[GitHub] [arrow] kszucs edited a comment on pull request #6512: ARROW-8430: [CI] Configure self-hosted runners for Github Actions [WIP][skip ci]

Tue, 09 Jun 2020 09:59:26 -0700 


kszucs edited a comment on pull request #6512:
URL: https://github.com/apache/arrow/pull/6512#issuecomment-641411592


   ## Docker permission issue on linux
   
   By default root is used within the container, thus the volumes get written 
as root.
   
   The only way to create docker volumes with the host user's permissions is to 
use the same user (uid:gid) within the container. This is possible with `docker 
run --user==uid:gid` but that has two issues:
   
   1. the user doesn't exists in the container
       SOLUTION:
           create the user and group during builds time and grant right 
permissions to write system resources (like /usr or /opt)
       TRADEOFF:
           it would render the cached docker layers unportable, meaning that 
each developer would need to rebuild the image locally to have the same uid gid 
pairs as on her/his host
   
   2. the user (even if it would exist) doesn't have the right permissions
       SOLUTION:
           Create a directory writable by anyone and use that for ccache, 
building and installing.
       TRADEOFF:
           We cannot test the system installation, we would need to update 
almost all of the build scripts (and there could be unforseen issues because of 
the unnamed/unexistent user and group)
   
   The easiest way to use docker user namespaces (there can be a single one set 
up) configured on the docker daemon which has its own limitations, but 
basically maps a host user:group to another user:group within the container. As 
an example the folders written by the root user from within the container looks 
like they were written by another user on the host.
   
   Note that it only affects docker on linux because on mac and windows it 
works as expected (non-native containerization).
   
   I'll add this to the https://issues.apache.org/jira/browse/ARROW-7143 issue 
and document the docker user namespace remapping in the developer guide.
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to