Add container registry pull, image source settings, and global AWS config
All checks were successful
Build Container / build-container (push) Successful in 1m59s
All checks were successful
Build Container / build-container (push) Successful in 1m59s
Support pulling images from registry (default: repo.anhonesthost.net/cybercovellc/triple-c/triple-c-sandbox:latest), local builds, or custom images via a new settings UI. Add global AWS configuration (config path auto-detect, profile picker, region) that serves as defaults overridable per-project for Bedrock auth. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -21,6 +21,10 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
libssl-dev \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Remove default ubuntu user to free UID 1000 for host-user remapping
|
||||
RUN if id ubuntu >/dev/null 2>&1; then userdel -r ubuntu 2>/dev/null || userdel ubuntu; fi \
|
||||
&& if getent group ubuntu >/dev/null 2>&1; then groupdel ubuntu 2>/dev/null || true; fi
|
||||
|
||||
# Set UTF-8 locale
|
||||
RUN locale-gen en_US.UTF-8
|
||||
ENV LANG=en_US.UTF-8
|
||||
@@ -65,7 +69,7 @@ RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2
|
||||
&& unzip awscliv2.zip && ./aws/install && rm -rf awscliv2.zip aws
|
||||
|
||||
# ── Non-root user with passwordless sudo ─────────────────────────────────────
|
||||
RUN useradd -m -s /bin/bash claude \
|
||||
RUN useradd -m -s /bin/bash -u 1000 claude \
|
||||
&& echo "claude ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/claude \
|
||||
&& chmod 0440 /etc/sudoers.d/claude
|
||||
|
||||
|
||||
@@ -1,15 +1,49 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
# NOTE: set -e is intentionally omitted. A failing usermod/groupmod must not
|
||||
# kill the entire entrypoint — SSH setup, git config, and the final exec
|
||||
# must still run so the container is usable even if remapping fails.
|
||||
|
||||
# ── UID/GID remapping ──────────────────────────────────────────────────────
|
||||
# Match the container's claude user to the host user's UID/GID so that
|
||||
# bind-mounted files (project dir, docker socket) have correct ownership.
|
||||
if [ -n "$HOST_UID" ] && [ "$HOST_UID" != "$(id -u claude)" ]; then
|
||||
usermod -u "$HOST_UID" claude
|
||||
fi
|
||||
if [ -n "$HOST_GID" ] && [ "$HOST_GID" != "$(id -g claude)" ]; then
|
||||
groupmod -g "$HOST_GID" claude
|
||||
fi
|
||||
remap_uid_gid() {
|
||||
local target_uid="${HOST_UID}"
|
||||
local target_gid="${HOST_GID}"
|
||||
local current_uid
|
||||
local current_gid
|
||||
current_uid=$(id -u claude 2>/dev/null) || { echo "entrypoint: claude user not found"; return 1; }
|
||||
current_gid=$(id -g claude 2>/dev/null) || { echo "entrypoint: claude group not found"; return 1; }
|
||||
|
||||
# ── GID remapping ──
|
||||
if [ -n "$target_gid" ] && [ "$target_gid" != "$current_gid" ]; then
|
||||
# If another group already holds the target GID, move it out of the way
|
||||
local blocking_group
|
||||
blocking_group=$(getent group "$target_gid" 2>/dev/null | cut -d: -f1)
|
||||
if [ -n "$blocking_group" ] && [ "$blocking_group" != "claude" ]; then
|
||||
echo "entrypoint: moving group '$blocking_group' from GID $target_gid to 65533"
|
||||
groupmod -g 65533 "$blocking_group" || echo "entrypoint: warning — failed to relocate group '$blocking_group'"
|
||||
fi
|
||||
groupmod -g "$target_gid" claude \
|
||||
&& echo "entrypoint: claude GID -> $target_gid" \
|
||||
|| echo "entrypoint: warning — groupmod -g $target_gid claude failed"
|
||||
fi
|
||||
|
||||
# ── UID remapping ──
|
||||
if [ -n "$target_uid" ] && [ "$target_uid" != "$current_uid" ]; then
|
||||
# If another user already holds the target UID, move it out of the way
|
||||
local blocking_user
|
||||
blocking_user=$(getent passwd "$target_uid" 2>/dev/null | cut -d: -f1)
|
||||
if [ -n "$blocking_user" ] && [ "$blocking_user" != "claude" ]; then
|
||||
echo "entrypoint: moving user '$blocking_user' from UID $target_uid to 65533"
|
||||
usermod -u 65533 "$blocking_user" || echo "entrypoint: warning — failed to relocate user '$blocking_user'"
|
||||
fi
|
||||
usermod -u "$target_uid" claude \
|
||||
&& echo "entrypoint: claude UID -> $target_uid" \
|
||||
|| echo "entrypoint: warning — usermod -u $target_uid claude failed"
|
||||
fi
|
||||
}
|
||||
|
||||
remap_uid_gid
|
||||
|
||||
# Fix ownership of home directory after UID/GID change
|
||||
chown -R claude:claude /home/claude
|
||||
|
||||
Reference in New Issue
Block a user