deis / builder

Git server and application builder for Deis Workflow
https://deis.com
MIT License
40 stars 41 forks source link

Deis Builder modifies GID of Docker Socket #457

Closed felixbuenemann closed 7 years ago

felixbuenemann commented 7 years ago

I'm running Deis Workflow v2.9.0 on CoreOS and noticed that on the node which is hosting the deis-builder pod I can no longer access the docker socket on the host as the default user "core" which is part of the "docker" group without using sudo.

After inspecting the persions on the "/var/run/docker.socket" I noticed that the GID of the socket changed from "docker" (GID 233) to 107 which maps to the GID of the "git" group in the builder pod.

Instead of modifying the gid of the docker socket the container could instead modify the gid of the "git" group to match the gid on the mounted docker socket or create a docker group with the proper id inside the container and add the git user to that group.

felixbuenemann commented 7 years ago

Wrong repo, this is actually caused by the deis-controller, which mounts the docker.sock and where gid 107 maps to the "deis" group. They probably use the same baseimage, which is why the gid of the first created group matches.

felixbuenemann commented 7 years ago

See deis/controller#1170 for new issue.