search

just-containers / s6-overlay

s6 overlay for containers (includes execline, s6-linux-utils & a custom init)
Other
3.73k stars 212 forks source link

Question: pass args to the underlying service #553

Closed alekc closed 11 months ago

alekc commented 11 months ago

Currently I am using tini to lunch my container process which has to be run with a non-root user (otherwise it will crash). 

USER ue4
ENTRYPOINT ["/tini", "/home/ue4/project/debug.sh","--"]

As far as I understand, in order to retain the same functionality with s6-overlay (which runs as a rootmuser), I need to lunch my bash script as a longrun service (and not the CMD), so far so good.

The issue is that the container is launched by a third party PAAS which passes some command line args to it, I do not have access to the launch parameters, but I need to be able to pass them to my script (which then pass them again with /home/ue4/project/launcher.sh "$@")

Is it possible to do so with s6?

Thanks

skarnet commented 11 months ago

It is possible, but not trivial (you'd have to write the arguments into a file then read the file in your run script).

But given what you said, is there a particular reason why you cannot run your script as the CMD? That would mimic the behaviour of tini most closely.

alekc commented 11 months ago

Future proofing I guess. Please correct me if I am wrong, but if I want to run the script as a CMD with a non root user the supervisor will run with the same user as well, which means that all the services would not have root capabilities?

Unless it's possible to have something like a sudo functionality?

skarnet commented 11 months ago

Run your container as root, and prepend your service command line with s6-setuidgid foobar to make it run as user foobar. 😉

alekc commented 11 months ago

Mm, that would work. So would it be something like

USER root #for the sake of clarity
ENTRYPOINT ["/init","s6-setuidgid","foobar","/home/ue4/project/debug.sh","--"]

?

skarnet commented 11 months ago

That will work, but idiomatically, rather than giving arguments to /init in the ENTRYPOINT, I'd write the whole command line as a CMD.

Of course it also depends on how your automation is working, where it's adding its arguments, etc.

alekc commented 11 months ago

Paas does it in a werid way, where they do not pass the cmd but only args to it, so there is a good possibility that it would override Docker one. I Will try both ways and see if they work at all.

Closing this for now, thanks for the support.