Adds new multi-stage Dockerfile for lbrycrd and mountable config files. #47

Merged

EnigmaCurry merged 1 commit from setuid into master

2019-04-17 01:44:55 +02:00

EnigmaCurry commented

2019-04-17 01:26:57 +02:00

(Migrated from github.com)

This Dockerfile was originally outlined by @Leopere here:
https://github.com/lbryio/lbry-docker/pull/46#issuecomment-483779947

This follows threads from #45 and #46

I've made the following additions:

Made it so the config file can be mounted to /etc/lbry/lbrycrd.conf
- If no config file is mounted, then the config is created from the environment variables just as before.
Added 'USER lbrycrd' to the Dockerfile.
- Previously with the de-escalation of priviliges was only occuring if you used start.sh command. This makes it so all commands run as the lbrycrd user.
Added fix-permissions command, a simple c-wrapper around bash and setuid=root so that we can still change the file permissions even though we are no longer running as root.
- This needed to be written in c only because you can't setuid in bash.
- See https://unix.stackexchange.com/a/2910
- Nice thing about the multi-stage docker build is that we can pull over just the 8KB executable into the final image, and not the whole compiler chain.

This Dockerfile was originally outlined by @Leopere here: https://github.com/lbryio/lbry-docker/pull/46#issuecomment-483779947 This follows threads from #45 and #46 I've made the following additions: * Made it so the config file can be mounted to /etc/lbry/lbrycrd.conf * If no config file is mounted, then the config is created from the environment variables just as before. * Added 'USER lbrycrd' to the Dockerfile. * Previously with the de-escalation of priviliges was only occuring if you used start.sh command. This makes it so all commands run as the lbrycrd user. * Added fix-permissions command, a simple c-wrapper around bash and setuid=root so that we can still change the file permissions even though we are no longer running as root. * This needed to be written in c only because you can't setuid in bash. * See https://unix.stackexchange.com/a/2910 * Nice thing about the multi-stage docker build is that we can pull over just the 8KB executable into the final image, and not the whole compiler chain.

Leopere commented

2019-04-17 01:41:35 +02:00

(Migrated from github.com)

I love it, and it builds and runs now yes?

EnigmaCurry commented

2019-04-17 01:42:09 +02:00

(Migrated from github.com)

Yes, I ran through my exact instructions in #45 to test it.

Leopere commented

2019-04-17 01:44:29 +02:00

(Migrated from github.com)

Since this is a feature I hadn't finished personally and you've taken it the rest of the way I'll consider this acceptable and merge it thank you very much for your time and effort if there is a LBC wallet you can post LBRY.io will send you a tip feel free to join the Discord and get the details there.

No reviewers

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: LBRYCommunity/lbry-docker#47

No description provided.