From e8cddcac3f6b897fd7b37ebce9f46f61885fdd3b Mon Sep 17 00:00:00 2001 From: Andy Balaam Date: Wed, 3 May 2023 14:28:35 +0100 Subject: [PATCH] Support launching Cypress tests in Podman on Ubuntu (#10768) * Support launching Cypress tests in Podman on Ubuntu * Add a comment about why we are adding UID=0 GUI=0 Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Note that this setup is for rootless podman * Add a comment about why we're requesting -u 0:0 * Clarify wording of comment Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Reword another comment --------- Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> --- cypress/plugins/docker/index.ts | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/cypress/plugins/docker/index.ts b/cypress/plugins/docker/index.ts index 9f755da674..66bab0b853 100644 --- a/cypress/plugins/docker/index.ts +++ b/cypress/plugins/docker/index.ts @@ -36,12 +36,21 @@ export async function dockerRun(opts: { const params = opts.params ?? []; if (params?.includes("-v") && userInfo.uid >= 0) { - // On *nix we run the docker container as our uid:gid otherwise cleaning it up its media_store can be difficult - params.push("-u", `${userInfo.uid}:${userInfo.gid}`); - + // Run the docker container as our uid:gid to prevent problems with permissions. if (await isPodman()) { - // keep the user ID if the docker command is actually podman - params.push("--userns=keep-id"); + // Note: this setup is for podman rootless containers. + + // In podman, run as root in the container, which maps to the current + // user on the host. This is probably the default since Synapse's + // Dockerfile doesn't specify, but we're being explicit here + // because it's important for the permissions to work. + params.push("-u", "0:0"); + + // Tell Synapse not to switch UID + params.push("-e", "UID=0"); + params.push("-e", "GID=0"); + } else { + params.push("-u", `${userInfo.uid}:${userInfo.gid}`); } }