Skip to content

Add sethomevar hook#6

Open
matteo-chesi wants to merge 4 commits intomainfrom
sethomevar
Open

Add sethomevar hook#6
matteo-chesi wants to merge 4 commits intomainfrom
sethomevar

Conversation

@matteo-chesi
Copy link
Copy Markdown

@matteo-chesi matteo-chesi commented Apr 23, 2026

In order to replace container HOME environment entry with HOME value for the running user from the system (getent passwd)
It doesn't use HOME variable from user environment, but from the system.

Keep in mind, there is nothing that will make the user land in HOME.

@fcruzcscs
Copy link
Copy Markdown
Member

fcruzcscs commented Apr 28, 2026

I see that when reading the .process.user.uid if this does not exist it will create it to be 0, i.e. root

This makes sense from podman point of view but I am not sure this is something that the user expects, and it is not easy to debug (given that the intent is to give access to the user's home)

maybe is best to error out? worst case, the user would be aware and can disable the hook?

Also, under most conditions skybox should set keep-id, so uid should be correctly populated, thus not being there might mean something else is going wrong

@Madeeks
Copy link
Copy Markdown
Member

Madeeks commented Apr 28, 2026

I see that when reading the .process.user.uid if this does not exist it will create it to be 0, i.e. root

This makes sense from podman point of view but I am not sure this is something that the user expects, and it is not easy to debug (given that the intent is to give access to the user's home)

maybe is best to error out? worst case, the user would be aware and can disable the hook?

Also, under most conditions skybox should set keep-id, so uid should be correctly populated, thus not being there might mean something else is going wrong

The OCI runtime spec states that uid is a required property on POSIX systems: https://github.com/opencontainers/runtime-spec/blob/main/config.md#posix-platform-user

Therefore, the only circumstance where I imagine this failing is when process does not exist, which OCI specs allow only when the start lifecycle action is not called (e.g. the container is just being created but not started yet).
Normally, sarusctl and Skybox should not fall into this case, because they both invoke a podman run command directly.

However, I'm also thinking that this hook is intended for the specific use case of Skybox, where containers run with keep-id and the host env is propagated in the container, hence the need to insure that HOME is actually usable in case some code wants to use it.
Hence, given the specific scope of the use case, returning an error is probably not a bad idea.

Madeeks
Madeeks reviewed Apr 28, 2026
View reviewed changes
Comment thread crates/sethomevar/README.md Outdated
matteo-chesi and others added 2 commits May 1, 2026 08:03
@matteo-chesi @Madeeks
Apply suggestion from @Madeeks
fa7d9b1 
Co-authored-by: Alberto Madonna <alberto.madonna@cscs.ch>
@Madeeks
Merge branch 'main' into sethomevar
837067c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Madeeks Madeeks Madeeks left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@matteo-chesi @fcruzcscs @Madeeks