You are viewing a plain text version of this content. The canonical link for it is here.

Posted to github@arrow.apache.org by GitBox <gi...@apache.org> on 2020/06/09 16:59:02 UTC

[GitHub] [arrow] kszucs edited a comment on pull request #6512: ARROW-8430: [CI] Configure self-hosted runners for Github Actions [WIP][skip ci]

kszucs edited a comment on pull request #6512:
URL: https://github.com/apache/arrow/pull/6512#issuecomment-641411592


   ## Docker permission issue on linux
   
   By default root is used within the container, thus the volumes get written as root.
   
   The only way to create docker volumes with the host user's permissions is to use the same user (uid:gid) within the container. This is possible with `docker run --user==uid:gid` but that has two issues:
   
   1. the user doesn't exists in the container
       SOLUTION:
           create the user and group during builds time and grant right permissions to write system resources (like /usr or /opt)
       TRADEOFF:
           it would render the cached docker layers unportable, meaning that each developer would need to rebuild the image locally to have the same uid gid pairs as on her/his host
   
   2. the user (even if it would exist) doesn't have the right permissions
       SOLUTION:
           Create a directory writable by anyone and use that for ccache, building and installing.
       TRADEOFF:
           We cannot test the system installation, we would need to update almost all of the build scripts (and there could be unforseen issues because of the unnamed/unexistent user and group)
   
   The easiest way to use docker user namespaces (there can be a single one set up) configured on the docker daemon which has its own limitations, but basically maps a host user:group to another user:group within the container. As an example the folders written by the root user from within the container looks like they were written by another user on the host.
   
   Note that it only affects docker on linux because on mac and windows it works as expected (non-native containerization).
   
   I'll add this to the https://issues.apache.org/jira/browse/ARROW-7143 issue and document the docker user namespace remapping in the developer guide.
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org