The updateUID.Dockerfile is wrongly executing /etc/bash.bashrc as root · Issue #4281 · microsoft/vscode-remote-release

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

爽快的红烧肉 · canvas绘制文字、矩形、圆形、线条 ...· 11 月前 ·

完美的鸡蛋面 · 根据某个字段类型关联不同数据的表查询_mys ...· 1 年前 ·

飘逸的野马 · typescript能否动态生成类型，并根据 ...· 1 年前 ·

淡定的铅笔 · C++ complex复数类用法详解· 1 年前 ·

逃课的充电器 · go 字符转ASCII ...· 1 年前 ·

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement . We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

VS Code Remote - Containers internally extend the image defined in the devcontainer.json to adjust the UID and GID to match with the host. However, I found a bug, which happens when someone defines a custom SHELL in their devcontainer/Dockerfile . This seems to be the content of the current updateUID.Dockerfile :

# cat /tmp/vsch/updateUID.Dockerfile-0.154.2
ARG BASE_IMAGE
FROM $BASE_IMAGE
USER root
ARG REMOTE_USER
ARG NEW_UID
ARG NEW_GID
RUN /bin/sh -c ' \
        eval $(sed -n "s/${REMOTE_USER}:[^:]*:\([^:]*\):\([^:]*\):[^:]*:\([^:]*\).*/OLD_UID=\1;OLD_GID=\2;HOME_FOLDER=\3/p" /etc/passwd); \
        eval $(sed -n "s/\([^:]*\):[^:]*:${NEW_UID}:.*/EXISTING_USER=\1/p" /etc/passwd); \
        eval $(sed -n "s/\([^:]*\):[^:]*:${NEW_GID}:.*/EXISTING_GROUP=\1/p" /etc/group); \
        if [ -z "$OLD_UID" ]; then \
                echo "Remote user not found in /etc/passwd ($REMOTE_USER)."; \
        elif [ "$OLD_UID" = "$NEW_UID" -a "$OLD_GID" = "$NEW_GID" ]; then \
                echo "UIDs and GIDs are the same ($NEW_UID:$NEW_GID)."; \
        elif [ "$OLD_UID" != "$NEW_UID" -a -n "$EXISTING_USER" ]; then \
                echo "User with UID exists ($EXISTING_USER=$NEW_UID)."; \
        elif [ "$OLD_GID" != "$NEW_GID" -a -n "$EXISTING_GROUP" ]; then \
                echo "Group with GID exists ($EXISTING_GROUP=$NEW_GID)."; \
        else \
                echo "Updating UID:GID from $OLD_UID:$OLD_GID to $NEW_UID:$NEW_GID."; \
                sed -i -e "s/\(${REMOTE_USER}:[^:]*:\)[^:]*:[^:]*/\1${NEW_UID}:${NEW_GID}/" /etc/passwd; \
                if [ "$OLD_GID" != "$NEW_GID" ]; then \
                        sed -i -e "s/\([^:]*:[^:]*:\)${OLD_GID}:/\1${NEW_GID}:/" /etc/group; \
                fi; \
                chown -R $NEW_UID:$NEW_GID $HOME_FOLDER; \
        fi; \
ARG IMAGE_USER
USER $IMAGE_USER

If someone has SHELL [ "/bin/bash", "-i", "-c" ] , this will make the updateUid's RUN statement to be executed as:

/bin/bash -i -c "/bin/sh -c 'eval ...'"

So I suggest to change the RUN statement to:

RUN [ "/bin/sh", "-c", '\
    eval $(sed -n "s/${REMOTE_USER}:[^:]*:\([^:]*\):\([^:]*\):[^:]*:\([^:]*\).*/OLD_UID=\1;OLD_GID=\2;HOME_FOLDER=\3/p" /etc/passwd); \
    eval $(sed -n "s/\([^:]*\):[^:]*:${NEW_UID}:.*/EXISTING_USER=\1/p" /etc/passwd); \
    eval $(sed -n "s/\([^:]*\):[^:]*:${NEW_GID}:.*/EXISTING_GROUP=\1/p" /etc/group); \
    if [ -z "$OLD_UID" ]; then \
        echo "Remote user not found in /etc/passwd ($REMOTE_USER)."; \
    elif [ "$OLD_UID" = "$NEW_UID" -a "$OLD_GID" = "$NEW_GID" ]; then \
        echo "UIDs and GIDs are the same ($NEW_UID:$NEW_GID)."; \
    elif [ "$OLD_UID" != "$NEW_UID" -a -n "$EXISTING_USER" ]; then \
        echo "User with UID exists ($EXISTING_USER=$NEW_UID)."; \
    elif [ "$OLD_GID" != "$NEW_GID" -a -n "$EXISTING_GROUP" ]; then \
        echo "Group with GID exists ($EXISTING_GROUP=$NEW_GID)."; \
    else \
        echo "Updating UID:GID from $OLD_UID:$OLD_GID to $NEW_UID:$NEW_GID."; \
        sed -i -e "s/\(${REMOTE_USER}:[^:]*:\)[^:]*:[^:]*/\1${NEW_UID}:${NEW_GID}/" /etc/passwd; \
    if [ "$OLD_GID" != "$NEW_GID" ]; then \
        sed -i -e "s/\([^:]*:[^:]*:\)${OLD_GID}:/\1${NEW_GID}:/" /etc/group; \
    fi; \
        chown -R $NEW_UID:$NEW_GID $HOME_FOLDER; \
    fi; \
This will make sure that the parent SHELL won't be used to execute the command
Use SHELL in updateUID.Dockerfile
The updateUID.Dockerfile is wrongly executing my bashrc as root
    Jan 8, 2021
The updateUID.Dockerfile is wrongly executing my bashrc as root
The updateUID.Dockerfile is wrongly executing /etc/bash.bashrc as root
    Jan 8, 2021
          Another option is to set SHELL before the RUN line. Which is fine since this image is internal so it's not going to be extended anymore.
If you do so, you don't need to use sh -c as you did before, you can just use RUN as usual.
          Something like:
SHELL ["/bin/sh", "-c"]
RUN eval $(sed -n "s/${REMOTE_USER}:[^:]*:\([^:]*\):\([^:]*\):[^:]*:\([^:]*\).*/OLD_UID=\1;OLD_GID=\2;HOME_FOLDER=\3/p" /etc/passwd); \
        eval $(sed -n "s/\([^:]*\):[^:]*:${NEW_UID}:.*/EXISTING_USER=\1/p" /etc/passwd); \
        eval $(sed -n "s/\([^:]*\):[^:]*:${NEW_GID}:.*/EXISTING_GROUP=\1/p" /etc/group); \
        if [ -z "$OLD_UID" ]; then \
                echo "Remote user not found in /etc/passwd ($REMOTE_USER)."; \
        elif [ "$OLD_UID" = "$NEW_UID" -a "$OLD_GID" = "$NEW_GID" ]; then \
                echo "UIDs and GIDs are the same ($NEW_UID:$NEW_GID)."; \
        elif [ "$OLD_UID" != "$NEW_UID" -a -n "$EXISTING_USER" ]; then \
                echo "User with UID exists ($EXISTING_USER=$NEW_UID)."; \
        elif [ "$OLD_GID" != "$NEW_GID" -a -n "$EXISTING_GROUP" ]; then \
                echo "Group with GID exists ($EXISTING_GROUP=$NEW_GID)."; \
        else \
                echo "Updating UID:GID from $OLD_UID:$OLD_GID to $NEW_UID:$NEW_GID."; \
                sed -i -e "s/\(${REMOTE_USER}:[^:]*:\)[^:]*:[^:]*/\1${NEW_UID}:${NEW_GID}/" /etc/passwd; \
                if [ "$OLD_GID" != "$NEW_GID" ]; then \
                        sed -i -e "s/\([^:]*:[^:]*:\)${OLD_GID}:/\1${NEW_GID}:/" /etc/group; \
                fi; \
                chown -R $NEW_UID:$NEW_GID $HOME_FOLDER; \