Muayyad Alsadi
Muayyad Alsadi
what I'm thinking about is not a setuid nor daemon. I run rkt as root and ask it to become another specific user when it can just before running the...
How apache work? Open port 80 as root then drop privilege. > a non-zero uid/gid in the app manifest. Use case: I want a container running as a user called...
Seeds for thought http://lk4d4.darth.io/posts/unpriv1/ https://github.com/LK4D4/unc On Feb 17, 2016 3:09 PM, "Piotr Skamruk" [email protected] wrote: > @alban https://github.com/alban: to be precise, there is one another > option, setcap as in...
> We have this already as idea in #1318 Not just as a limited stage1, but doing things that needs privilege like setting network before changing user and calling unc....
I have a use case I wanted to add chrome to a container neither file nor url ``` microdnf install https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm ``` ``` curl -sSL -o /tmp/chrome.rpm https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm && \...
> I'm not a fan of having a build publish multiple images me neither. I don't like starting from a single `dockerfile` and ending with multiple images. but there is...
> If you do have a "monster code-base" with several sub directories that each produce their own container image (which a lot of people do have - including myself) then...
I actually do something similar, I currently have a system that uses fabric/ansible and my base image has supervisord and openssh disabled. my build script uses docker exec to start...
Regarding rocker with multiple from like this one FROM google/golang:1.4 MOUNT .:/src WORKDIR /src RUN CGO_ENABLED=0 go build -a -installsuffix cgo -v -o rocker.o rocker.go # run image FROM busybox...
Since you are using podman 4 make sure you got Netavark and Aardvark dns installed Make sure you don't see CNI in the output of ``` podman info | grep...