Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] generate config under /etc in a safe manner #301

Open
adaniline-rkt opened this issue Jun 13, 2022 · 1 comment
Open

[Feature Request] generate config under /etc in a safe manner #301

adaniline-rkt opened this issue Jun 13, 2022 · 1 comment
Labels
enhancement New feature or request

Comments

@adaniline-rkt
Copy link

Is your feature request related to a problem? Please describe.

Security scanning tools, like Falco, report a vulnerability in Temporal containers for writing under the /etc folder:

Error File below /etc opened for writing (user=<NA> user_loginuid=-1 command=dockerize -template /etc/temporal/config/config_template.yaml:/etc/temporal/config/docker.yaml

Describe the solution you'd like

Generate the config file in an empty dir volume by an init container, and mount the volume under /etc/temporal in the service container
@adaniline-rkt adaniline-rkt added the enhancement New feature or request label Jun 13, 2022
@robholland
Copy link
Contributor

We'll be removing the need to write configs to the filesystem. See temporalio/temporal#6251 for context.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@robholland @adaniline-rkt