Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot write into node_modules directory #2237

Open
wladimiiir opened this issue Mar 19, 2024 · 2 comments
Open

Cannot write into node_modules directory #2237

wladimiiir opened this issue Mar 19, 2024 · 2 comments
Labels
kind/good-first-issue Denotes an issue ready for a new contributor.

Comments

@wladimiiir
Copy link

wladimiiir commented Mar 19, 2024
edited

When container starts up, we need to generate some additional code for specific library, that's located within node_modules (utilizing "prestart" script in package.json).
After version 1.12.0, this is not possible as the directory does not seem writable for the running user. This used to work with version 1.11.0 and bellow.

After some debugging we have found out, that the ownership of the files have changed, which does not allow the running user to write into the directories.

This is output of id and ls -la /layers commands when using v1.11.0:
uid=1000(cnb) gid=1000(cnb) groups=1000(cnb)

drwxr-xr-x 1 cnb  cnb  4096 Jan  1  1980 .
drwxr-xr-x 1 root root 4096 Mar 19 09:39 ..
drwxr-xr-x 2 cnb  root 4096 Jan  1  1980 config
drwxr-xr-x 3 cnb  root 4096 Jan  1  1980 paketo-buildpacks_ca-certificates
drwxr-xr-x 3 cnb  root 4096 Jan  1  1980 paketo-buildpacks_node-engine
drwxr-xr-x 3 cnb  root 4096 Jan  1  1980 paketo-buildpacks_npm-install
drwxr-xr-x 3 cnb  root 4096 Jan  1  1980 sbom

With v1.12.0 and above, we get the following output with different ownership (and uid of cnb user):
uid=1002(cnb) gid=1000(cnb) groups=1000(cnb)

drwxr-xr-x 1 1001 cnb  4096 Jan  1  1980 .
drwxr-xr-x 1 root root 4096 Mar 19 09:34 ..
drwxr-xr-x 2 1001 root 4096 Jan  1  1980 config
drwxr-xr-x 3 1001 root 4096 Jan  1  1980 paketo-buildpacks_ca-certificates
drwxr-xr-x 3 1001 root 4096 Jan  1  1980 paketo-buildpacks_node-engine
drwxr-xr-x 3 1001 root 4096 Jan  1  1980 paketo-buildpacks_npm-install
drwxr-xr-x 3 1001 root 4096 Jan  1  1980 sbom

It seems that the related changes have been done as part of #1911.

We have also tried to utilize KNative security context and "runAsUser": 1001, but didn't work either. Is this expected behaviour? Is there anything else we are missing in our configuration? Thanks.
@wladimiiir
Copy link
Author

We have been able to use runAsUser: 1001 to workaround the issue. But I still think this might be unintentional behavior. Let me know you thoughts, thanks.

@lkingland
Copy link
Member

This seems like unintended bahavior to me as well; adding it to our project board.

@lkingland lkingland added the kind/good-first-issue Denotes an issue ready for a new contributor. label Mar 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/good-first-issue Denotes an issue ready for a new contributor.
Projects
Functions WG Roadmap
Status: 🔖 Next
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wladimiiir @lkingland