Allow for containers not running as root (#13)

ontariosystems · Jun 12, 2020 · bfe1f56 · bfe1f56
1 parent 4753401
commit bfe1f56
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 8 deletions.
diff --git a/internal/cmd/internalstart.go b/internal/cmd/internalstart.go
@@ -24,12 +24,12 @@ import (
 	"os"
 	"path"
 
-	log "github.com/sirupsen/logrus"
 	"github.com/ontariosystems/iscenv/internal/app"
 	"github.com/ontariosystems/iscenv/internal/cmd/flags"
 	"github.com/ontariosystems/iscenv/internal/plugins"
 	"github.com/ontariosystems/iscenv/iscenv"
 	"github.com/ontariosystems/isclib"
+	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
@@ -66,7 +66,7 @@ func internalStart(cmd *cobra.Command, _ []string) {
 
 	go startHealthCheck()
 
-	if tz := os.Getenv("TZ"); tz != "" {
+	if tz := os.Getenv("TZ"); tz != "" && os.Getuid() == 0 {
 		log.WithField("time_zone", tz).Debug("Using provided time zone")
 		if _, err := os.Stat(localTimePath); err == nil {
 			if err := os.Remove(localTimePath); err != nil {

diff --git a/internal/cmd/start.go b/internal/cmd/start.go
@@ -32,9 +32,9 @@ import (
 	"github.com/ontariosystems/iscenv/internal/plugins"
 	"github.com/ontariosystems/iscenv/iscenv"
 
-	log "github.com/sirupsen/logrus"
 	multierror "github.com/hashicorp/go-multierror"
 	"github.com/kardianos/osext"
+	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
@@ -66,13 +66,13 @@ func init() {
 	flags.AddFlagP(startCmd, "env", "e", []string(nil), "An environment variable and its value to be passed to the starting container in the form of VAR=value")
 
 	// Flags overriding the default settings *inside* of containers
-	flags.AddConfigFlag(startCmd, "internal-instance", "docker", "The name of the actual ISC product instance within the container")
+	flags.AddConfigFlag(startCmd, "internal-instance", "iris", "The name of the actual ISC product instance within the container")
 	flags.AddConfigFlag(startCmd, "superserver-port", int(iscenv.PortInternalSS), "The super server port inside the ISC product container")
 	flags.AddConfigFlag(startCmd, "isc-http-port", int(iscenv.PortInternalWeb), "The ISC Web Server port inside the ISC product container")
 	flags.AddConfigFlag(startCmd, "ccontrol-path", "ccontrol", "The path to the ccontrol executable within the container")
 	addPrimaryCommandFlags(startCmd)
 	flags.AddConfigFlag(startCmd, "disable-primary-command", false, "This argument will disable the primary command for a single run.  This allows you to start the container with no primary command for an initialization run (while you load the primary command's source, for example) or to debug a broken primary command.")
-	flags.AddConfigFlag(startCmd, "time-zone", "UTC", "The time zone to set inside the container. This should be provided as a path relative to /usr/share/zoneinfo (e.g. America/Indianapolis or US/Eastern).")
+	flags.AddConfigFlag(startCmd, "time-zone", "UTC", "The time zone to set inside the container. This should be provided as a path relative to /usr/share/zoneinfo (e.g. America/Indianapolis or US/Eastern).  This only works if the container is running as root")
 }
 
 func start(cmd *cobra.Command, args []string) {

diff --git a/plugins/lifecycle/license-key/main.go b/plugins/lifecycle/license-key/main.go
@@ -118,7 +118,7 @@ func (*Plugin) BeforeInstance(state *isclib.Instance) error {
 
 	keyFilename := "cache.key"
 	if state.Product == isclib.Iris {
-		keyFilename = "license.key"
+		keyFilename = "iris.key"
 	}
 	keyPath := filepath.Join(mgrDir, keyFilename)
 	plog.WithFields(log.Fields{
@@ -148,8 +148,10 @@ func (*Plugin) BeforeInstance(state *isclib.Instance) error {
 		return err
 	}
 
-	if err := os.Chown(keyPath, int(uid), int(gid)); err != nil {
-		return err
+	if os.Geteuid() == 0 {
+		if err := os.Chown(keyPath, int(uid), int(gid)); err != nil {
+			return err
+		}
 	}
 
 	if err := os.Chmod(keyPath, 0644); err != nil {