From e632c685257f54b0ddaf1b456ad134aa38bad5f5 Mon Sep 17 00:00:00 2001 From: Revital Sur Date: Fri, 13 Dec 2024 05:58:26 +0200 Subject: [PATCH] Grant non-root users the necessary permissions to the ray directory Signed-off-by: Revital Sur Co-authored-by: Alexey Roytman --- kfp/kfp_ray_components/Dockerfile | 3 +++ transforms/code/code2parquet/ray/Dockerfile | 3 +++ transforms/code/code_profiler/ray/Dockerfile | 3 +++ transforms/code/code_quality/ray/Dockerfile | 3 +++ transforms/code/header_cleanser/ray/Dockerfile | 3 +++ transforms/code/license_select/ray/Dockerfile | 3 +++ transforms/code/malware/ray/Dockerfile | 3 +++ transforms/code/proglang_select/ray/Dockerfile | 3 +++ transforms/code/repo_level_ordering/ray/Dockerfile | 3 +++ transforms/language/doc_chunk/ray/Dockerfile | 3 +++ transforms/language/doc_quality/ray/Dockerfile | 3 +++ transforms/language/html2parquet/ray/Dockerfile | 3 +++ transforms/language/lang_id/ray/Dockerfile | 3 +++ transforms/language/pdf2parquet/ray/Dockerfile | 3 +++ transforms/language/pii_redactor/ray/Dockerfile | 3 +++ transforms/language/text_encoder/ray/Dockerfile | 3 +++ transforms/universal/doc_id/ray/Dockerfile | 3 +++ transforms/universal/ededup/ray/Dockerfile | 3 +++ transforms/universal/fdedup/ray/Dockerfile | 3 +++ transforms/universal/filter/ray/Dockerfile | 3 +++ transforms/universal/hap/ray/Dockerfile | 3 +++ transforms/universal/noop/ray/Dockerfile | 3 +++ transforms/universal/profiler/ray/Dockerfile | 3 +++ transforms/universal/resize/ray/Dockerfile | 3 +++ transforms/universal/tokenization/ray/Dockerfile | 3 +++ 25 files changed, 75 insertions(+) diff --git a/kfp/kfp_ray_components/Dockerfile b/kfp/kfp_ray_components/Dockerfile index c7de34568..f7861122b 100644 --- a/kfp/kfp_ray_components/Dockerfile +++ b/kfp/kfp_ray_components/Dockerfile @@ -30,6 +30,9 @@ COPY ./src /pipelines/component/src # Set environment ENV KFP_v2=$KFP_v2 +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Put these at the end since they seem to upset the docker cache. ARG BUILD_DATE ARG GIT_COMMIT diff --git a/transforms/code/code2parquet/ray/Dockerfile b/transforms/code/code2parquet/ray/Dockerfile index d6ec3ca8b..8464e22a9 100644 --- a/transforms/code/code2parquet/ray/Dockerfile +++ b/transforms/code/code2parquet/ray/Dockerfile @@ -32,6 +32,9 @@ COPY src/code2parquet_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray diff --git a/transforms/code/code_profiler/ray/Dockerfile b/transforms/code/code_profiler/ray/Dockerfile index 10a9bc89e..a5439f005 100644 --- a/transforms/code/code_profiler/ray/Dockerfile +++ b/transforms/code/code_profiler/ray/Dockerfile @@ -33,6 +33,9 @@ COPY ./src/code_profiler_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray diff --git a/transforms/code/code_quality/ray/Dockerfile b/transforms/code/code_quality/ray/Dockerfile index 860a44927..ca3aa2e39 100644 --- a/transforms/code/code_quality/ray/Dockerfile +++ b/transforms/code/code_quality/ray/Dockerfile @@ -37,6 +37,9 @@ COPY ./src/code_quality_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray diff --git a/transforms/code/header_cleanser/ray/Dockerfile b/transforms/code/header_cleanser/ray/Dockerfile index 31f9c621e..7b6ad6712 100644 --- a/transforms/code/header_cleanser/ray/Dockerfile +++ b/transforms/code/header_cleanser/ray/Dockerfile @@ -32,6 +32,9 @@ COPY src/header_cleanser_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray diff --git a/transforms/code/license_select/ray/Dockerfile b/transforms/code/license_select/ray/Dockerfile index eed0a8913..f7288459d 100644 --- a/transforms/code/license_select/ray/Dockerfile +++ b/transforms/code/license_select/ray/Dockerfile @@ -29,6 +29,9 @@ COPY src/license_select_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Put these at the end since they seem to upset the docker cache. ARG BUILD_DATE ARG GIT_COMMIT diff --git a/transforms/code/malware/ray/Dockerfile b/transforms/code/malware/ray/Dockerfile index 013d3cd61..fb05ce445 100644 --- a/transforms/code/malware/ray/Dockerfile +++ b/transforms/code/malware/ray/Dockerfile @@ -59,6 +59,9 @@ COPY src/malware_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + ENV PYTHONPATH /home/ray USER root diff --git a/transforms/code/proglang_select/ray/Dockerfile b/transforms/code/proglang_select/ray/Dockerfile index e1c7e507b..f1b4591f1 100644 --- a/transforms/code/proglang_select/ray/Dockerfile +++ b/transforms/code/proglang_select/ray/Dockerfile @@ -33,6 +33,9 @@ COPY ./src/proglang_select_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray diff --git a/transforms/code/repo_level_ordering/ray/Dockerfile b/transforms/code/repo_level_ordering/ray/Dockerfile index 1e546ef52..018e61b20 100644 --- a/transforms/code/repo_level_ordering/ray/Dockerfile +++ b/transforms/code/repo_level_ordering/ray/Dockerfile @@ -27,6 +27,9 @@ COPY ./src/repo_level_order_s3_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray:/home/ray/src diff --git a/transforms/language/doc_chunk/ray/Dockerfile b/transforms/language/doc_chunk/ray/Dockerfile index c64771cc9..300ab579e 100644 --- a/transforms/language/doc_chunk/ray/Dockerfile +++ b/transforms/language/doc_chunk/ray/Dockerfile @@ -33,6 +33,9 @@ COPY ./src/doc_chunk_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray diff --git a/transforms/language/doc_quality/ray/Dockerfile b/transforms/language/doc_quality/ray/Dockerfile index 52f893da1..2860c1fdc 100644 --- a/transforms/language/doc_quality/ray/Dockerfile +++ b/transforms/language/doc_quality/ray/Dockerfile @@ -32,6 +32,9 @@ COPY test/ test/ COPY test-data/ test-data/ COPY ldnoobw/ ldnoobw/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray diff --git a/transforms/language/html2parquet/ray/Dockerfile b/transforms/language/html2parquet/ray/Dockerfile index 66506ea2d..3296866fc 100644 --- a/transforms/language/html2parquet/ray/Dockerfile +++ b/transforms/language/html2parquet/ray/Dockerfile @@ -33,6 +33,9 @@ COPY --chown=ray:users ./src/html2parquet_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray diff --git a/transforms/language/lang_id/ray/Dockerfile b/transforms/language/lang_id/ray/Dockerfile index 31eed79d9..6d62692b8 100644 --- a/transforms/language/lang_id/ray/Dockerfile +++ b/transforms/language/lang_id/ray/Dockerfile @@ -44,6 +44,9 @@ COPY ./src/lang_id_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray diff --git a/transforms/language/pdf2parquet/ray/Dockerfile b/transforms/language/pdf2parquet/ray/Dockerfile index 8f738b7f4..8cc9a1e4d 100644 --- a/transforms/language/pdf2parquet/ray/Dockerfile +++ b/transforms/language/pdf2parquet/ray/Dockerfile @@ -46,6 +46,9 @@ COPY --chown=ray:users ./src/pdf2parquet_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray diff --git a/transforms/language/pii_redactor/ray/Dockerfile b/transforms/language/pii_redactor/ray/Dockerfile index 58fbf4d17..426b8c542 100644 --- a/transforms/language/pii_redactor/ray/Dockerfile +++ b/transforms/language/pii_redactor/ray/Dockerfile @@ -33,6 +33,9 @@ COPY ./src/pii_redactor_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray diff --git a/transforms/language/text_encoder/ray/Dockerfile b/transforms/language/text_encoder/ray/Dockerfile index f91974953..6a4aba356 100644 --- a/transforms/language/text_encoder/ray/Dockerfile +++ b/transforms/language/text_encoder/ray/Dockerfile @@ -32,6 +32,9 @@ COPY ./src/text_encoder_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray diff --git a/transforms/universal/doc_id/ray/Dockerfile b/transforms/universal/doc_id/ray/Dockerfile index f33aedefa..149592776 100644 --- a/transforms/universal/doc_id/ray/Dockerfile +++ b/transforms/universal/doc_id/ray/Dockerfile @@ -33,6 +33,9 @@ COPY src/doc_id_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray diff --git a/transforms/universal/ededup/ray/Dockerfile b/transforms/universal/ededup/ray/Dockerfile index 1af1b9ee6..c38d0072d 100644 --- a/transforms/universal/ededup/ray/Dockerfile +++ b/transforms/universal/ededup/ray/Dockerfile @@ -33,6 +33,9 @@ COPY src/ededup_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray diff --git a/transforms/universal/fdedup/ray/Dockerfile b/transforms/universal/fdedup/ray/Dockerfile index 4bfe32a9e..9a447e2db 100644 --- a/transforms/universal/fdedup/ray/Dockerfile +++ b/transforms/universal/fdedup/ray/Dockerfile @@ -35,6 +35,9 @@ COPY --chown=ray:users ./src/signature_calc_local_ray.py local/fdedup_local_ray. COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + USER root RUN chmod a+rwx /home/ray USER ray diff --git a/transforms/universal/filter/ray/Dockerfile b/transforms/universal/filter/ray/Dockerfile index fb4eca2ad..8251502e4 100644 --- a/transforms/universal/filter/ray/Dockerfile +++ b/transforms/universal/filter/ray/Dockerfile @@ -33,6 +33,9 @@ COPY src/filter_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray diff --git a/transforms/universal/hap/ray/Dockerfile b/transforms/universal/hap/ray/Dockerfile index b32cb873b..2b9e02008 100644 --- a/transforms/universal/hap/ray/Dockerfile +++ b/transforms/universal/hap/ray/Dockerfile @@ -34,6 +34,9 @@ COPY ./src/hap_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray diff --git a/transforms/universal/noop/ray/Dockerfile b/transforms/universal/noop/ray/Dockerfile index 2e0387d0b..2cf8b5705 100644 --- a/transforms/universal/noop/ray/Dockerfile +++ b/transforms/universal/noop/ray/Dockerfile @@ -33,6 +33,9 @@ COPY ./src/noop_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray diff --git a/transforms/universal/profiler/ray/Dockerfile b/transforms/universal/profiler/ray/Dockerfile index 25a736e13..06ce60a32 100644 --- a/transforms/universal/profiler/ray/Dockerfile +++ b/transforms/universal/profiler/ray/Dockerfile @@ -34,6 +34,9 @@ COPY src/profiler_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray diff --git a/transforms/universal/resize/ray/Dockerfile b/transforms/universal/resize/ray/Dockerfile index 7fa7454b4..577840d74 100644 --- a/transforms/universal/resize/ray/Dockerfile +++ b/transforms/universal/resize/ray/Dockerfile @@ -30,6 +30,9 @@ COPY ./src/resize_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + USER root RUN chown -R ray /home/ray/test RUN chown -R ray /home/ray/test-data diff --git a/transforms/universal/tokenization/ray/Dockerfile b/transforms/universal/tokenization/ray/Dockerfile index 223b0c483..c3c1ac133 100644 --- a/transforms/universal/tokenization/ray/Dockerfile +++ b/transforms/universal/tokenization/ray/Dockerfile @@ -32,6 +32,9 @@ COPY src/tokenization_local_ray.py local/ COPY test/ test/ COPY test-data/ test-data/ +# Grant non-root users the necessary permissions to the ray directory +RUN chmod 755 /home/ray + # Set environment ENV PYTHONPATH /home/ray