Kris2
May 1, 2023, 9:36am
1
I have two apps, one PHP and one Node, that flat out refuse to resolve its database hosts. Turns out they drop privileges to a non-root user (and do not use the system resolver?), making them unable to read the nameserver from resolv.conf.
Fly writes /etc/resolv.conf
in the container with 700 permissions, while it should be 644.
pavel
May 1, 2023, 10:49am
2
We actually create /etc/resolv.conf
with 0644
mode.
Can you share your Dockerfile or base image? Are you running some startup scripts?
Kris2
May 1, 2023, 11:24am
3
Interesting! One of the apps is GitHub - outline/outline: The fastest knowledge base for growing teams. Beautiful, realtime collaborative, feature packed, and markdown compatible.
We run it straight from dockerhub with
[build]
image = "outlinewiki/outline"
Not seeing the same behavior locally. Noticed both apps run Alpine as base image
pavel
May 1, 2023, 12:17pm
4
I can’t seem to reproduce this with their image. With this Dockerfile
:
FROM outlinewiki/outline:latest
CMD sleep inf
I get correct /etc/resolv.conf
permissions after deploy:
$ fly m exec 7811170a911208 "ls -l /etc/resolv.conf"
-rw-r--r-- 1 root root 20 May 1 12:04 /etc/resolv.conf
Whatever is running as default CMD
in their Docker image shouldn’t be able to change the permissions as well, as it’s running under nodejs
user.
Can you share more info? App name, fly.toml
, step you use to deploy it?
system
Closed
May 8, 2023, 12:18pm
5
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.