Skip to content

Commit

Permalink
Use NSS_WRAPPER_PASSWD instead of /etc/passwd as in spark-operator im…
Browse files Browse the repository at this point in the history
…age entrypoint.sh (kubeflow#2312)

Signed-off-by: Aakcht <[email protected]>
  • Loading branch information
Aakcht authored Dec 4, 2024
1 parent d815e78 commit 5dd91c4
Showing 1 changed file with 17 additions and 15 deletions.
32 changes: 17 additions & 15 deletions entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,21 +4,23 @@
set -ex

# Check whether there is a passwd entry for the container UID
uid=$(id -u)
gid=$(id -g)

# turn off -e for getent because it will return error code in anonymous uid case
set +e
uidentry=$(getent passwd $uid)
set -e

# If there is no passwd entry for the container UID, attempt to create one
if [[ -z "$uidentry" ]] ; then
if [[ -w /etc/passwd ]] ; then
echo "$uid:x:$uid:$gid:anonymous uid:$SPARK_HOME:/bin/false" >> /etc/passwd
else
echo "Container ENTRYPOINT failed to add passwd entry for anonymous UID"
fi
myuid="$(id -u)"
# If there is no passwd entry for the container UID, attempt to fake one
# You can also refer to the https://github.com/docker-library/official-images/pull/13089#issuecomment-1534706523
# It's to resolve OpenShift random UID case.
# See also: https://github.com/docker-library/postgres/pull/448
if ! getent passwd "$myuid" &> /dev/null; then
for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do
if [ -s "$wrapper" ]; then
NSS_WRAPPER_PASSWD="$(mktemp)"
NSS_WRAPPER_GROUP="$(mktemp)"
export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
mygid="$(id -g)"
printf 'spark:x:%s:%s:${SPARK_USER_NAME:-anonymous uid}:%s:/bin/false\n' "$myuid" "$mygid" "$SPARK_HOME" > "$NSS_WRAPPER_PASSWD"
printf 'spark:x:%s:\n' "$mygid" > "$NSS_WRAPPER_GROUP"
break
fi
done
fi

exec /usr/bin/tini -s -- /usr/bin/spark-operator "$@"

0 comments on commit 5dd91c4

Please sign in to comment.