Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run without root #63508

Closed
JBlaschke opened this issue Mar 3, 2024 · 5 comments
Closed

Run without root #63508

JBlaschke opened this issue Mar 3, 2024 · 5 comments
Assignees
@carrodher
Labels
discourse feature-request solved stale 15 days without activity triage Triage is needed

Comments

@JBlaschke
Copy link

Name and Version

bitnami/discourse:latest

What is the problem this feature will solve?

I am trying to run bitnami/discourse:latest on a shared kubernetes cluster. chroot is not allowed on that system due to security policy. Currently, I cannot launch discourse without getting: chroot: cannot change root directory to '/': Operation not permitted

What is the feature you are proposing to solve the problem?

To run discourse in non-privileged mode

What alternatives have you considered?

No response
@github-actions github-actions bot added the triage Triage is needed label Mar 3, 2024
@carrodher
Copy link
Member

Bitnami containers are designed to operate as non-root by default. Consequently, any files or directories used by the application should be owned by the root group, as the random user (1001 by default) is a member of this root group. To ensure proper permissions, you'll need to adjust the ownership of your local directory accordingly.

For more comprehensive information about non-root containers and their significance for security, you can explore the following resources:

These references provide valuable insights into the best practices and considerations when working with non-root containers in Bitnami applications.

@JBlaschke
Copy link
Author

@carrodher thanks for the resources. I am looking for advice how to solve the chroot: cannot change root directory to '/': Operation not permitted problem.

Since security policy does not permit me to set the sys_chroot capability. Additionally, I need a solution that allows me to run the discourse container in non-privileged mode.

@carrodher
Copy link
Member

The specific case of Discourse is one of the exceptions we need to maintain in our catalog. Given the nature of the application itself, the bitnami/discourse container doesn't support non-root. You can double-check this by taking a look at the Dockerfile, there is not a USER 1001 directive so the container is built and executed as root.

@github-actions GitHub Actions
Copy link

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

@github-actions github-actions bot added the stale 15 days without activity label Mar 22, 2024
@github-actions GitHub Actions
Copy link

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.

@bitnami-bot bitnami-bot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 27, 2024
@stevejr stevejr mentioned this issue Dec 6, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@carrodher carrodher

Labels
discourse feature-request solved stale 15 days without activity triage Triage is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JBlaschke @bitnami-bot @carrodher