fix: resolve root cause of user switching failure in Docker
This fixes the fundamental issue causing persistent test failures. Root Cause: - The entrypoint script's user switching was broken - Used 'exec $*' which fails when no arguments provided - Used 'printf %q' which doesn't exist in Alpine Linux - User switching wasn't actually working properly Fixes: 1. Added su-exec package to Dockerfile - Proper tool for switching users in containers - Handles signal propagation correctly - No intermediate shell process 2. Rewrote user switching logic - Uses su-exec with fallback to su - Fixed command injection vulnerability in su fallback - Properly handles case when no arguments provided - Exports environment variables before switching 3. Added security improvements - Restricted permissions on AUTH_TOKEN_FILE - Added comments explaining su-exec benefits This explains why tests kept failing - we were testing around a broken implementation rather than fixing the actual broken code.
This commit is contained in:
czlonkowski
@@ -26,7 +26,7 @@ FROM node:22-alpine AS runtime
|
||||
WORKDIR /app
|
||||
|
||||
# Install only essential runtime tools
|
||||
RUN apk add --no-cache curl && \
|
||||
RUN apk add --no-cache curl su-exec && \
|
||||
rm -rf /var/cache/apk/*
|
||||
|
||||
# Copy runtime-only package.json
|
||||
|
||||
Reference in New Issue
Block a user