Skip to content

Commit d0d1be5

Browse files
benluddybenluddy
committedOct 12, 2020
Make the inability to create /etc/nsswitch.conf non-fatal.
Images run as non-root were not allowed to write to /etc/nsswitch.conf, which had been considered required. Instead, the scratch/non-glibc images published by the Operator Framework project now include a default nsswitch config file, and runtime creation of a default nsswitch config file is now best-effort.
1 parent c76735d commit d0d1be5

13 files changed

+14
-4
lines changed
 

‎appr-registry.Dockerfile

+1
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ COPY --from=builder /go/src/github.com/operator-framework/operator-registry/vend
2222
RUN CGO_ENABLED=0 go install -a -tags netgo -ldflags "-w"
2323

2424
FROM scratch
25+
COPY ["nsswitch.conf", "/etc/nsswitch.conf"]
2526
COPY --from=builder /go/src/github.com/operator-framework/operator-registry/bin/appregistry-server /bin/appregistry-server
2627
COPY --from=probe-builder /go/bin/grpc-health-probe /bin/grpc_health_probe
2728
EXPOSE 50051

‎cmd/appregistry-server/main.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@ func runCmdFunc(cmd *cobra.Command, args []string) error {
6565
}
6666
// Ensure there is a default nsswitch config
6767
if err := dns.EnsureNsswitch(); err != nil {
68-
return err
68+
logrus.WithError(err).Warn("unable to write default nsswitch config")
6969
}
7070
kubeconfig, err := cmd.Flags().GetString("kubeconfig")
7171
if err != nil {

‎cmd/configmap-server/main.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ func runCmdFunc(cmd *cobra.Command, args []string) error {
7171
}
7272
// Ensure there is a default nsswitch config
7373
if err := dns.EnsureNsswitch(); err != nil {
74-
return err
74+
logrus.WithError(err).Warn("unable to write default nsswitch config")
7575
}
7676
kubeconfig, err := cmd.Flags().GetString("kubeconfig")
7777
if err != nil {

‎cmd/opm/registry/serve.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ func serveFunc(cmd *cobra.Command, args []string) error {
6363

6464
// Ensure there is a default nsswitch config
6565
if err := dns.EnsureNsswitch(); err != nil {
66-
return err
66+
logrus.WithError(err).Warn("unable to write default nsswitch config")
6767
}
6868

6969
dbName, err := cmd.Flags().GetString("database")

‎cmd/registry-server/main.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@ func runCmdFunc(cmd *cobra.Command, args []string) error {
6565
}
6666
// Ensure there is a default nsswitch config
6767
if err := dns.EnsureNsswitch(); err != nil {
68-
return err
68+
logrus.WithError(err).Warn("unable to write default nsswitch config")
6969
}
7070
dbName, err := cmd.Flags().GetString("database")
7171
if err != nil {

‎configmap-registry.Dockerfile

+1
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ FROM quay.io/operator-framework/upstream-registry-builder:latest as builder
22
FROM busybox as userspace
33

44
FROM scratch
5+
COPY ["nsswitch.conf", "/etc/nsswitch.conf"]
56
COPY --from=builder /bin/configmap-server /bin/configmap-server
67
COPY --from=builder /bin/opm /bin/opm
78
COPY --from=userspace /bin/cp /bin/cp

‎index.Dockerfile

+1
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ FROM quay.io/operator-framework/upstream-registry-builder AS builder
22

33
FROM scratch
44
LABEL operators.operatorframework.io.index.database.v1=./index.db
5+
COPY ["nsswitch.conf", "/etc/nsswitch.conf"]
56
COPY database ./
67
COPY --from=builder /bin/opm /opm
78
COPY --from=builder /bin/grpc_health_probe /bin/grpc_health_probe

‎nsswitch.conf

+1
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
hosts: files dns

‎opm-example.Dockerfile

+1
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ FROM quay.io/operator-framework/upstream-opm-builder AS builder
22

33
FROM scratch
44
LABEL operators.operatorframework.io.index.database.v1=./index.db
5+
COPY ["nsswitch.conf", "/etc/nsswitch.conf"]
56
COPY database ./
67
COPY --from=builder /bin/opm /opm
78
COPY --from=builder /bin/grpc_health_probe /bin/grpc_health_probe

‎registry.Dockerfile

+1
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ RUN GRPC_HEALTH_PROBE_VERSION=v0.3.2 && \
1414
chmod +x /bin/grpc_health_probe
1515

1616
FROM scratch
17+
COPY ["nsswitch.conf", "/etc/nsswitch.conf"]
1718
COPY --from=builder /build/bin/registry-server /registry-server
1819
COPY --from=builder /bin/grpc_health_probe /bin/grpc_health_probe
1920
EXPOSE 50051

‎upstream-builder.Dockerfile

+2
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ RUN GRPC_HEALTH_PROBE_VERSION=v0.3.2 && \
1515

1616
FROM alpine:3
1717

18+
COPY ["nsswitch.conf", "/etc/nsswitch.conf"]
19+
1820
RUN chgrp -R 0 /etc && \
1921
chmod -R g+rwx /etc
2022

‎upstream-example.Dockerfile

+1
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ COPY manifests manifests
44
RUN /bin/initializer -o ./bundles.db
55

66
FROM scratch
7+
COPY ["nsswitch.conf", "/etc/nsswitch.conf"]
78
COPY --from=builder /build/bundles.db /bundles.db
89
COPY --from=builder /bin/registry-server /registry-server
910
COPY --from=builder /bin/grpc_health_probe /bin/grpc_health_probe

‎upstream-opm-builder.Dockerfile

+1
Original file line numberDiff line numberDiff line change
@@ -15,5 +15,6 @@ RUN GRPC_HEALTH_PROBE_VERSION=v0.3.2 && \
1515

1616
FROM alpine
1717
RUN apk update && apk add ca-certificates
18+
COPY ["nsswitch.conf", "/etc/nsswitch.conf"]
1819
COPY --from=builder /build/bin/opm /bin/opm
1920
COPY --from=builder /bin/grpc_health_probe /bin/grpc_health_probe

0 commit comments

Comments
 (0)
Please sign in to comment.