Run whereabouts container as non-root user #554
Assignees
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
A security scan of whereabouts indicates that the container's user is root. Generally speaking, this is not a good security practice.
Describe the solution you'd like
Use Docker USER instructions in the Dockerfile(s) to have the container run as a non-root user.
My assumption is that this will require a small number of extra privileges, since the
install-cni.shscript needs to copy files to the host.Describe alternatives you've considered
An initContainer may be an alternative to copying files to the host. This may require maintaining additional images as part of this project; security scans may still flag those initContainer images as running as the root user.
Using a Kubernetes security context would allow Kubernetes to run the whereabouts container as a non-root user. Security scans would still flag the whereabouts image as running as the root user, even though Kubernetes would run the container as non-root.
The text was updated successfully, but these errors were encountered: