linux - 带有 -u 选项的 useradd 导致 docker 挂起
问题描述
我有以下泊坞窗文件
FROM ubuntu:18.04
ARG user_id
ARG user_gid
# Essential packages for building on a Ubuntu host
# https://docs.yoctoproject.org/ref-manual/system-requirements.html#ubuntu-and-debian
# Note, we set DEBIAN_FRONTEND=noninteractive prior to the call to apt-get
# install because otherwise we'll get prompted to select a timezone when the
# tzdata package gets included as a dependency.
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
gawk wget git-core diffstat unzip texinfo gcc-multilib build-essential \
chrpath socat cpio python3 python3-pip python3-pexpect xz-utils \
debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa \
libsdl1.2-dev pylint3 xterm python3-subunit mesa-common-dev sudo
# Add a user and set them up for passwordless sudo. We're using the same user
# ID and group numbers as the host system. This allows us to give the yocto
# user ownership of files and directories in the poky volume we're going to add
# without needing to change ownership which would also affect the host system.
RUN groupadd -g $user_gid yoctouser
RUN useradd -m yoctouser -u $user_id -g $user_gid
#echo "yoctouser ALL=(ALL:ALL) NOPASSWD:ALL" | tee -a /etc/sudoers
USER yoctouser
WORKDIR /home/yoctouser
ENV LANG=en_US.UTF-8
CMD /bin/bash
useradd 命令挂起,特别是-u选项是问题所在。如果我删除-u $user_id一切正常。此外,docker 正在填满我的磁盘。几秒钟后将选项/var/lib/docker/overlay2/从 852MB变为千兆字节。-u如果我不杀死它,它会完全填满我的磁盘,我最终不得不停止 docker 守护进程并手动删除 overlay2 目录中的文件夹。
为什么指定此 uid 可能会成为问题?
这是我为驱动它而编写的 python 脚本的相关部分,因此您可以看到我如何获取用户 ID 并将其传递给docker build.
def build_docker_image():
print("Building a docker image named:", DOCKER_IMAGE_NAME)
USERID_ARG = "user_id=" + str(os.getuid())
USERGID_ARG = "user_gid=" + str(os.getgid())
print(USERID_ARG)
print(USERGID_ARG)
try:
subprocess.check_call(['docker', 'build',
'--build-arg', USERID_ARG,
'--build-arg', USERGID_ARG,
'-t', DOCKER_IMAGE_NAME, '.',
'-f', DOCKERFILE_NAME])
except:
print("Failed to create the docker image")
sys.exit(1)
FWIW,在我的系统上
user_id=1666422094
user_gid=1666400513
我正在运行 Docker 版本 20.10.5,在 Ubuntu 18.04 主机上构建 55c4c88。
解决方案
在调用解决docker 中与如何处理大型 UID 相关的错误时,我需要使用-l/--no-log-init选项。useradd
我最终的 dockerfile 看起来像
FROM ubuntu:18.04
ARG user_id
ARG user_gid
# Essential packages for building on a Ubuntu host
# https://docs.yoctoproject.org/ref-manual/system-requirements.html#ubuntu-and-debian
# Note, we set DEBIAN_FRONTEND=noninteractive prior to the call to apt-get
# install because otherwise we'll get prompted to select a timezone when the
# tzdata package gets included as a dependency.
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
gawk wget git-core diffstat unzip texinfo gcc-multilib build-essential \
chrpath socat cpio python3 python3-pip python3-pexpect xz-utils \
debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa \
libsdl1.2-dev pylint3 xterm python3-subunit mesa-common-dev
# Set up locales
RUN apt-get install -y locales
RUN dpkg-reconfigure locales && \
locale-gen en_US.UTF-8 && \
update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8
ENV LC_ALL=en_US.UTF-8
ENV LANG=en_US.UTF-8
ENV LANGUAGE=en_US.UTF-8
# Add a user and set them up for passwordless sudo. We're using the same user
# ID and group numbers as the host system. This allows us to give the yocto
# user ownership of files and directories in the poky mount we're going to add
# without needing to change ownership which would also affect the host system.
# Note the use of the --no-log-init option for useradd. This is a workaround to
# [a bug](https://github.com/moby/moby/issues/5419) relating to how large UIDs
# are handled.
RUN apt-get install -y sudo && \
groupadd --gid ${user_gid} yoctouser && \
useradd --create-home --no-log-init --uid ${user_id} --gid yoctouser \
yoctouser && \
echo "yoctouser ALL=(ALL:ALL) NOPASSWD:ALL" | tee -a /etc/sudoers
USER yoctouser
WORKDIR /home/yoctouser
CMD ["/bin/bash"]
推荐阅读
- php - 动态列/属性。卡住。需要灵感
- r - 在R中反转正则表达式
- ios - React Native - npx react-native run-ios 在初始化项目后不起作用
- php - 相互使用两个特征的正确方法是什么
- c - 为什么 4/14 在 C 中是 0.00000
- azure - 如何使用保存在 Azure Blob 中的遥测数据来构建报告?
- javascript - 带有 Electron-Vue.js 的串口
- python - df.groupby('MONTH')['TASKTYPE'].value_counts().unstack().loc[month_order].plot.bar(stacked=True) - KeyError
- svelte - 如何在 Svelte 中使用系统信息?
- c# - .net Channels:为什么消费者/读者在无界通道中一个接一个地连续消费生产者输出