Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🚑 [HotFix] Fix dev environment for CPU Docker #3160

Open
wants to merge 6 commits into
base: main
Choose a base branch
from

Conversation

yhna940
Copy link
Contributor

@yhna940 yhna940 commented Oct 12, 2024

What does this PR do?

This PR fixes the development environment setup for the CPU Docker configuration.

  • Grant Specific Permissions for the Non-Root User
  • Updated onCreateCommand in .devcontainer/devcontainer.json to include make installation, resolving dependency issues during setup.

Motivation:

Currently, attempting to build the dev container with the CPU Docker image leads to permission errors during onCreateCommand, such as:

[433685 ms] Start: Run in container: /bin/sh -c apt-get update && apt-get install -y git && pip install -e '.[dev]'
Reading package lists... Done
E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)
[433789 ms] onCreateCommand failed with exit code 100. Skipping any further user-provided commands.
[433269 ms] Error: Command failed: /bin/sh -c apt-get update && apt-get install -y git && pip install -e '.[dev]'
[433269 ms]     at G7 (/root/.vscode-remote-containers/dist/dev-containers-cli-0.388.0/dist/spec-node/devContainersSpecCLI.js:235:130)
[433269 ms]     at async tm (/root/.vscode-remote-containers/dist/dev-containers-cli-0.388.0/dist/spec-node/devContainersSpecCLI.js:227:4483)
[433269 ms]     at async $w (/root/.vscode-remote-containers/dist/dev-containers-cli-0.388.0/dist/spec-node/devContainersSpecCLI.js:227:3828)
[433269 ms]     at async em (/root/.vscode-remote-containers/dist/dev-containers-cli-0.388.0/dist/spec-node/devContainersSpecCLI.js:227:2835)
[433269 ms]     at async GrA (/root/.vscode-remote-containers/dist/dev-containers-cli-0.388.0/dist/spec-node/devContainersSpecCLI.js:666:2752)
[433269 ms]     at async LrA (/root/.vscode-remote-containers/dist/dev-containers-cli-0.388.0/dist/spec-node/devContainersSpecCLI.js:665:8554)
[433269 ms]     at async /root/.vscode-remote-containers/dist/dev-containers-cli-0.388.0/dist/spec-node/devContainersSpecCLI.js:482:1190
[433273 ms] Exit code 1

This error occurs because onCreateCommand tries to update and install packages without sufficient permissions. By granting specific permission for the non-root user, this PR ensures that the setup process completes without errors, providing a stable development environment.

Comment on lines 30 to 31
RUN useradd -ms /bin/bash user
USER user
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally for security this is bad practice to not create a user in the docker image. Is there another solution we can try instead?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your feedback, and I fully agree with your point. Not setting up a non-root user was indeed a critical issue. Instead, I’ve configured the container to grant limited sudo permissions for apt-get and pip commands to the user, which allows necessary installations while maintaining security.

I’ve verified that the package is accessible within the container as expected:

user@f6ece721f352:/workspaces/accelerate$ pip show accelerate
Name: accelerate
Version: 1.1.0.dev0
Summary: Accelerate
Home-page: https://github.com/huggingface/accelerate
Author: The HuggingFace team
Author-email: [email protected]
License: Apache
Location: /opt/venv/lib/python3.9/site-packages
Requires: huggingface-hub, numpy, packaging, psutil, pyyaml, safetensors, torch
Required-by:

Thanks for guiding me towards a more secure solution!

@HuggingFaceDocBuilderDev

The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update.

@yhna940
Copy link
Contributor Author

yhna940 commented Nov 22, 2024

Hello @muellerzr, I hope you're doing well! I wanted to follow up on this PR to check if there’s any additional feedback or updates needed from my side to move it forward. Please let me know if there’s anything I can assist with to help progress this. Thank you for your time and guidance!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants