func (b *STI) checkNoRoot(config *api.Config) error {
if !config.NoRoot {
return nil
}
user, err := b.docker.GetImageUser(config.BuilderImage)
if err != nil {
return err
}
if util.IsPotentialRootUser(user) {
return fmt.Errorf("image %q must specify a user that is numeric and not equal to 0", config.BuilderImage)
}
return nil
}
func (b *STI) checkNoRoot(config *api.Config) error {
if !config.NoRoot {
return nil
}
user, err := b.docker.GetImageUser(config.BuilderImage)
if err != nil {
return err
}
if util.IsPotentialRootUser(user) {
return errors.NewBuilderRootNotAllowedError(config.BuilderImage, false)
}
return nil
}
func (b *OnBuild) checkNoRoot(config *api.Config) error {
if !config.NoRoot {
return nil
}
user, err := b.docker.GetImageUser(config.BuilderImage)
if err != nil {
return err
}
if util.IsPotentialRootUser(user) {
return fmt.Errorf("image %q must specify a user that is numeric and not equal to 0", config.BuilderImage)
}
cmds, err := b.docker.GetOnBuild(config.BuilderImage)
if err != nil {
return err
}
if util.IncludesRootUserDirective(cmds) {
return fmt.Errorf("image %q includes at least one ONBUILD instruction that sets the user to a non-numeric user or to user 0", config.BuilderImage)
}
return nil
}
func (b *OnBuild) checkNoRoot(config *api.Config) error {
if !config.NoRoot {
return nil
}
user, err := b.docker.GetImageUser(config.BuilderImage)
if err != nil {
return err
}
if util.IsPotentialRootUser(user) {
return errors.NewBuilderRootNotAllowedError(config.BuilderImage, false)
}
cmds, err := b.docker.GetOnBuild(config.BuilderImage)
if err != nil {
return err
}
if util.IncludesRootUserDirective(cmds) {
return errors.NewBuilderRootNotAllowedError(config.BuilderImage, true)
}
return nil
}
