Skip to content

Comments around environment and user values #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Comments around environment and user values #2

wants to merge 1 commit into from

Conversation

smarterclayton
Copy link

Clarify environment more strictly, and propose changes to user to separate "id" and "name" as distinct entities. I think it is important to separate uid and name explicitly, given that the uid can be known outside the container, but the name may only have meaning inside the container (in the case of Linux containers that have custom /etc/nsswitch.conf)

Signed-off-by: Clayton Coleman [email protected]

@smarterclayton
Comments around environment and user values
6366676 
Clarify environment more strictly, and propose changes to user to separate "id" and "name" as distinct entities.
@philips
Copy link
Contributor

philips commented Jun 23, 2015

I agree with this change. We need to be explicit about the difference between id and name.

@smarterclayton
Copy link
Author

Brandon, is the defaulting behavior of the process ownership pid something you would like to see as well (uid of run command is the implicit default uid?)

On Jun 23, 2015, at 5:57 PM, Brandon Philips [email protected] wrote:

I agree with this change. We need to be explicit about the difference between id and name.


Reply to this email directly or view it on GitHub.

@philips
Copy link
Contributor

philips commented Jun 23, 2015

@smarterclayton Not sure I follow. Can you give an example?

@smarterclayton
Copy link
Author

If uid or name are unspecified, use the owning uid of the identified "exec" process file as the default uid. Adds one more level of indirection in order to resolve the start, but avoids defaulting to "0" in many cases. Not a huge issue to me, but it's not unusual for the exec process file owner to mean something.

On Jun 23, 2015, at 6:25 PM, Brandon Philips [email protected] wrote:

@smarterclayton Not sure I follow. Can you give an example?


Reply to this email directly or view it on GitHub.

@philips
Copy link
Contributor

philips commented Jun 23, 2015

@smarterclayton I guess it depends on if this behavior works under Windows. If not it feels like it is better to be require explicitness.

@mrunalp
Copy link
Contributor

mrunalp commented Jun 24, 2015

Yes, I agree that the defaulting depends on the OS behavior. On linux, unprivileged containers are possible only using a relatively newer kernel with user namespaces enabled. Hence, in most cases the container is started as root and a default of root/0 makes sense.

philips
philips reviewed Jun 24, 2015
View reviewed changes
runtime.md
"user": "daemon",
"user": {
"name": "daemon",
"id": 0,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should be a string so it can be "optional"

@crosbymichael
Copy link
Member

@smarterclayton I'm going to close this one because we have the same discussion going on in #10 about the user uid/gid vs username.

There is nothing wrong with the PR, I just want to keep the discussion in one place and your PR lost the coin flip, sorry ;)

@smarterclayton
Copy link
Author

I'll survive :). Will split the env changes out

On Jun 29, 2015, at 4:48 PM, Michael Crosby [email protected]
wrote:

@smarterclayton https://github.com/smarterclayton I'm going to close this
one because we have the same discussion going on in #10
#10 about the user uid/gid
vs username.

There is nothing wrong with the PR, I just want to keep the discussion in
one place and your PR lost the coin flip, sorry ;)


Reply to this email directly or view it on GitHub
#2 (comment).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@smarterclayton @philips @mrunalp @crosbymichael @jonboulle