Allow to drop privileges at startup #36341
Conversation
| @@ -63,7 +63,7 @@ RUN arch=${TARGETARCH:-amd64} \ | |||
| && chown clickhouse:clickhouse /var/lib/clickhouse \ | |||
| && chown root:clickhouse /var/log/clickhouse-server \ | |||
| && chmod +x /entrypoint.sh \ | |||
| && apk add --no-cache su-exec bash tzdata \ | |||
| && apk add --no-cache bash tzdata \ | |||
| && cp /usr/share/zoneinfo/UTC /etc/localtime \ | |||
There was a problem hiding this comment.
This looks outdated.
robot-clickhouse
added
the
pr-build
docker/server/Dockerfile.ubuntu
Outdated
| chmod 0755 /bin/su-exec && \ | ||
| rm /su-exec.c && \ | ||
| apt-get purge -y --auto-remove tcc libc-dev libc-dev-bin libc6-dev linux-libc-dev \ | ||
| tzdata |
There was a problem hiding this comment.
Looks old, we should work without tzdata and locales.
|
Merging with master after #36337. |
|
Waiting for #36361 |
|
@alexey-milovidov Keeper images also can be simplified |
…e/ClickHouse into allow-setuid-inside-clickhouse
|
@nikitamikhaylov no review? |
|
I will unassign as one month has passed. |
…e/ClickHouse into allow-setuid-inside-clickhouse
|
At least now it works as expected: https://pastila.nl/?001c5a5c/93287c2e9c4f57eafe6a98962306bb52 |
|
Does not work due to
|
|
Amazing... |
|
Cool! It would be also awesome to have |
|
@excitoon This |
|
@alexey-milovidov this PR totally breaks the NFS mounts for metadata, because of root squash. |
|
See #39898 |
fix broken NFS mkdir introduced in ClickHouse#36341
Changelog category (leave one):
Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):
Allow to drop privileges at startup. This simplifies Docker images. Closes #36293.