docker-registry-manager icon indicating copy to clipboard operation
docker-registry-manager copied to clipboard

Published 20 hours ago verified publisher icon snagles

Don't run Docker image as root

Open alexanderadam opened this issue 5 years ago • 2 comments

It would be nice if the Dockerfile would create a non privileged user and switch to it using the Docker USER directive instead of using root.

For example like described here.

You might also take this advice from the official Docker documentation:

If a service can run without privileges, use USER to change to a non-root user.

PS: Thank you for Docker registry manager!

alexanderadam avatar Jun 04 '19 13:06 alexanderadam

You can enforce the same thing by using MANAGER_PORT=8080 and adding --cap-drop ALL That way, you don't depend on the Dockerfile to do the right thing.

ticpu avatar May 27 '20 20:05 ticpu

Nice, I didn't know about that. A more default image would be better nevertheless. :wink:

alexanderadam avatar May 28 '20 06:05 alexanderadam