Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GEM_HOME world writable? #74

Closed
lhm opened this issue Mar 20, 2016 · 6 comments
Closed

GEM_HOME world writable? #74

lhm opened this issue Mar 20, 2016 · 6 comments
Labels
question Usability question, not directly related to an error with the image

Comments

@lhm
Copy link

lhm commented Mar 20, 2016

Is this really necessary?
https://github.com/docker-library/ruby/blob/master/2.3/Dockerfile#L54
https://github.com/docker-library/ruby/blob/master/2.3/Dockerfile#L32

It appears to have been introduced by #68 and #69, in response to #66. I can see how it solves that issue, but I think I disagree with the use-case. I may be missing something, but isn't installing gems at 'runtime' rarely needed? In general (as far as I understand docker) bundle install should be run when building the image.
@rhys-vdw
Copy link

@lhm Your links point to master instead of a specific commit. master now points to a different commit and they now point to different lines.

@yosifkit
Copy link
Member

Sorry I didn't see this issue earlier; it is probably line 70 now. Yes, for production you would be running the bundle install during the build. While your developers would be using the same Dockerfile, they would probably also be bind mounting their working code directory into the container and having the container start with a script that does a bundle install before starting the app. That way a simple docker restart to get new gems and they don't have to wait for all gems of the project to install. And the container user id can be the same as their local user so that if they need the container to update Gemfile.lock, it isn't suddenly owned by root.

@lhm
Copy link
Author

lhm commented Feb 27, 2017

@rhys-vdw @yosifkit Sorry for the silly link, this is the line I meant:

ruby/2.3/Dockerfile

Line 40 in aba4590

echo '#define ENABLE_PATH_CHECK 0'; \

It's about patching file.c to set ENABLE_PATH_CHECK=0 in order to remove a warning. I think this is where this warning is coming from: https://github.com/ruby/ruby/blob/edcec2b44a79f691cbeb05e98c3c01662169edca/file.c#L5648

I'm not really sure it's a problem, but I raises some eyebrows.

@lhm
Copy link
Author

lhm commented Feb 27, 2017

The references to the linked issues basically came from looking at git blame to see where the code was introduced.

@yosifkit
Copy link
Member

As far as I know, it is just to suppress the warning about "warning: Insecure world writable dir". Since we wanted to allow the container to run as any user it makes it nicer for the user to not have an unneeded warning. It was added in #68 and clarified in #88.

@wglambert wglambert added the question Usability question, not directly related to an error with the image label Apr 24, 2018
@wglambert
Copy link

Since this question seems unrelated to any errors in the image itself, and being a year without further comment, I'm going to prune the issue.
If you believe this to be in error then let me know and I'll re-open it

chrissolanilla pushed a commit to chrissolanilla/CSolanillaBio that referenced this issue May 16, 2024
@bagofarms
Anonymized ip fixes docker-library#74
33f0b07
chrissolanilla pushed a commit to chrissolanilla/CSolanillaBio that referenced this issue May 16, 2024
@bagofarms
Merge branch 'issue/74-ga-anon' into 'master'
028d64c 
Anonymized ip fixes docker-library#74

Closes docker-library#74

See merge request static-websites/techrangers-website!54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Usability question, not directly related to an error with the image
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lhm @rhys-vdw @yosifkit @wglambert