You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When container starts up, we need to generate some additional code for specific library, that's located within node_modules (utilizing "prestart" script in package.json).
After version 1.12.0, this is not possible as the directory does not seem writable for the running user. This used to work with version 1.11.0 and bellow.
After some debugging we have found out, that the ownership of the files have changed, which does not allow the running user to write into the directories.
This is output of id and ls -la /layers commands when using v1.11.0: uid=1000(cnb) gid=1000(cnb) groups=1000(cnb)
drwxr-xr-x 1 cnb cnb 4096 Jan 1 1980 .
drwxr-xr-x 1 root root 4096 Mar 19 09:39 ..
drwxr-xr-x 2 cnb root 4096 Jan 1 1980 config
drwxr-xr-x 3 cnb root 4096 Jan 1 1980 paketo-buildpacks_ca-certificates
drwxr-xr-x 3 cnb root 4096 Jan 1 1980 paketo-buildpacks_node-engine
drwxr-xr-x 3 cnb root 4096 Jan 1 1980 paketo-buildpacks_npm-install
drwxr-xr-x 3 cnb root 4096 Jan 1 1980 sbom
With v1.12.0 and above, we get the following output with different ownership (and uid of cnb user): uid=1002(cnb) gid=1000(cnb) groups=1000(cnb)
drwxr-xr-x 1 1001 cnb 4096 Jan 1 1980 .
drwxr-xr-x 1 root root 4096 Mar 19 09:34 ..
drwxr-xr-x 2 1001 root 4096 Jan 1 1980 config
drwxr-xr-x 3 1001 root 4096 Jan 1 1980 paketo-buildpacks_ca-certificates
drwxr-xr-x 3 1001 root 4096 Jan 1 1980 paketo-buildpacks_node-engine
drwxr-xr-x 3 1001 root 4096 Jan 1 1980 paketo-buildpacks_npm-install
drwxr-xr-x 3 1001 root 4096 Jan 1 1980 sbom
It seems that the related changes have been done as part of #1911.
We have also tried to utilize KNative security context and "runAsUser": 1001, but didn't work either. Is this expected behaviour? Is there anything else we are missing in our configuration? Thanks.
The text was updated successfully, but these errors were encountered:
We have been able to use runAsUser: 1001 to workaround the issue. But I still think this might be unintentional behavior. Let me know you thoughts, thanks.
When container starts up, we need to generate some additional code for specific library, that's located within
node_modules
(utilizing "prestart" script inpackage.json
).After version 1.12.0, this is not possible as the directory does not seem writable for the running user. This used to work with version 1.11.0 and bellow.
After some debugging we have found out, that the ownership of the files have changed, which does not allow the running user to write into the directories.
This is output of
id
andls -la /layers
commands when using v1.11.0:uid=1000(cnb) gid=1000(cnb) groups=1000(cnb)
With v1.12.0 and above, we get the following output with different ownership (and uid of cnb user):
uid=1002(cnb) gid=1000(cnb) groups=1000(cnb)
It seems that the related changes have been done as part of #1911.
We have also tried to utilize KNative security context and
"runAsUser": 1001
, but didn't work either. Is this expected behaviour? Is there anything else we are missing in our configuration? Thanks.The text was updated successfully, but these errors were encountered: