'.vuls' directory as XDG_CACHE_HOME #1020

jirib posted onGitHub

What did you do?

I do not run Vuls container as root but I defined XDG_CACHE_HOME variable (as other Vuls components honor it).

What did you expect to happen?

Vuls scan would use XDG_CACHE_HOME as a replacement for its '.vuls' in $HOME.

What happened instead?

Permission denied.

Current Output

/vuls $ vuls scan -config=/vuls/config.toml
[Jul 15 09:36:02] ERROR [localhost] Failed to create .vuls. err: mkdir /.vuls: permission denied
/vuls $ echo $HOME
/
/vuls $ echo $XDG_CACHE_HOME
/cache

Steps to reproduce the behaviour

# docker run --rm -it --entrypoint=/bin/ash \
-v /data/vuls/data:/vuls \
-v /data/vuls/vuls-log:/var/log/vuls \
-v /data/vuls/config.toml:/vuls/config.toml:ro \
-v /etc/localtime:/etc/localtime:ro \
-u <<some uid>>:<<some gid>> \
--mount type=tmpfs,destination=/cache,tmpfs-mode=1777 \
-e XDG_CACHE_HOME=/cache 5803c81b028c

$ vuls scan -config=/vuls/config.toml

Vuls environment:

# docker inspect 5803c81b028c | jq '.[].RepoDigests'
[
  "vuls/vuls@sha256:e39edb92833e7d6f6490620e11221f1a456ca2dec4f5f3ab1c15e12c75ecdcbb"
]

$ vuls -v

$ vuls -v
vuls v0.10.0 build-20200703_050746_11a7a0c

It seems it's not possible to run vuls scan anyway under different UID with default vuls container as ssh exits with:

cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes
-o LogLevel=quiet -o ConnectionAttempts=3
-o ConnectTimeout=1 10.72.0.132
-p 22 -i /etc/ssh/id_rsa
-o PasswordAuthentication=no stty cols 1000; ls /etc/debian_version
exitstatus: 255
stdout: 
stderr: No user exists for uid 1202200189

See https://github.com/openssh/openssh-portable/blob/fec89f32a84fd0aa1afc81deec80a460cbaf451a/ssh.c#L682

posted by jirib over 4 years ago