Closed martinrehfeld closed 8 years ago
I made some progress on supporting non-linux builds by using syscall
directly and still using opencontainers/runc/system
on linux/lxc.
Seems to work ok now on my local machine (darwin
) and also in the Docker build.
Still looking for feedback; am I on the right track?
I thought it might be a good idea to combine the shush exec command with the functionality of tianon /gosu.
Hi Martin. Can you say more about why you think the combination would be a good idea?
shush
is a KMS client, gosu
changes uid/gid; those things aren't particularly related, so a single utility that does both would seem a bit strange, to me. Also, I'm guessing you could use them together pretty easily, e.g.
shush exec -- gosu somebody command
Sure. I have a use case where I need root priviledges in the entrypoint script to set the container up and then want to drop privileges for the actual application. I happen to use shush
already and did not want to roll out another utility for the app, so I went with standard su
, but that is cumbersome and also clutters the process list.
So I thought, if shush
only could also change the uid on exec, I would be happy :-)
I'm afraid I'm unconvinced that this belongs in shush
. Sorry. Perhaps you should create your own project as a mashup of the two, to suit your needs. Feel free to lift code from shush if/where it helps.
Fair enough. Thanks for considering.
This is work in progress / not an actual pull request yet
I thought it might be a good idea to combine the
shush exec
command with the functionality of tianon /gosu.While it was straight-forward to include
gosu
code to provide the desired functionality, I realized that the code can only be build in Linux/Docker containers now because ofgosu
s dependency on opencontainers/runc.So I am wondering:
opencontainers/runc
to get cross-plattformSetguid/Setuid
?shush
actually being used outside Docker containers, so it won't even be problem not to have a Darwin build?As I am not a
golang
person, I could use some guidance here, if and how to proceed...Thank you + cheers, Martin