-
Notifications
You must be signed in to change notification settings - Fork 977
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🚑 [HotFix] Fix dev environment for CPU Docker #3160
base: main
Are you sure you want to change the base?
Conversation
docker/accelerate-cpu/Dockerfile
Outdated
RUN useradd -ms /bin/bash user | ||
USER user |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally for security this is bad practice to not create a user in the docker image. Is there another solution we can try instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your feedback, and I fully agree with your point. Not setting up a non-root user was indeed a critical issue. Instead, I’ve configured the container to grant limited sudo
permissions for apt-get
and pip
commands to the user, which allows necessary installations while maintaining security.
I’ve verified that the package is accessible within the container as expected:
user@f6ece721f352:/workspaces/accelerate$ pip show accelerate
Name: accelerate
Version: 1.1.0.dev0
Summary: Accelerate
Home-page: https://github.com/huggingface/accelerate
Author: The HuggingFace team
Author-email: [email protected]
License: Apache
Location: /opt/venv/lib/python3.9/site-packages
Requires: huggingface-hub, numpy, packaging, psutil, pyyaml, safetensors, torch
Required-by:
Thanks for guiding me towards a more secure solution!
The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update. |
Hello @muellerzr, I hope you're doing well! I wanted to follow up on this PR to check if there’s any additional feedback or updates needed from my side to move it forward. Please let me know if there’s anything I can assist with to help progress this. Thank you for your time and guidance! |
What does this PR do?
This PR fixes the development environment setup for the CPU Docker configuration.
onCreateCommand
in.devcontainer/devcontainer.json
to includemake
installation, resolving dependency issues during setup.Motivation:
Currently, attempting to build the dev container with the CPU Docker image leads to permission errors during
onCreateCommand
, such as:This error occurs because
onCreateCommand
tries to update and install packages without sufficient permissions. By granting specific permission for the non-root user, this PR ensures that the setup process completes without errors, providing a stable development environment.