mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-08-20 08:54:03 +00:00
doc: Allow ccv0 to run as non-root user
Change all the tests repo interactions to be done as sudo Fixes: #4241 Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
stevenhorsman
parent
6cd4497b66
commit
b89af0b373
@ -184,21 +184,24 @@ initialize() {
|
|||||||
|
|
||||||
check_out_repos() {
|
check_out_repos() {
|
||||||
echo "Creating repo: ${tests_repo} and branch ${tests_branch} into ${tests_repo_dir}..."
|
echo "Creating repo: ${tests_repo} and branch ${tests_branch} into ${tests_repo_dir}..."
|
||||||
mkdir -p $(dirname "${tests_repo_dir}") && sudo chown -R ${USER}:${USER} $(dirname "${tests_repo_dir}")
|
# Due to git https://github.blog/2022-04-12-git-security-vulnerability-announced/ the tests repo needs
|
||||||
[ -d "${tests_repo_dir}" ] || git clone "https://${tests_repo}.git" "${tests_repo_dir}"
|
# to be owned by root as it is re-checked out in rootfs.sh
|
||||||
|
mkdir -p $(dirname "${tests_repo_dir}")
|
||||||
|
[ -d "${tests_repo_dir}" ] || sudo -E git clone "https://${tests_repo}.git" "${tests_repo_dir}"
|
||||||
|
sudo -E chown -R root:root "${tests_repo_dir}"
|
||||||
pushd "${tests_repo_dir}"
|
pushd "${tests_repo_dir}"
|
||||||
git fetch
|
sudo -E git fetch
|
||||||
if [ -n "${tests_branch}" ]; then
|
if [ -n "${tests_branch}" ]; then
|
||||||
git checkout ${tests_branch}
|
sudo -E git checkout ${tests_branch}
|
||||||
fi
|
fi
|
||||||
git reset --hard origin/${tests_branch}
|
sudo -E git reset --hard origin/${tests_branch}
|
||||||
|
|
||||||
source "${BATS_TEST_DIRNAME}/lib.sh"
|
source "${BATS_TEST_DIRNAME}/lib.sh"
|
||||||
|
|
||||||
popd
|
popd
|
||||||
|
|
||||||
echo "Creating repo: ${katacontainers_repo} and branch ${katacontainers_branch} into ${katacontainers_repo_dir}..."
|
echo "Creating repo: ${katacontainers_repo} and branch ${katacontainers_branch} into ${katacontainers_repo_dir}..."
|
||||||
mkdir -p $(dirname "${katacontainers_repo_dir}") && sudo chown -R ${USER}:${USER} $(dirname "${katacontainers_repo_dir}")
|
mkdir -p $(dirname "${katacontainers_repo_dir}")
|
||||||
[ -d "${katacontainers_repo_dir}" ] || git clone "https://${katacontainers_repo}.git" "${katacontainers_repo_dir}"
|
[ -d "${katacontainers_repo_dir}" ] || git clone "https://${katacontainers_repo}.git" "${katacontainers_repo_dir}"
|
||||||
pushd "${katacontainers_repo_dir}"
|
pushd "${katacontainers_repo_dir}"
|
||||||
git fetch
|
git fetch
|
||||||
@ -272,7 +275,7 @@ create_a_local_rootfs() {
|
|||||||
|
|
||||||
# Install_rust.sh during rootfs.sh switches us to the main branch of the tests repo, so switch back now
|
# Install_rust.sh during rootfs.sh switches us to the main branch of the tests repo, so switch back now
|
||||||
pushd "${tests_repo_dir}"
|
pushd "${tests_repo_dir}"
|
||||||
git checkout ${tests_branch}
|
sudo -E git checkout ${tests_branch}
|
||||||
popd
|
popd
|
||||||
# During the ./rootfs.sh call the kata agent is built as root, so we need to update the permissions, so we can rebuild it
|
# During the ./rootfs.sh call the kata agent is built as root, so we need to update the permissions, so we can rebuild it
|
||||||
sudo chown -R ${USER}:${USER} "${katacontainers_repo_dir}/src/agent/"
|
sudo chown -R ${USER}:${USER} "${katacontainers_repo_dir}/src/agent/"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user