docker-socket-proxy icon indicating copy to clipboard operation
docker-socket-proxy copied to clipboard

Published 20 hours ago verified publisher icon Tecnativa

chore: updated to HAproxy 3.0 and forced running as root

Open proudier opened this issue 1 year ago • 1 comments

Content

This MR bumps haproxy to v3.0 and force it to run as root.

Discussion

Starting with haproxy 2.4, the official/upstream docker image runs with a haproxy user, instead of root (code).

While this is an improvement of their security posture, it's unenviable in the context of docker-socket-proxy. Indeed, haproxy needs to access the docker socket file, which is bound from the host where it belongs to root:docker on a default docker deployment (ie. not rootless).

My take is that docker-socket-proxy should work out of the box with the default docker configuration. And because this MR doesn't deteriorate the current security posture of this project, im submitting it as is.

Tests

Successfully ran locally all the test I could find

  • poetry run pytest --prebuild
  • pre-commit run --all

proudier avatar Jul 05 '24 16:07 proudier

It seems correct. @yajo do you see it good for being merged?

pedrobaeza avatar Jul 06 '24 10:07 pedrobaeza

@josep-tecnativa please check the error in the CI: https://github.com/Tecnativa/docker-socket-proxy/actions/runs/9854039033/job/27205922038

pedrobaeza avatar Jul 09 '24 09:07 pedrobaeza