mirror of
https://github.com/dragonflydb/dragonfly.git
synced 2024-12-14 11:58:02 +00:00
cec3659b51
Fixes #2917 The problem is described in this "working as intended" issue https://github.com/moby/moby/issues/3124 So the advised approach of using "USER dfly" directive does not really work because it requires that the host will also define 'dfly' user with the same id. It's unrealistic expectation. Therefore, we revert the fix done in #1775 and follow valkey approach: https://github.com/valkey-io/valkey-container/blob/mainline/docker-entrypoint.sh#L12 1. we run the entrypoint in the container as root which later spawns the dragonfly process 2. if we run as root: a. we chmod files under /data to dfly. b. use setpriv to exec ourselves as dfly. 3. if we do not run as root we execute the docker command. So even though the process starts as root, the server runs as dfly and only the bootstrap part has elevated permissions is used to fix the volume access. While we are at it, we also switched to setpriv following the change of https://github.com/valkey-io/valkey-container/pull/24/files Signed-off-by: Roman Gershman <roman@dragonflydb.io> |
||
|---|---|---|
| .. | ||
| benchmark | ||
| docker | ||
| eviction | ||
| local/monitoring | ||
| packaging | ||
| replay | ||
| balls_bins.py | ||
| cache_logs_player.py | ||
| cache_testing.py | ||
| cluster_mgr.py | ||
| defrag_db.py | ||
| defrag_mem_test.py | ||
| generate-tls-files.sh | ||
| json_benchmark.py | ||
| release.sh | ||
| requirements.txt | ||