-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Parity Docker containers run as root #7374
Comments
@paritytech/ci Please have a look. @briskycat PRs are very welcome. |
We have encountered similar issue with current docker images, and are preparing a PR for non-root CentOS image, as current one is not suitable for deploying on OpenShift (Kubernetes). We had no luck in building current Parity CentOS Docker image, so we went on and created our own. Current image is wget-ing the rpm package, but we would like to build it from source. The Dockerfile (and the Parity OpenShift template) is currently available here, and the non-root image is published on dockerhub Can you please check out our current Dockerfile and give feedback is it PR ready, and provide us with info is this code still used for building rpm package. Cheers! pinging @Dec- |
@JohnnySheffield (Going over stale issues) Did you ever create that PR, is there any more help you need from us? |
I recently learned the same background and arrived at the same conclusion. |
Thanks for sharing! |
closed by #9689 |
Docker images defined in https://github.com/paritytech/parity/tree/master/docker run with UID 0, which is not very secure: although "containerized"
root
user has fewer capabilities than the realroot
, Docker developers recommend running container processes as unprivileged users.Even if I specify unprivileged UID:GID in the
--user
option of thedocker run
command I still can not run these containers in unprivileged mode because of permissions violation. The images are configured so that the data directory is located in the /root directory of the image, which is owned by root.It is possible to remap root user inside a Docker container to an unprivileged user on the host, but this is not covered on the wiki page.
It would also be nice if the images had special mount points for external data volumes marked by the Docker VOLUME directive.
The text was updated successfully, but these errors were encountered: