-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get RUN_AS_DEVIN working with app sandbox #1426
Get RUN_AS_DEVIN working with app sandbox #1426
Conversation
Seems integration tests have captured a bug?https://github.com/OpenDevin/OpenDevin/actions/runs/8866160837/job/24343257827?pr=1426#step:6:66:
|
Good catch! Seems like a mounting issue, already pushed a fix see if we can pass that |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I get why this is necessary--we have to plumb the user's ID into both the app container and the sandbox to keep file ownership/permissions consistent. It's a lot to manage but I can't think of a better solution :/
The networking stuff here is what concerns me most though--I definitely don't think we should be changing permissions on docker.sock
Codecov ReportAttention: Patch coverage is
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## main #1426 +/- ##
=======================================
Coverage ? 58.46%
=======================================
Files ? 82
Lines ? 3431
Branches ? 0
=======================================
Hits ? 2006
Misses ? 1425
Partials ? 0 ☔ View full report in Codecov by Sentry. |
b4d74c6
to
ec8e5ca
Compare
@@ -42,8 +42,21 @@ jobs: | |||
username: ${{ github.repository_owner }} | |||
password: ${{ secrets.GITHUB_TOKEN }} | |||
|
|||
- name: Delete huge unnecessary tools folder | |||
run: rm -rf /opt/hostedtoolcache | |||
- name: Free Disk Space (Ubuntu) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we really need to fix the underlying issue here 😅
Thanks for doing this! |
The reason why
RUN_AS_DEVIN
was not working properly is thatSANDBOX_USER_ID
is not properly setted up.os.getpid()
from theapp
container will returnUID=0
, which creates the issue of #936.This PR fix:
RUN_AS_DEVIN
with app container. The caveat is that the user need to pass-in their UID when starting theapp
container. I have updated the readme accordinglySANDBOX_USER_ID
consistent: theapp
will run with a user with UID ofSANDBOX_USER_ID,
which won't cause a permission issue in writing toworkspace
; thesandbox
will run with a UID ofSANDBOX_USER_ID
as well.