Expose the "owner" parameter of the build_tar rules in the various *_image rules
Faqa opened this issue Β· comments
π feature request
Relevant Rules
Description
Currently, it is not possible to specify the ownership of files added to an image in `rules_docker`, particularly not an image for a particular language. Instead, they are all owned by `root`, and this is a problem if you are specifically trying to avoid running an image with a root user.Describe the solution you'd like
The build_tar
tool rules_docker
uses to pack up images exposes a flag for file ownership - it would be great to just have that exposed one more level up on the lang_image
level. Perhaps initially only on the nodejs
and py
images, as they are the most likely ones to not be using the default distroless image.
build_tar.py
also needs to be changed to apply the owner flag to symlinks, which it is not currently doing:
rules_docker/container/build_tar.py
Line 204 in fc729d8
The build_tar.py
in rules_pkg
is though: https://github.com/bazelbuild/rules_pkg/blob/3b8e3f150fb83bb6098298c2a79011fd0b7d6a3f/pkg/private/tar/build_tar.py#L184-L187
These files are similar but for some reason are implemented across separate repos
This issue has been automatically marked as stale because it has not had any activity for 180 days. It will be closed if no further activity occurs in 30 days.
Collaborators can add an assignee to keep this open indefinitely. Thanks for your contributions to rules_docker!
This issue was automatically closed because it went 30 days without a reply since it was labeled "Can Close?"