Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-71646

Docker container should be non-root if possible

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 6.3.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None
    • Minor Change
    • 35

      We currently call the entrypoint script with gosu/sudo so we can do some first-run commands. However, it would be much better for our customers in high-security environments if we could make the container run entirely non-root. This will require pulling all the setup commands out of the entrypoint script and into Dockerfile and setting an explicit USER directive. If it's not possible to be completely non-root, we need to restrict root access as much as possible.

            Assignee:
            ryan.egesdahl@mongodb.com Ryan Egesdahl (Inactive)
            Reporter:
            ryan.egesdahl@mongodb.com Ryan Egesdahl (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: