Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 6.3.0-rc0
Affects Version/s: None
Component/s: None
Labels:
None

Backwards Compatibility:
Minor Change
Linked BF Score:
35
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

We currently call the entrypoint script with gosu/sudo so we can do some first-run commands. However, it would be much better for our customers in high-security environments if we could make the container run entirely non-root. This will require pulling all the setup commands out of the entrypoint script and into Dockerfile and setting an explicit USER directive. If it's not possible to be completely non-root, we need to restrict root access as much as possible.

Assignee:: Ryan Egesdahl (Inactive)
Reporter:: Ryan Egesdahl (Inactive)
Participants:: Alex Neben, Ryan Egesdahl
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: Nov 28 2022 04:18:09 PM UTC
Updated:: Oct 29 2023 09:30:02 PM UTC
Resolved:: Dec 20 2022 10:06:21 PM UTC
Confidence Status Last Update:: 19/Dec/22 11:27 PM

Details

Description

Attachments

Activity

People

Dates