Make gosu optional in Dockerfile for already hardened security context environments #2475
Description
Is your feature request related to a problem? Please describe.
We use the following
securityContext: {
runAsUser: 10001
runAsGroup: 10001
fsGroup: 10001
runAsNonRoot: false
}
and correct FS perms.
But when container starts we get this error:
entrypoint: ensuring permissions for base path: /data/subtensor
entrypoint: ensuring permissions for chain spec: /data/chainspecs/raw_spec_finney.json
executing: gosu subtensor node-subtensor --base-path=/data/subtensor --bootnodes=/dns/bootnode.finney.chain.opentensor.ai/tcp/30333/ws/p2p/12D3KooWRwbMb85RWnT8DSXSYMWQtuDwh4LJzndoRrTDotTR5gDC --chain=/data/chainspecs/raw_spec_finney.json --database=paritydb --db-cache=4096 --rpc-cors=all --sync=warp --trie-cache-size=2048 --no-mdns --rpc-external
error: failed switching to "subtensor": operation not permitted
This is because container is not running as root but it tries to use gosu in default entry endpoint:
https://github.com/opentensor/subtensor/blob/main/scripts/docker_entrypoint.sh#L56
Describe the solution you'd like
Please make gosu optional either via some option we can pass to container or autodetecting if conteiner is running with proper user ID already.
Describe alternatives you've considered
No response
Additional context
No response