Fluentd security impact with root user

[rishavsharma9802]

Docker provides a privileged mode, which lets a container run as ‘root’. Running a container in privileged mode provides the capabilities of that host—including:

Root access to all devices Ability to tamper with Linux security modules like AppArmor and SELinux Ability to install a new instance of the Docker platform, using the host's kernel capabilities, and run Docker within Docker. Privileged containers create a major security risk—enabling attackers to easily escalate privileges if the container is compromised. Therefore, it is not recommended to use privileged containers in a production environment. Best of all, never use them in any environment.

This is extremely important to mitigate vulnerabilities in daemons and container runtimes, which can grant root access of entire nodes and clusters to an attacker.

Earlier there was a thread but no outcome came in that https://github.com/fluent/fluentd-kubernetes-daemonset/issues/420

Please provide some solution to resolve this so that fluentd with non-root user can work in a similar way without keeping the security on risk.

Reference link for Docker security guidelines https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html

[spokhyan]

Is there any update? I have similar requirement for our client who doesn't want to use ROOT user to process log files. Tried options to add UID:GID in Dockerfile as well as ENV FLUENTD_UID. None worked.

[evhfla]

Any update on how to run Fluentd as a non-root user in a Kubernetes environment as a daemonset?