repman icon indicating copy to clipboard operation
repman copied to clipboard
verified publisher icon repman-io

Docker image runs as root

Open xvilo opened this issue 4 years ago • 2 comments

Currently, the docker image runs as root. This is a security risk, as a container is NOT fully contained, e.g. if for some reason an attacker can use a vulnerability to get out of the container, you'll have serious issues on the host machine.

Can we change this, so we add a regular user for it?

E.g.

FROM alpine

# Create group and user
RUN groupadd -r repman && useradd -r -g repman repman

#### Do root stuff

# Switch to unprivileged user
USER repman

#### Optionally you can do here some non root stuff

If so, I'm willing to create a PR, but wanted to discuss this first.

xvilo avatar Mar 17 '21 12:03 xvilo

Using non-root user inside the container is a good practice and it could be implemented.

However you've mentioned escaping container which is different: https://docs.docker.com/engine/security/#docker-daemon-attack-surface

karniv00l avatar Mar 17 '21 12:03 karniv00l

We are also interested in changing the user to unprivileged in the docker image. What is the chance of doing this in this project?

LukaszWasko avatar Oct 19 '22 09:10 LukaszWasko