Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🚑 [HotFix] Fix dev environment for CPU Docker #3160

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

🚑 [HotFix] Fix dev environment for CPU Docker #3160

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
b8111a5
Fix cpu docker file for dev env
yhna940 Oct 12, 2024
e5794d2
Mv make install cmd
yhna940 Oct 12, 2024
63d7159
Merge remote-tracking branch 'origin/main' into hotfix/cpu-docker-dev…
yhna940 Oct 31, 2024
9ea2d87
Grant specific permissions for the non root user
yhna940 Oct 31, 2024
e736ad2
Fix py version
yhna940 Oct 31, 2024
bff157a
Del unused file
yhna940 Oct 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .devcontainer/devcontainer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,5 +25,5 @@
},
"workspaceFolder": "/workspaces/accelerate",
// Need git for VSCode to color code modifications. Only runs when building environment.
"onCreateCommand": "apt-get update && apt-get install -y git && pip install -e '.[dev]'"
"onCreateCommand": "apt-get update && apt-get install -y git make && pip install -e '.[dev]'"
}
2 changes: 0 additions & 2 deletions docker/accelerate-cpu/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,6 @@ RUN python3 -m pip install --no-cache-dir \
# Stage 2
FROM python:3.8-slim AS build-image
COPY --from=compile-image /opt/venv /opt/venv
RUN useradd -ms /bin/bash user
USER user
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally for security this is bad practice to not create a user in the docker image. Is there another solution we can try instead?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your feedback, and I fully agree with your point. Not setting up a non-root user was indeed a critical issue. Instead, I’ve configured the container to grant limited sudo permissions for apt-get and pip commands to the user, which allows necessary installations while maintaining security.

I’ve verified that the package is accessible within the container as expected:

user@f6ece721f352:/workspaces/accelerate$ pip show accelerate
Name: accelerate
Version: 1.1.0.dev0
Summary: Accelerate
Home-page: https://github.com/huggingface/accelerate
Author: The HuggingFace team
Author-email: [email protected]
License: Apache
Location: /opt/venv/lib/python3.9/site-packages
Requires: huggingface-hub, numpy, packaging, psutil, pyyaml, safetensors, torch
Required-by:

Thanks for guiding me towards a more secure solution!


# Make sure we use the virtualenv
ENV PATH="/opt/venv/bin:$PATH"
Expand Down
Loading