Docker: Use id of current user to run the container

This ensures typical files created in the build process are accessible and removable(!) by the user outside. Downside is that some commands (e.g. whoami) won't work well within the container as that user typically is not listed in /etc/passwd etc. inside the container. Buildsteps requiring them won't work until the container image is (re-)created with this data in place. In general, there seems to be no silver bullet for this problem. An extensive discussion of pros and cons can be found at https://jtreminio.com/blog/running-docker-containers-as-current-host-user Change-Id: I0421e031324ffe3d64b9aeede289a43357c46e3d Reviewed-by: Christian Stenger <christian.stenger@qt.io>
2021-06-28 09:58:54 +02:00
parent 6f5e20bf64
commit 9f29b9e31b
1 changed files with 9 additions and 0 deletions
--- a/src/plugins/docker/dockerdevice.cpp
+++ b/src/plugins/docker/dockerdevice.cpp
@@ -68,6 +68,11 @@
 #include <QTextBrowser>
 #include <QThread>

+#ifdef Q_OS_UNIX
+#include <unistd.h>
+#include <sys/types.h>
+#endif
+
 using namespace Core;
 using namespace ProjectExplorer;
 using namespace QtSupport;
@@ -579,6 +584,10 @@ void DockerDevicePrivate::tryCreateLocalFileAccess()
                                    "-e", "XAUTHORITY=/.Xauthority",
                                    "--net", "host"}};

+#ifdef Q_OS_UNIX
+    dockerRun.addArgs({"-u", QString("%1:%2").arg(getuid()).arg(getgid())});
+#endif
+
    for (const QString &mount : qAsConst(m_mounts))
        dockerRun.addArgs({"-v", mount + ':' + mount});