Created
May 8, 2019 22:39
-
-
Save franga2000/1bb1e551c7335128d2301c02ce33f9dd to your computer and use it in GitHub Desktop.
Quite possibly the most horrific command I have ever written
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is quite possibly the most horrific command I have ever written | |
# So... There's this thing (code-server) that runs in a Docker container. | |
# For some reason, the Dockerfile creates a new user for itself with the UID 1000 and that is the only UID it can properly run as. | |
# If I try to run it with a different UID (--user), it complains because it can't access a whole bunch of stuff. | |
# But I need it to run under UID 1001 and also be in the www-data group. | |
# So, in short: | |
# First, I give the container all privileges and mount the FUSE device so I can use bindfs. | |
# I mount the dir I want into ~/project_real set the entrypoint to a shell. | |
# Through the shell, I bindfs and use it to mount ~/project_real into ~/project (the dir the app uses) | |
# In the bindfs mapping I first map UID 1001 to 1000 (so it can access 1001's stuff). | |
# To make sure it can't access the REAL 1000's stuff, I also map 1000 one to 1001 (anything else would work too) | |
# After all that, I have to add the user to www-data (which, thankfully, matches the GID on the host). | |
# But since groups aren't updated until you log in again, I use su (through sudo, so I don't need a password) to start a new session. | |
# Inside that new session, I can finally run code-server -- the app that I've been trying to run this whole time. | |
# (well, there is the whole dumb-init thing, but that's a rant for another day) | |
docker run \ | |
--device /dev/fuse \ | |
--privileged \ | |
--entrypoint=/bin/sh \ | |
-it \ | |
--rm \ | |
-p 8401:8443 \ | |
-v "/var/www:/home/coder/project_real" \ | |
--entrypoint=/bin/sh codercom/code-server \ | |
-c '\sudo apt install bindfs -y \ | |
&& sudo bindfs --map=1000/1001:1001/1000 /home/coder/project_real /home/coder/project \ | |
&& sudo adduser coder www-data \ | |
&& sudo su coder -c '\''\ | |
dumb-init code-server \ | |
--allow-http'\''' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment