diff options
author | Johan Thomsen <jth@dbc.dk> | 2020-07-30 17:18:41 +0200 |
---|---|---|
committer | Johan Thomsen <jth@dbc.dk> | 2020-07-31 10:14:07 +0200 |
commit | f5db415e2f75f09048f98b96cee1a6e0d48c3a5d (patch) | |
tree | fc6221ee98113dc1f81eed1adb3640e3f9cfb242 /pkgs/build-support/docker/examples.nix | |
parent | 9f86685cc76991e983bf126a37e3f7f319247ba8 (diff) | |
download | nixpkgs-f5db415e2f75f09048f98b96cee1a6e0d48c3a5d.tar nixpkgs-f5db415e2f75f09048f98b96cee1a6e0d48c3a5d.tar.gz nixpkgs-f5db415e2f75f09048f98b96cee1a6e0d48c3a5d.tar.bz2 nixpkgs-f5db415e2f75f09048f98b96cee1a6e0d48c3a5d.tar.lz nixpkgs-f5db415e2f75f09048f98b96cee1a6e0d48c3a5d.tar.xz nixpkgs-f5db415e2f75f09048f98b96cee1a6e0d48c3a5d.tar.zst nixpkgs-f5db415e2f75f09048f98b96cee1a6e0d48c3a5d.zip |
nixos/tests/dockerTools: add test for running non-root containers with buildLayeredImage
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
Diffstat (limited to 'pkgs/build-support/docker/examples.nix')
-rw-r--r-- | pkgs/build-support/docker/examples.nix | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix index 0d907c2d64b..bc107471762 100644 --- a/pkgs/build-support/docker/examples.nix +++ b/pkgs/build-support/docker/examples.nix @@ -382,4 +382,40 @@ rec { contents = pkgs.bashInteractive; }; + # buildLayeredImage with non-root user + bashLayeredWithUser = + let + nonRootShadowSetup = { user, uid, gid ? uid }: with pkgs; [ + ( + writeTextDir "etc/shadow" '' + root:!x::::::: + ${user}:!::::::: + '' + ) + ( + writeTextDir "etc/passwd" '' + root:x:0:0::/root:${runtimeShell} + ${user}:x:${toString uid}:${toString gid}::/home/${user}: + '' + ) + ( + writeTextDir "etc/group" '' + root:x:0: + ${user}:x:${toString gid}: + '' + ) + ( + writeTextDir "etc/gshadow" '' + root:x:: + ${user}:x:: + '' + ) + ]; + in + pkgs.dockerTools.buildLayeredImage { + name = "bash-layered-with-user"; + tag = "latest"; + contents = [ pkgs.bash pkgs.coreutils (nonRootShadowSetup { uid = 999; user = "somebody"; }) ]; + }; + } |