Table of Contents generated with DocToc
Date: 2023-11-29
Accepted
Builds on 6. Using root user and fixing ownership for-ci-container Builds on 14. Fix root ownership after exiting docker command
Rootless docker solutions are becoming more and more popular. They are more secure to run and they allow to run docker containers without root privileges. It is expected that in the near future, rootless docker will become the default way of running docker.
In case of rootless docker, the assumptions from both 6. and 14. ADRs are not valid. The user running docker is re-mapped from the original user in the host that run the container. This means that the ownership of files created in the container does not have to be fixed (the user ids will be re-mapped from the container back to the host automatically) and that the dag folder owned by the user on the host will be automatically owned by the mapped user inside the container.
This means that we do not need to neither fix the ownership nor change the ownership when the docker is in rootless mode.
When we enter breeze container we check if docker is running in rootless mode, and we
have a DOCKER_IS_ROOTLESS variable set to true when entering the container. This variable might
then be used to make decision on changing ownership of the files inside the container.
Users running Breeze on Linux will have less problems with root owned files and we can also remove
dedicated ci fix-ownership command in CI.