dockerfile: allow setting file mode/uid for ssh and secrets#767
dockerfile: allow setting file mode/uid for ssh and secrets#767AkihiroSuda merged 2 commits intomoby:masterfrom
Conversation
|
Can we default to the user specified by the |
|
It would be tricky as there is no support for such stateful operations directly in LLB and would need to do another request. Also, definition of user depends on the executor implementation. I'd rather skip uid/gid then and only expose mode. |
| |`target` | Mount path. Defaults to `/run/secrets/` + `id`.| | ||
| |`required` | If set to `true`, the instruction errors out when the secret is unavailable. Defaults to `false`.| | ||
| |`mode` | File mode for secret file in octal. Default 0400.| | ||
| |`uid` | User ID for secret file.| |
| Required bool | ||
| Mode *uint64 | ||
| UID *uint64 | ||
| GID *uint64 |
There was a problem hiding this comment.
Just dropping by, but wondering: should these be *uint32 instead of *uint64 ? (I think Linux uses 32 bit for this)
In moby, looks like we're using int in some places (which may not be correct); https://github.com/moby/moby/blob/b3e9f7b13b0f0c414fa6253e1f17a86b2cff68b5/pkg/idtools/idtools.go#L105-L110
There was a problem hiding this comment.
This is just to match the return type from parse. They are casted before actual use. I'll change the bitsize of the parse though.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
tonistiigi
force-pushed
the
dockerfile-uid-mode
branch
from
a1649b2 to
b521aae
Compare
|
Updated. |
3 participants
fixes #760 #763