Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vendor: switch from idtools to moby/sys/user #5791

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

vendor: switch from idtools to moby/sys/user #5791

wants to merge 1 commit into from

Conversation

jsternberg
Copy link
Collaborator

Convert usages of github.com/docker/docker/pkg/idtools to
github.com/moby/sys/user in order to break the dependency between
buildkit and docker.

@jsternberg
vendor: switch from idtools to moby/sys/user
1ba5aa4 
Convert usages of `github.com/docker/docker/pkg/idtools` to
`github.com/moby/sys/user` in order to break the dependency between
buildkit and docker.

Signed-off-by: Jonathan A. Sternberg <[email protected]>
@jsternberg jsternberg marked this pull request as ready for review February 28, 2025 14:38
crazy-max
crazy-max reviewed Feb 28, 2025
View reviewed changes
util/windows/util_windows.go
Comment on lines +18 to +19
ContainerAdministratorSidString = "S-1-5-93-2-1"
ContainerUserSidString = "S-1-5-93-2-2"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess we need them because they were not ported to moby/sys? https://github.com/moby/moby/blob/7194b508b6766a372e42156bb3314288bd7fbd0c/pkg/idtools/idtools_windows.go#L11-L16.

@thaJeztah Is moby/sys not a good place in the meantime while waiting for a better place like hcsshim? (cc @gabriel-samfira @profnandaa @TBBle)

Copy link
Member

@thaJeztah thaJeztah Feb 28, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, we need a place for this ultimately. To my understanding (but hoping some of the Microsoft folks can confirm), these SIDs (and the related name) are "special" as they are ones that are available by default in containers.

What I don't know though, is where is that documented ? They were introduced in Moby during the implementation of container support for Windows; if they are to be considered special, then they could use an official definition; e.g. to be documented as part of the OCI specifications, and possibly the OCI could define them as consts (for convenience).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is when the consts where introduced moby/moby#35521 (comment), but not sure where they originated from and/or if there's a definition elsewhere;

moby/moby#35521 (comment) also had this part;

sddlString := system.SddlAdministratorsLocalSystem
sddlString += "(A;OICI;GRGWGXRCWDSD;;;" + identity.SID + ")"
``

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thaJeztah thaJeztah thaJeztah left review comments

@crazy-max crazy-max crazy-max left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
area/buildkitd area/dependencies Pull requests that update a dependency file area/executor area/exporter area/frontend area/solver area/source area/storage area/util area/worker
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jsternberg @thaJeztah @crazy-max