Reputation: 73
Unable to run dotnet test in docker container when run as non root
Problem:
Running dotnet test in container as non root user fails.
Details:
dotnet test runs successfully using the following docker file and docker command on running as root user.
Docker file:
FROM mcr.microsoft.com/dotnet/sdk:5.0 AS build
WORKDIR /app
# run the tests
COPY [".", "."]
ENTRYPOINT ["dotnet","test"]
Docker build command:
docker build -t test:v1 .
Docker run command:
docker run test:v1
On contrary, if I run dotnet test as non root user using the following docker file and above docker build and run command then it fails.
Docker file:
FROM mcr.microsoft.com/dotnet/sdk:5.0 AS build
RUN mkdir -p /app/DOTNET_CLI_HOME
ENV DOTNET_CLI_HOME="/app/DOTNET_CLI_HOME"
RUN adduser --disabled-password --system --uid 1000 --home /app --gecos "" dotnetuser && chown -R dotnetuser /app
USER dotnetuser
WORKDIR /app
# run the component tests
COPY [".", "."]
ENTRYPOINT ["dotnet","test"]
Description of above docker file:
ENV DOTNET_CLI_HOME="/app/DOTNET_CLI_HOME" is added to mitigate System.UnauthorizedAccessException error. Details can be seen in this link :
Dotnet build permission denied in Docker container running Jenkins
But despite of that I get the error on running the container with above Docker file. Logs:
Determining projects to restore... /usr/share/dotnet/sdk/5.0.102/NuGet.targets(131,5): error : Access to the path '/app/obj/808903f8-54b1-4814-9c09-345ae588c134.tmp' is denied. [/app/simpleapi-test.csproj] /usr/share/dotnet/sdk/5.0.102/NuGet.targets(131,5): error :
Permission denied [/app/simpleapi-test.csproj]
I want to run dotnet test in a container as non-root user. It would be great if someone could help me in resolving this issue.
Upvotes: 1
Views: 1898
Answers (2)
Reputation: 73
The order of instructions in Docker file was wrong. After I corrected it using the below docker file, everything worked as expected.
FROM mcr.microsoft.com/dotnet/sdk:5.0 AS build
RUN mkdir -p /app/DOTNET_CLI_HOME
COPY [".", "/app"]
ENV DOTNET_CLI_HOME="/app/DOTNET_CLI_HOME"
RUN adduser --disabled-password --system --uid 1000 --home /app --gecos "" dotnetuser && chown -R dotnetuser /app
USER dotnetuser
WORKDIR /app
ENTRYPOINT ["dotnet","test"]
Upvotes: 0
Reputation: 11
you can create a non-root user in your builds directly instead of creating in the Dockerfile. You just have to add an environment variable like this during build command.
-e PUID=1000 -e PGID=1000
So your Dockerfile would be:
FROM mcr.microsoft.com/dotnet/sdk:5.0 AS build
RUN mkdir -p /app/DOTNET_CLI_HOME
ENV DOTNET_CLI_HOME="/app/DOTNET_CLI_HOME"
USER dotnetuser
WORKDIR /app
COPY . .
ENTRYPOINT ["dotnet","test"]
Also, it's adviced not to copy everything inside your docker image, you can either selectively copy the required files or do a COPY . . and add unwanted files in a .dockerignore file.
So, finally, your docker build will be:
docker build -e PUID=1000 -e PGID=1000 -t test:v1 .
Sorry I haven't worked with dotnet so cannot help you with a production grade image, but if you are looking to create a non-root docker image, this is how it's done. Hope this helps.
Upvotes: 0
Related Questions
- dotnet tests not run with flag --no-build in docker
- Run dotnet tests in docker which use testcontainers
- How to run .NET unit tests in a docker container
- Connecting to dotnet.testcontainer within docker build fails with message "Cannot assign requested address /var/run/docker.sock"
- Docker container mcr.microsoft.com/dotnet/sdk publish not as a root user
- Run dotnet test inside docker container
- why dotnet 5 docker container fail in run time?
- Docker image refuse to run dotnet test command
- Running dotnet in a Docker container fails on Linux because of relative path
- How to run .NET Core 2 application in Docker on Linux as non-root