Rootless Makisu
AurelienGasser opened this issue · 3 comments
Does Makisu currently support being run as a non-root user? The documentation doesn't seem to mention it.
If it's not currently possible, can Makisu eventually be made runnable as a non-root user, or does Makisu's design or other limitations fundamentally prevent it?
Nothing really requires root by design - it just read directories/files and sometimes move them around (needed for multi-phase builds).
However normally the base image (unless you use FROM scratch) would contain files owned by root, and in that case you will need run makisu as root in container. In that case maybe you can also get around this by using user namespace.
Have you any list of files/directories that makisu should have access to? Or maybe any tutorial, how to run the makisu image without root?
@AurelienGasser asked a good question because, for example, gardener can create Kubernetes cluster without permission to run any image with root or with other privileges (more info)
What exactly are you trying to do?
Ideally, you'd want to run makisu inside docker.
If you also don't want to run docker, you might get away with using podman to run makisu inside a container.