nixpacks icon indicating copy to clipboard operation
nixpacks copied to clipboard

Published 20 hours ago verified publisher icon railwayapp

Final start command is run as `root`

Open nebulatgs opened this issue 2 years ago • 1 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Describe the bug

The final start command is run as root in the deployed container. This is bad practice, and can open up vulnerabilities for the app run as root.

This also causes certain programs like puppeteer to refuse to launch (ERROR:zygote_host_impl_linux.cc(90)] Running as root without --no-sandbox is not supported.)

To reproduce

Build a project with Nixpacks. Run the resulting OCI image. The start command will be run as root.

Expected behavior

The start command should be deescalated and run as another PID.

Environment

Windows 11, Nixpacks v0.3.8

(affects all versions)

nebulatgs avatar Aug 27 '22 14:08 nebulatgs

I wondered about this alongside alpine for some things. I could address this. Just need to dislodge my other PR first of the pipe.

pinkforest avatar May 10 '23 07:05 pinkforest