search

cross-rs / cross

“Zero setup” cross compilation and “cross testing” of Rust crates
Apache License 2.0
6.49k stars 365 forks source link

ghcr.io/cross-rs/cross does not work when container runs with `--user` option #1339

Open AndreyMZ opened 11 months ago

AndreyMZ commented 11 months ago

Checklist

Describe your issue

The documentation suggests to run cross from inside a container like so:

docker run -v /var/run/docker.sock:/var/run/docker.sock -v .:/project -w /project my/development-image:tag cross build --target mips64-unknown-linux-gnuabi64

In general, this is wrong, because the container started from the my/development-image may run on behalf of a user different from the owner of the files in .. Usually, it runs on behalf of root. For example, ghcr.io/cross-rs/cross runs on behalf of root. This results in wrong ownership of files generated by cross (./target/**).

A proper way to run such tools is to use the --user option:

  1. Pass the current user.
  2. Pass the docker group to allow communicating via /var/run/docker.sock (which is readable and writable by root:docker).

But this does not work with ghcr.io/cross-rs/cross. See the detail below.

What target(s) are you cross-compiling for?

No response

Which operating system is the host (e.g computer cross is on) running?

What architecture is the host?

What container engine is cross using?

cross version

cross 0.2.5

Example

useradd appuser --create-home --groups docker --shell /bin/bash
su appuser --login

curl https://sh.rustup.rs -sSf | sh -s -- -y # See <https://rust-lang.github.io/rustup/installation/other.html>.
cargo new hello_world --bin
cd hello_world/

docker run \
    -v /var/run/docker.sock:/var/run/docker.sock:rw \
    -v /etc/passwd:/etc/passwd:ro \
    -v /etc/group:/etc/group:ro   \
    -v .:/app:rw -w /app          \
    --user "$(id -u):$(getent group docker | cut -d: -f3)" \
    -it ghcr.io/cross-rs/cross:edge cross build

Actual result

appuser@ip-10-69-41-133:~/hello_world$ docker run \
        -v /var/run/docker.sock:/var/run/docker.sock:rw \
        -v /etc/passwd:/etc/passwd:ro \
        -v /etc/group:/etc/group:ro   \
        -v .:/app:rw -w /app          \
        --user "$(id -u):$(getent group docker | cut -d: -f3)" \
        -it ghcr.io/cross-rs/cross:edge cross build
Error:
   0: could not execute `rustc --print target-list`
   1: Permission denied (os error 13)

Expected result

No such error.

Additional information / notes

Root cause

Rust is installed into /root/.cargo/bin/:

$ docker run -it ghcr.io/cross-rs/cross:edge which rustc
/root/.cargo/bin/rustc

Possible solution

  1. Install Rust into some world-readable location on building ghcr.io/cross-rs/cross using the environment variables RUSTUP_HOME and CARGO_HOME. See https://rust-lang.github.io/rustup/installation/index.html#choosing-where-to-install.
  2. Propose the proper docker run ... command in the documentation about "Docker in Docker".

Additional information

The official Docker image rust does not have such problem:

appuser@ip-10-69-41-133:~/hello_world$ docker run \
        -v /var/run/docker.sock:/var/run/docker.sock:rw \
        -v /etc/passwd:/etc/passwd:ro \
        -v /etc/group:/etc/group:ro   \
        -v .:/app:rw -w /app          \
        --user "$(id -u):$(getent group docker | cut -d: -f3)" \
        -it rust:latest rustc --version
rustc 1.72.1 (d5c2e9c34 2023-09-13)

because Rust is installed into /usr/local/cargo/bin:

$ docker run -it rust:latest which rustc
/usr/local/cargo/bin/rustc
thoongnv commented 9 months ago

I seem to have encountered this same problem, getting permission denied on reading files under /home/runner/ with the below command on CI ubuntu-latest image.

cross test --target aarch64-unknown-linux-gnu -- --nocapture