From 1bbf43adf5cb1b7e400ff353c73e6a34e1d2e8ef Mon Sep 17 00:00:00 2001 From: Jan Pazdziora Date: Thu, 10 Aug 2023 12:23:26 +0200 Subject: [PATCH] Fix start of kdcproxy in mod_wsgi. Addressing [wsgi:alert] [pid 162742:tid 162742] (2)No such file or directory: mod_wsgi (pid=162742): Unable to change working directory to home directory '/var/lib/kdcproxy' for uid=288. [wsgi:alert] [pid 162742:tid 162742] mod_wsgi (pid=162742): Failure to configure the daemon process correctly and process left in unspecified state. Restarting daemon process after delay. --- Dockerfile.almalinux-8 | 2 +- Dockerfile.almalinux-9 | 2 +- Dockerfile.centos-8 | 2 +- Dockerfile.centos-8-stream | 2 +- Dockerfile.centos-9-stream | 2 +- Dockerfile.fedora-26 | 2 +- Dockerfile.fedora-27 | 2 +- Dockerfile.fedora-28 | 2 +- Dockerfile.fedora-29 | 2 +- Dockerfile.fedora-30 | 2 +- Dockerfile.fedora-31 | 2 +- Dockerfile.fedora-32 | 2 +- Dockerfile.fedora-33 | 2 +- Dockerfile.fedora-34 | 2 +- Dockerfile.fedora-35 | 2 +- Dockerfile.fedora-36 | 2 +- Dockerfile.fedora-37 | 2 +- Dockerfile.fedora-38 | 2 +- Dockerfile.fedora-rawhide | 2 +- Dockerfile.rhel-7 | 2 +- Dockerfile.rhel-8 | 2 +- Dockerfile.rhel-9 | 2 +- Dockerfile.rocky-8 | 2 +- Dockerfile.rocky-9 | 2 +- 24 files changed, 24 insertions(+), 24 deletions(-) diff --git a/Dockerfile.almalinux-8 b/Dockerfile.almalinux-8 index 069891f3..001bef7d 100644 --- a/Dockerfile.almalinux-8 +++ b/Dockerfile.almalinux-8 @@ -1,7 +1,7 @@ # Build on top of base AlmaLinux 8 image FROM docker.io/almalinux/8-init -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.almalinux-9 b/Dockerfile.almalinux-9 index ced5ec80..86c97320 100644 --- a/Dockerfile.almalinux-9 +++ b/Dockerfile.almalinux-9 @@ -1,7 +1,7 @@ # Build on top of base AlmaLinux 9 image FROM docker.io/almalinux/9-init -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -r -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -r -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.centos-8 b/Dockerfile.centos-8 index 3d0e5569..ef788943 100644 --- a/Dockerfile.centos-8 +++ b/Dockerfile.centos-8 @@ -1,7 +1,7 @@ # Build on top of base CentOS 8 image FROM registry.centos.org/centos:8 -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.centos-8-stream b/Dockerfile.centos-8-stream index 6e25a2cf..e466af87 100644 --- a/Dockerfile.centos-8-stream +++ b/Dockerfile.centos-8-stream @@ -1,7 +1,7 @@ # Build on top of base CentOS 8 Stream image FROM quay.io/centos/centos:stream8 -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.centos-9-stream b/Dockerfile.centos-9-stream index 6c8d6587..101e58e0 100644 --- a/Dockerfile.centos-9-stream +++ b/Dockerfile.centos-9-stream @@ -1,7 +1,7 @@ # Build on top of base CentOS 9 Stream image FROM quay.io/centos/centos:stream9 -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -r -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -r -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.fedora-26 b/Dockerfile.fedora-26 index 33d68bd4..68f652ef 100644 --- a/Dockerfile.fedora-26 +++ b/Dockerfile.fedora-26 @@ -6,7 +6,7 @@ MAINTAINER FreeIPA Developers RUN dnf install -y --setopt=install_weak_deps=False freeipa-server freeipa-server-dns freeipa-server-trust-ad patch \ && dnf clean all -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d / -s '/sbin/nologin' kdcproxy # debug: RUN test $( getent passwd | grep -E "^(dirsrv:x:389|kdcproxy:x:288|pkiuser:x:17):" | wc -l ) -eq 3 # Container image which runs systemd diff --git a/Dockerfile.fedora-27 b/Dockerfile.fedora-27 index 7c76dbdb..bf40eb33 100644 --- a/Dockerfile.fedora-27 +++ b/Dockerfile.fedora-27 @@ -3,7 +3,7 @@ FROM registry.fedoraproject.org/fedora:27 MAINTAINER FreeIPA Developers -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi RUN dnf upgrade -y --setopt=install_weak_deps=False \ diff --git a/Dockerfile.fedora-28 b/Dockerfile.fedora-28 index fef72d74..5139bfe4 100644 --- a/Dockerfile.fedora-28 +++ b/Dockerfile.fedora-28 @@ -3,7 +3,7 @@ FROM registry.fedoraproject.org/fedora:28 MAINTAINER FreeIPA Developers -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.fedora-29 b/Dockerfile.fedora-29 index b32918b0..3db9bc31 100644 --- a/Dockerfile.fedora-29 +++ b/Dockerfile.fedora-29 @@ -3,7 +3,7 @@ FROM registry.fedoraproject.org/fedora:29 MAINTAINER Jan Pazdziora -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.fedora-30 b/Dockerfile.fedora-30 index c0441a16..9594bf45 100644 --- a/Dockerfile.fedora-30 +++ b/Dockerfile.fedora-30 @@ -3,7 +3,7 @@ FROM registry.fedoraproject.org/fedora:30 MAINTAINER FreeIPA Developers -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.fedora-31 b/Dockerfile.fedora-31 index ea44aea3..c77295cc 100644 --- a/Dockerfile.fedora-31 +++ b/Dockerfile.fedora-31 @@ -1,7 +1,7 @@ # Clone from the Fedora 31 image FROM registry.fedoraproject.org/fedora:31 -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.fedora-32 b/Dockerfile.fedora-32 index aa8c5661..40830e9b 100644 --- a/Dockerfile.fedora-32 +++ b/Dockerfile.fedora-32 @@ -1,7 +1,7 @@ # Clone from the Fedora 32 image FROM registry.fedoraproject.org/fedora:32 -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.fedora-33 b/Dockerfile.fedora-33 index 7d5bc92c..78d0def7 100644 --- a/Dockerfile.fedora-33 +++ b/Dockerfile.fedora-33 @@ -1,7 +1,7 @@ # Clone from the Fedora 33 image FROM registry.fedoraproject.org/fedora:33 -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.fedora-34 b/Dockerfile.fedora-34 index 6ed274e5..55351542 100644 --- a/Dockerfile.fedora-34 +++ b/Dockerfile.fedora-34 @@ -1,7 +1,7 @@ # Clone from the Fedora 34 image FROM registry.fedoraproject.org/fedora:34 -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.fedora-35 b/Dockerfile.fedora-35 index d2eb8ed8..445ed758 100644 --- a/Dockerfile.fedora-35 +++ b/Dockerfile.fedora-35 @@ -1,7 +1,7 @@ # Clone from the Fedora 35 FROM registry.fedoraproject.org/fedora:35 -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -r -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -r -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.fedora-36 b/Dockerfile.fedora-36 index 1be80992..9894c358 100644 --- a/Dockerfile.fedora-36 +++ b/Dockerfile.fedora-36 @@ -1,7 +1,7 @@ # Clone from the Fedora 36 image FROM registry.fedoraproject.org/fedora:36 -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -r -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -r -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.fedora-37 b/Dockerfile.fedora-37 index 5582915b..96a0ae46 100644 --- a/Dockerfile.fedora-37 +++ b/Dockerfile.fedora-37 @@ -1,7 +1,7 @@ # Clone from the Fedora 37 image FROM registry.fedoraproject.org/fedora:37 -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -r -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -r -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.fedora-38 b/Dockerfile.fedora-38 index 74df5391..b7745e2f 100644 --- a/Dockerfile.fedora-38 +++ b/Dockerfile.fedora-38 @@ -1,7 +1,7 @@ # Clone from the Fedora 38 image FROM registry.fedoraproject.org/fedora:38 -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -r -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -r -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.fedora-rawhide b/Dockerfile.fedora-rawhide index 8de9932f..1b87a8ff 100644 --- a/Dockerfile.fedora-rawhide +++ b/Dockerfile.fedora-rawhide @@ -1,7 +1,7 @@ # Clone from the Fedora rawhide image FROM registry.fedoraproject.org/fedora:rawhide -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -r -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -r -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.rhel-7 b/Dockerfile.rhel-7 index 17a64afd..42a8c22a 100644 --- a/Dockerfile.rhel-7 +++ b/Dockerfile.rhel-7 @@ -2,7 +2,7 @@ FROM registry.access.redhat.com/rhel7 # Moving groupadd before freeipa installation to ensure uid and guid will be same -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.rhel-8 b/Dockerfile.rhel-8 index 02c83032..b0868871 100644 --- a/Dockerfile.rhel-8 +++ b/Dockerfile.rhel-8 @@ -1,7 +1,7 @@ # Build on top of the RHEL 8 image FROM registry.access.redhat.com/ubi8-init -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.rhel-9 b/Dockerfile.rhel-9 index e7c5349e..b72b89ef 100644 --- a/Dockerfile.rhel-9 +++ b/Dockerfile.rhel-9 @@ -1,7 +1,7 @@ # Build on top of the RHEL 9 image FROM registry.access.redhat.com/ubi9-init -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -r -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -r -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.rocky-8 b/Dockerfile.rocky-8 index efbce4c9..d3a15075 100644 --- a/Dockerfile.rocky-8 +++ b/Dockerfile.rocky-8 @@ -1,7 +1,7 @@ # Build on top of base Rocky Linux 8 image FROM docker.io/rockylinux/rockylinux:8 -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948 diff --git a/Dockerfile.rocky-9 b/Dockerfile.rocky-9 index d6115e78..66878bd5 100644 --- a/Dockerfile.rocky-9 +++ b/Dockerfile.rocky-9 @@ -1,7 +1,7 @@ # Build on top of base Rocky Linux 9 image FROM docker.io/rockylinux/rockylinux:9 -RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -r -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -r -d / -s '/sbin/nologin' kdcproxy RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi # Workaround 1615948