Message ID | 20170925075458.18047-1-famz@redhat.com |
---|---|
State | New |
Headers | show |
Series | docker: Don't mount ccache db if NOUSER=1 | expand |
On Mon, Sep 25, 2017 at 4:54 AM, Fam Zheng <famz@redhat.com> wrote: > With NOUSER=1 the container runs code as root, which may create > privileged files that will not be be accssible next time. Skip ccache > dir mount in this case. > > Signed-off-by: Fam Zheng <famz@redhat.com> Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org> > --- > tests/docker/Makefile.include | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include > index 0e4f159619..6f9ea196a7 100644 > --- a/tests/docker/Makefile.include > +++ b/tests/docker/Makefile.include > @@ -143,9 +143,11 @@ docker-run: docker-qemu-src > -e EXTRA_CONFIGURE_OPTS="$(EXTRA_CONFIGURE_OPTS)" \ > -e V=$V -e J=$J -e DEBUG=$(DEBUG) \ > -e SHOW_ENV=$(SHOW_ENV) \ > - -e CCACHE_DIR=/var/tmp/ccache \ > + $(if $(NOUSER),, \ > + -e CCACHE_DIR=/var/tmp/ccache \ > + -v $(DOCKER_CCACHE_DIR):/var/tmp/ccache:z \ > + ) \ > -v $$(readlink -e $(DOCKER_SRC_COPY)):/var/tmp/qemu:z$(COMMA)ro \ > - -v $(DOCKER_CCACHE_DIR):/var/tmp/ccache:z \ > $(IMAGE) \ > /var/tmp/qemu/run \ > $(TEST), " RUN $(TEST) in ${IMAGE}") > -- > 2.13.5 >
On Wed, 09/27 23:07, Philippe Mathieu-Daudé wrote: > On Mon, Sep 25, 2017 at 4:54 AM, Fam Zheng <famz@redhat.com> wrote: > > With NOUSER=1 the container runs code as root, which may create > > privileged files that will not be be accssible next time. Skip ccache > > dir mount in this case. > > > > Signed-off-by: Fam Zheng <famz@redhat.com> > > Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Queued, thanks. Fam
Philippe Mathieu-Daudé <f4bug@amsat.org> writes: > On Mon, Sep 25, 2017 at 4:54 AM, Fam Zheng <famz@redhat.com> wrote: >> With NOUSER=1 the container runs code as root, which may create >> privileged files that will not be be accssible next time. Skip ccache >> dir mount in this case. >> >> Signed-off-by: Fam Zheng <famz@redhat.com> > > Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Makes sense: Reviewed-by: Alex Bennée <alex.bennee@linaro.org> > >> --- >> tests/docker/Makefile.include | 6 ++++-- >> 1 file changed, 4 insertions(+), 2 deletions(-) >> >> diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include >> index 0e4f159619..6f9ea196a7 100644 >> --- a/tests/docker/Makefile.include >> +++ b/tests/docker/Makefile.include >> @@ -143,9 +143,11 @@ docker-run: docker-qemu-src >> -e EXTRA_CONFIGURE_OPTS="$(EXTRA_CONFIGURE_OPTS)" \ >> -e V=$V -e J=$J -e DEBUG=$(DEBUG) \ >> -e SHOW_ENV=$(SHOW_ENV) \ >> - -e CCACHE_DIR=/var/tmp/ccache \ >> + $(if $(NOUSER),, \ >> + -e CCACHE_DIR=/var/tmp/ccache \ >> + -v $(DOCKER_CCACHE_DIR):/var/tmp/ccache:z \ >> + ) \ >> -v $$(readlink -e $(DOCKER_SRC_COPY)):/var/tmp/qemu:z$(COMMA)ro \ >> - -v $(DOCKER_CCACHE_DIR):/var/tmp/ccache:z \ >> $(IMAGE) \ >> /var/tmp/qemu/run \ >> $(TEST), " RUN $(TEST) in ${IMAGE}") >> -- >> 2.13.5 >> -- Alex Bennée
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include index 0e4f159619..6f9ea196a7 100644 --- a/tests/docker/Makefile.include +++ b/tests/docker/Makefile.include @@ -143,9 +143,11 @@ docker-run: docker-qemu-src -e EXTRA_CONFIGURE_OPTS="$(EXTRA_CONFIGURE_OPTS)" \ -e V=$V -e J=$J -e DEBUG=$(DEBUG) \ -e SHOW_ENV=$(SHOW_ENV) \ - -e CCACHE_DIR=/var/tmp/ccache \ + $(if $(NOUSER),, \ + -e CCACHE_DIR=/var/tmp/ccache \ + -v $(DOCKER_CCACHE_DIR):/var/tmp/ccache:z \ + ) \ -v $$(readlink -e $(DOCKER_SRC_COPY)):/var/tmp/qemu:z$(COMMA)ro \ - -v $(DOCKER_CCACHE_DIR):/var/tmp/ccache:z \ $(IMAGE) \ /var/tmp/qemu/run \ $(TEST), " RUN $(TEST) in ${IMAGE}")
With NOUSER=1 the container runs code as root, which may create privileged files that will not be be accssible next time. Skip ccache dir mount in this case. Signed-off-by: Fam Zheng <famz@redhat.com> --- tests/docker/Makefile.include | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)