am hitting an issue after cloning the repo and then running "make run" . Full details below, but the error a get is right near the end starting the container:

Successfully tagged controlplane/simulator:latest

• main

• trap show_exit_warning EXIT

• trap show_exit_warning SIGTERM

• ensure_environment

• export AWS_REGION=us-west-2

• AWS_REGION=us-west-2

• ensure_kubesim_directory

• mkdir -p /home/launch/.kubesim

• touch /home/launch/.kubesim/simulator.yaml
  touch: cannot touch '/home/launch/.kubesim/simulator.yaml': Permission denied

• show_exit_warning
  ++ tput setaf 2
  ++ tput sgr0

I am running in an Ubuntu VM running on Virtualbox on a PC. When building the VM the first user account which gets created (in my case called "chris") has a uid of 1000. I then created a second user called "training1" which has a uid of 1001 and used this latter account for the simulator install. I logged in as "training1" and then clone the repo, ran make run and hit the above error.

It essentially looks like the container itself is launching with a uid of "1000" - not sure how this is picked, but it seems to select the first permitted uid in a range which happens to be that of the "chris" account rather than that of "training1" which in turn then does not have permission to write to the .kubesim directory. Some further detail:

training1@ubuntu2:~$ id
uid=1001(training1) gid=1001(training1) groups=1001(training1),113(docker)

training1@ubuntu2:~$ ls -la ~/.kubesim
total 12
drwxrwxr-x 3 training1 training1 4096 Feb 25 17:29 .
drwxr-xr-x 8 training1 training1 4096 Feb 25 18:00 ..
drwxrwxr-x 2 training1 training1 4096 Feb 25 17:29 settings
-rw-rw-r-- 1 training1 training1 0 Feb 25 18:32 simulator.yaml

Also if I remove the following line in "simulator/kubesim" I can get the container to start:

-v "${KUBE_SIM_TMP}":/home/launch/.kubesim \

and the run kubesim I can access and see the following:

launch@launch:/app[0]$ id
uid=1000(launch) gid=1000(launch) groups=1000(launch)
launch@launch:/app[0]$ ls -la /home/launch
total 52
drwxr-xr-x 1 launch launch 4096 Feb 25 18:43 .
drwxr-xr-x 1 root root 4096 Feb 25 18:00 ..
drwxr-xr-x 2 root root 4096 Feb 25 18:00 .aws
-rw-rw-r-- 1 launch launch 90 Feb 25 17:26 .bash_aliases
-rw-r--r-- 1 launch launch 220 Apr 18 2019 .bash_logout
-rw-rw-r-- 1 launch launch 1210 Feb 25 17:26 .bashrc
-rw-rw-r-- 1 launch launch 1995 Feb 25 17:26 .inputrc
drwxr-xr-x 1 launch launch 4096 Feb 25 18:00 .kubesim
-rw-r--r-- 1 launch launch 807 Apr 18 2019 .profile
drwxrwxr-x 3 1001 1001 4096 Feb 25 17:29 .ssh

Note that if I repeat the installation, but use the "chris" account instead when the uid of both the account (chris) and the container (launch) are 1000, then everything works.

Thanks

Chris

Interesting! Thanks for reporting the issue @cphowarth and for the thorough bug report :) This is a tricky one to solve completely, we could specify a userid in a known range that isn't used by other applications when we create the user but there is still the potential problem of conflicting with systemd: http://0pointer.net/blog/dynamic-users-with-systemd.html - we have this bug to fix in our next milestone though

@raoulmillais Depending on how robust that check for in-use user accounts is by systemd, would it be worth picking a UID from that range to reserve early on in the Docker build process? If we get there first then systemd should prevent collisions with units installed afterwards.

If you are using training1 as the account, why is the home directory for this launch? Was that intentional?

I wonder if this is why you are getting the following error:

touch /home/launch/.kubesim/simulator.yaml
touch: cannot touch '/home/launch/.kubesim/simulator.yaml': Permission denied

Can you verify you expect to have the home directory in /home/launch for account training1