From 5dd91c4bf2bc32680ebf6c2df7b053c266497016 Mon Sep 17 00:00:00 2001 From: Aakcht Date: Wed, 4 Dec 2024 18:07:00 +0500 Subject: [PATCH] Use NSS_WRAPPER_PASSWD instead of /etc/passwd as in spark-operator image entrypoint.sh (#2312) Signed-off-by: Aakcht --- entrypoint.sh | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 0ca8730123..38ee7e9264 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -4,21 +4,23 @@ set -ex # Check whether there is a passwd entry for the container UID -uid=$(id -u) -gid=$(id -g) - -# turn off -e for getent because it will return error code in anonymous uid case -set +e -uidentry=$(getent passwd $uid) -set -e - -# If there is no passwd entry for the container UID, attempt to create one -if [[ -z "$uidentry" ]] ; then - if [[ -w /etc/passwd ]] ; then - echo "$uid:x:$uid:$gid:anonymous uid:$SPARK_HOME:/bin/false" >> /etc/passwd - else - echo "Container ENTRYPOINT failed to add passwd entry for anonymous UID" - fi +myuid="$(id -u)" +# If there is no passwd entry for the container UID, attempt to fake one +# You can also refer to the https://github.com/docker-library/official-images/pull/13089#issuecomment-1534706523 +# It's to resolve OpenShift random UID case. +# See also: https://github.com/docker-library/postgres/pull/448 +if ! getent passwd "$myuid" &> /dev/null; then + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + mygid="$(id -g)" + printf 'spark:x:%s:%s:${SPARK_USER_NAME:-anonymous uid}:%s:/bin/false\n' "$myuid" "$mygid" "$SPARK_HOME" > "$NSS_WRAPPER_PASSWD" + printf 'spark:x:%s:\n' "$mygid" > "$NSS_WRAPPER_GROUP" + break + fi + done fi exec /usr/bin/tini -s -- /usr/bin/spark-operator "$@"