-
Type:
Task
-
Status: To Do (View Workflow)
-
Priority:
Medium
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: voltha-go-controller
-
Labels:None
-
Story Points:0
% make build
Building voltha-go-controller....
Building vgcctl....
Building Docker voltha-go-controller....
sudo docker build -t voltha-go-controller:latest -f docker/Dockerfile.voltha-go-controller .
[sudo] password for joey:
- https://gerrit.opencord.org/plugins/gitiles/voltha-go-controller/+/refs/heads/master/Makefile#71
- sudo docker build -t $(IMAGENAME) -f docker/Dockerfile.voltha-go-controller .
Remove sudo calls from Makefile, building/testing should not require privileged access. Sudo use will create a few problems:
- Potential failure point for jenkins. Job automation runs in batch mode, if sudo issues a prompt instant job failure.
- Security issue / excessive scope:
- Entire docker run, including any commands invoked from Dockerfile will be run as root.
- If individual commands require privilege target them rather than granting wide open access.
- This also corrupts file ownership in a cloned sandbox
- % find .git ! -user joey -ls
- 50331976 188
rw-r---- 1 root root 190433 Apr 25 13:14 .git/index
- Which later breaks git commands that attempt to read or update index state.