From 3ea3c001fc5996a5acf3c8f4f7209603283d5da6 Mon Sep 17 00:00:00 2001 From: jrussell9000 Date: Mon, 16 Sep 2024 13:19:30 -0500 Subject: [PATCH] Added explicit creation of non-root Added explicit creation of non-root to the dockerfile. In some situations (e.g., containerd on Kubernetes) the home directory for the user (/home/nonroot) isn't necessarily created when the image is loaded. In this case, things get tricky because the nonroot user doesn't seem to have write access to any other paths. Also, explicitly coding in the useradd seems to be best practice (though this is obviously less relevant). --- Docker/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Docker/Dockerfile b/Docker/Dockerfile index b239c7e8..46ba5f9f 100644 --- a/Docker/Dockerfile +++ b/Docker/Dockerfile @@ -221,6 +221,7 @@ RUN cd /fastsurfer ; python3 FastSurferCNN/download_checkpoints.py --all && \ # Set FastSurfer workdir and entrypoint # the script entrypoint ensures that our conda env is active +RUN useradd -m -s /bin/bash -u 1000 -g 1000 nonroot USER nonroot WORKDIR "/fastsurfer" ENTRYPOINT ["/fastsurfer/Docker/entrypoint.sh","/fastsurfer/run_fastsurfer.sh"] @@ -232,4 +233,4 @@ FROM runtime AS runtime_cuda ENV NVIDIA_VISIBLE_DEVICES=all \ NVIDIA_DRIVER_CAPABILITIES=compute,utility \ - NVIDIA_REQUIRE_CUDA="cuda>=8.0" \ No newline at end of file + NVIDIA_REQUIRE_CUDA="cuda>=8.0"