lighthouse icon indicating copy to clipboard operation
lighthouse copied to clipboard

Published 20 hours ago verified publisher icon sigp

Docker executes as root

Open paulhauner opened this issue 4 years ago • 2 comments

Description

The Dockerfile in the root currently uses the root user to run lighthouse. This is not best-practice.

It's going to hurt users to migrate across, but I think it's worth doing and worth doing before mainnet.

We will also need to ensure https://github.com/sigp/lighthouse-docker is fine with this change, too.

paulhauner avatar Nov 16 '20 00:11 paulhauner

Made the change to Dockerfile in https://github.com/sigp/lighthouse/pull/2021 and https://github.com/sigp/lighthouse-docker/pull/47 should make lighthouse-docker compatible too.

hukkin avatar Nov 30 '20 18:11 hukkin

Is there any chance we could get this resolved?

Lighthouse was just flagged as one of the only containers we are running as root in a recent security audit, and we'd really prefer not to have to run a fork to fix it ourselves. 🙏

I understand the backwards-compatibility concern, so perhaps in the interim you could provide a separate tag which runs as non-root, and people like ourselves can use that tag until this is addressed in a more formal way? I'd really hate to have to diverge from the official upstream image for an issue this trivial.

zx8 avatar Aug 01 '22 17:08 zx8