fix security opt in phoebus launcher

epics-containers · Dec 10, 2024 · 6cd4e30 · 6cd4e30
1 parent 2d9328d
commit 6cd4e30
Showing 1 changed file with 4 additions and 6 deletions.
diff --git a/template/opi/phoebus-launch.sh b/template/opi/phoebus-launch.sh
@@ -17,12 +17,12 @@ settings="
 -settings /tmp/settings.ini
 "
 
-if which phoebus.sh &>/dev/null ; then
+if which phoebus.sh &>/dev/null && [[ -z ${use_container} ]] ; then
     echo "Using phoebus.sh from PATH"
     set -x
     phoebus.sh ${settings} "${@}"
 
-elif module load phoebus 2>/dev/null; then
+elif module load phoebus 2>/dev/null && [[ -z ${use_container} ]] ; then
     echo "Using phoebus module"
     set -x
     phoebus.sh ${settings} "${@}"
@@ -33,16 +33,14 @@ else
     # prefer podman but use docker if USE_DOCKER is set
     if podman version &> /dev/null && [[ -z $USE_DOCKER ]]
         then docker=podman; UIDGID=0:0
-        else docker=docker; UIDGID=$(id -u):$(id -g)
+        else docker=docker; UIDGID=$(id -u):$(id -g); xhost +SI:localuser:$(id -un)
     fi
     echo "Using $docker as container runtime"
 
-    # ensure local container users can access X11 server
-    xhost +SI:localuser:$(id -un)
 
     # settings for container launch
     x11="-e DISPLAY --net host"
-    args="--rm -it --security-opt=label=none --user ${UIDGID}"
+    args="--rm -it --security-opt=label=disable --user ${UIDGID}"
     mounts="-v=/tmp:/tmp -v=${workspace}:/workspace -v=${workspace}/..:/workspaces"
     image="ghcr.io/epics-containers/ec-phoebus:latest"