Docker SSH agent has incorrect environment when dynamic provisioned by the docker-slaves plugin #166
Labels
Comments
|
After a lot more digging, this seems to be a duplicate, and has been documented here: and solved here: Impressive work |
|
as above belongs in a different repo ^^ |
lemeurherve
pushed a commit
to lemeurherve/docker-agent
that referenced
this issue
Nov 27, 2023
Fix the jenkins/inbound-agent DockerHub link in README
lemeurherve
pushed a commit
to lemeurherve/docker-agent
that referenced
this issue
Jan 11, 2024
Fix the jenkins/inbound-agent DockerHub link in README
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue:
The /etc/environment file on the agent is writable only by root, while the script /usr/local/bin/setup-sshd is run as the user the container is started with. This results in the image not being correctly provisioned. Both Jenkins and the agent are run as docker containers (jenkins/jenkins:lts and jenkins/ssh-agent, both pulled today). This is an issue because the agent does not get the correct environment, and therefore cannot find java and then the Gremlins attack.
To reproduce the following, start both containers, docker attach to the master and ssh to the slave. Then:
jenkins@127:
$ ls -al /usr/local/bin/ | grep sshd$ ls -al /etc | grep envi-rwxr-xr-x. 1 root root 2365 Dec 21 16:40 setup-sshd
jenkins@127:
-rw-r--r--. 1 root root 0 Dec 9 23:22 environment
For this particular issue I don't think that entire environment dumps are necessary, but if someone disagrees and provides me with an easy way to do it, I'll include the necessary system dumps.
The text was updated successfully, but these errors were encountered: