No setuid #72
No setuid #72
Conversation
|
I've removed the quicktest |
Use /tmp/ for generated start command file
docker-entrypoint.sh
Outdated
| | awk '/\\$/ { printf "%s", substr($0, 1, length($0)-1); next } 1' \ | ||
| | egrep -v '[^ ]*java .* org\.eclipse\.jetty\.xml\.XmlConfiguration ' | ||
| exit | ||
| fi | ||
| set -- $(sed 's/\\$//' /jetty-start) | ||
| set -- $(sed 's/\\$//' /tmp/jetty-start) |
There was a problem hiding this comment.
The entrypoint no longer runs as root, so it can't create the on the fly version of /jetty-start in root. So just create it in /tmp instead.
There was a problem hiding this comment.
Maybe it would make sense to touch and chown the file at /jetty-start and add an extra check for a non-zero with test -s? I'm leery of using /tmp since it's a prime candidate for mounting into the container with tmpfs.
There was a problem hiding this comment.
Either that or put it under $JETTY_BASE, which is already owned by jetty. Though now that I look, I see we still have code setting TMPDIR to /tmp/jetty and chown'ing that...
use $TMPDIR
|
@md5 I think this is good to go, the |
|
Where's the documentation? |
|
Sorry, I'm behind on looking at the documentation. Will get to it ASAP. |
The technical side of #70 . Will also produce a PR for the documentation soon.
Note this PR branched off the quicktest one. If that's not acceptable, I'll remake this one.