From 3bac6db466820f6f6b9347ce07dc054247963b1f Mon Sep 17 00:00:00 2001
From: Rory Hunter <pugnascotia@users.noreply.github.com>
Date: Sat, 8 Aug 2020 10:26:17 +0100
Subject: [PATCH] Use explicit GID in 7.x when chrooting in Docker entrypoint
 (#60859)

Closes #60853. After upgrading to CentOS 8, the behaviour of chroot has
subtly changed. Now we have to explicitly set the GID in order to get
the previous behaviour of creating files with GID 0.
---
 distribution/docker/src/docker/bin/docker-entrypoint.sh     | 6 +++---
 .../java/org/elasticsearch/packaging/test/DockerTests.java  | 1 -
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/distribution/docker/src/docker/bin/docker-entrypoint.sh b/distribution/docker/src/docker/bin/docker-entrypoint.sh
index 58d19da3df4..c12964b13ac 100644
--- a/distribution/docker/src/docker/bin/docker-entrypoint.sh
+++ b/distribution/docker/src/docker/bin/docker-entrypoint.sh
@@ -7,7 +7,7 @@ umask 0002
 run_as_other_user_if_needed() {
   if [[ "$(id -u)" == "0" ]]; then
     # If running as root, drop to specified UID and run command
-    exec chroot --userspec=1000 / "${@}"
+    exec chroot --userspec=1000:0 / "${@}"
   else
     # Either we are running in Openshift with random uid and are a member of the root group
     # or with a custom --user
@@ -30,8 +30,8 @@ if [[ "$1" != "eswrapper" ]]; then
     # Without this, user could specify `elasticsearch -E x.y=z` but
     # `bin/elasticsearch -E x.y=z` would not work.
     set -- "elasticsearch" "${@:2}"
-    # Use chroot to switch to UID 1000
-    exec chroot --userspec=1000 / "$@"
+    # Use chroot to switch to UID 1000 / GID 0
+    exec chroot --userspec=1000:0 / "$@"
   else
     # User probably wants to run something else, like /bin/bash, with another uid forced (Openshift?)
     exec "$@"
diff --git a/qa/os/src/test/java/org/elasticsearch/packaging/test/DockerTests.java b/qa/os/src/test/java/org/elasticsearch/packaging/test/DockerTests.java
index af190dae611..b20d44dfa4f 100644
--- a/qa/os/src/test/java/org/elasticsearch/packaging/test/DockerTests.java
+++ b/qa/os/src/test/java/org/elasticsearch/packaging/test/DockerTests.java
@@ -99,7 +99,6 @@ public class DockerTests extends PackagingTestCase {
     /**
      * Checks that the Docker image can be run, and that it passes various checks.
      */
-    @AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/60853")
     public void test010Install() {
         verifyContainerInstallation(installation, distribution());
     }