '/tmp/containers-$UID/storage'

Describe the results you expected: runroot should be /tmp/containers-1000/storage

Output of rpm -q buildah or apt list buildah:

buildah-1.14.8-1.fc31.x86_64

Output of buildah version:

buildah version 1.14.8 (image-spec 1.0.1-dev, runtime-spec 1.0.1-dev)

*Output of `cat /etc/release`:**

NAME=Fedora
VERSION="31 (Workstation Edition)"
ID=fedora
VERSION_ID=31
VERSION_CODENAME=""
PLATFORM_ID="platform:f31"
PRETTY_NAME="Fedora 31 (Workstation Edition)"
ANSI_COLOR="0;34"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:31"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f31/system-administrators-guide/"
SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=31
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=31
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Workstation Edition"
VARIANT_ID=workstation

Output of uname -a:

Linux localhost.localdomain 5.3.7-301.fc31.x86_64 #1 SMP Mon Oct 21 19:18:58 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

Output of cat /etc/containers/storage.conf:

cat ~/.config/containers/storage.conf
[storage]
driver = "overlay"

runroot = "/tmp/containers-$UID/storage"

rootless_storage_path = "/b/workspace/containers-$UID/storage"

[storage.options]
mount_program = "/usr/bin/fuse-overlayfs"

mountopt = "nodev"
cat /etc/containers/storage.conf

[storage]
driver = "overlay"

runroot = "/var/run/containers/storage"

graphroot = "/var/lib/containers/storage"

[storage.options]
mount_program = "/usr/bin/fuse-overlayfs"

mountopt = "nodev,metacopy=on"
 buildah info
{
    "host": {
        "CgroupVersion": "v2",
        "Distribution": {
            "distribution": "fedora",
            "version": "31"
        },
        "MemTotal": 16763703296,
        "MenFree": 175484928,
        "OCIRuntime": "crun",
        "SwapFree": 33770369024,
        "SwapTotal": 33780920320,
        "arch": "amd64",
        "cpus": 16,
        "hostname": "localhost.localdomain",
        "kernel": "5.3.7-301.fc31.x86_64",
        "os": "linux",
        "rootless": true,
        "uptime": "843h 22m 31.95s (Approximately 35.12 days)"
    },
    "store": {
        "ContainerStore": {
            "number": 0
        },
        "GraphDriverName": "overlay",
        "GraphOptions": [
            "overlay.mount_program=/usr/bin/fuse-overlayfs",
            "overlay.mountopt=nodev",
            "overlay.mount_program=/usr/bin/fuse-overlayfs",
            "overlay.mountopt=nodev"
        ],
        "GraphRoot": "/b/workspace/containers-1000/storage",
        "GraphStatus": {
            "Backing Filesystem": "xfs",
            "Native Overlay Diff": "false",
            "Supports d_type": "true",
            "Using metacopy": "false"
        },
        "ImageStore": {
            "number": 0
        },
        "RunRoot": "/tmp/containers-$UID/storage"
    }
}
vrothberg commented 4 years ago

Thanks for opening the issue!

@rhatdan, @giuseppe, WDYT? I think it makes sense to expand more path variables.

giuseppe commented 4 years ago

I agree, at least RunRoot must be expanded

rhatdan commented 4 years ago

@ashley-cui PTAL

mrinaldhillon commented 4 years ago

Hi @ashley-cui is there a reason to not expand just any environment variable ? For example I run the builds in repo sandbox with container tool binaries and writable paths i.e. storage root, tmpdirs are under the sandbox root. These paths are exported as environment variables during the build context of each product. $SBROOT/package/$PRODUCT/$VARIANT/build/containers/{storage,runroot,tmp}

rhatdan commented 4 years ago

I would guess this is ok. I don't think there is a security issue. Might lead to some unexpected issues. but very few users in the world would do this.

ashley-cui commented 4 years ago

@rhatdan @mrinaldhillon Sounds good, I'll fix it in a bit

mrinaldhillon commented 4 years ago

Thank you so much . You are simply awesome !!!