Open sttts opened 8 years ago
There are several reasons to continue testing in a container:
are there other ways to achieve the goal of not running as root
?
docker has to be run with root privileges. Tho it's possible to create a user in the dockerfile and switch to that user so that the subsequent commands run as a different user.
For the docker commands that '[have] to be run with root privileges' .. what if we create a user, add that user to the "docker group", and then switch to that user for subsequent docker commands?
On Tue, Dec 1, 2015 at 6:15 PM, Karl Isenberg notifications@github.com wrote:
docker has to be run with root privileges. Tho it's possible to create a user in the dockerfile and switch to that user so that the subsequent commands run as a different user.
— Reply to this email directly or view it on GitHub https://github.com/mesosphere/kubernetes-mesos/issues/653#issuecomment-161127824 .
We could do that, but TeamCity already runs its builds as root. So we didn't need to. And the docker group is effectively the admin group. So there's almost no benefit. What are you trying to achieve?
It sounded like "running as root" was a possible concern. Was trying trying to suggest solutions.
On Tue, Dec 1, 2015 at 6:24 PM, Karl Isenberg notifications@github.com wrote:
We could do that, but TeamCity already runs its builds as root. So we didn't need to. And the docker group is effectively the admin group. So there's almost no benefit. What are you trying to achieve?
— Reply to this email directly or view it on GitHub https://github.com/mesosphere/kubernetes-mesos/issues/653#issuecomment-161129545 .
We run the scripts in hack/, build/ and the Makefile itself in a Docker container. This adds unnecessary complexity.
The original reason to do that was that we were sharing Teamcity agents with other proejcts. This is not the case anymore.
In addition we could clean up the e2e jobs by not using the root user.