From 4ade29bf4ad84ace05e5c7a3ce6725dffce9f819 Mon Sep 17 00:00:00 2001
From: TermBot <bot@term.com>
Date: Thu, 12 Mar 2026 04:04:41 +0100
Subject: [PATCH] feat: make gosu optional in docker entrypoint for hardened
 containers

When containers run with hardened security context (runAsUser: 10001,
runAsGroup: 10001), the entrypoint fails because gosu cannot switch
users from non-root.

Changes:
- Auto-detect if already running as subtensor user and skip gosu
- Add SKIP_GOSU environment variable to explicitly skip gosu
- Maintains backward compatibility with root-to-non-root transitions

Fixes #2475

Signed-off-by: R-Panic <bot@term.com>
---
 scripts/docker_entrypoint.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/scripts/docker_entrypoint.sh b/scripts/docker_entrypoint.sh
index e5a5e15289..83441458e2 100644
--- a/scripts/docker_entrypoint.sh
+++ b/scripts/docker_entrypoint.sh
@@ -52,5 +52,11 @@ if [ -d "/tmp/blockchain" ]; then
 fi
 
 # Execute node-subtensor with the original, unmodified arguments
-echo "executing: gosu subtensor node-subtensor $original_args"
-exec gosu subtensor node-subtensor $original_args
\ No newline at end of file
+# Skip gosu if we're already running as the subtensor user or if SKIP_GOSU is set
+if [ "$(id -un)" = "subtensor" ] || [ "${SKIP_GOSU}" = "true" ]; then
+    echo "executing: node-subtensor $original_args (without gosu)"
+    exec node-subtensor $original_args
+else
+    echo "executing: gosu subtensor node-subtensor $original_args"
+    exec gosu subtensor node-subtensor $original_args
+fi
\ No newline at end of file