docker
docker copied to clipboard
nextcloud
[Improvement idea] Create startup option for installation of ffmpeg / other packages.
Challenge:
- I need to install ffmpeg for video previews in my nextcloud container (running fpm-alpine).
- The container is running in a rootless environment (I strongly believe rootless environments will be the future of containerization due to IT Security).
- Contrary to comments of @J0WI in #1432 , it is not easy to post-install package in a rootless environment due to insufficient access privileges:
~ $ id
uid=1008(1008) gid=10080(10080)
~ $ apk update
ERROR: Unable to lock database: Permission denied
ERROR: Failed to open apk database: Permission denied
Request:
- I kindly request to add a startup-option (environment variable) to select additional packages to be installed during the spinup of the container.
- Example:
$ docker run -d \
-e ADD_PACKAGE="ffmpeg" \
docker.io/library/nextcloud:fpm-alpine
"Rootless" means all code(!) is executed as non-root. There is simply no privilage-escalation allowed after the container is started.
So, no this cannot be done. As root also cannot magically run commands if you asked it to with an env-var either.
Remember: Anything you cannot do in a container shell, also cannot be done from the entrypoint either.
The right way to do this is a dockerfile that looks roughly like this:
FROM nextcloud:<version>
USER root
RUN apt update; apt install <packages>; apt <cleanup>
USER www-data
The user switching probably isn't needed since the nextcloud image defaults to running as root.
Until there's an official solution i'm using docker-compose to install ffmpeg into the container during creation, see https://github.com/nextcloud/docker/issues/1432#issuecomment-1326436158
