User/cjones/128612 fix docker permissions #21
Conversation
| @@ -56,11 +50,8 @@ COPY --from=build /app/demo/stub/threagile.yaml /app/threagile-stub-model.yaml | |||
|
|
|||
| RUN mkdir /data | |||
|
|
|||
| RUN chown -R 1000:1000 /app /data | |||
There was a problem hiding this comment.
question: I assume you removed these lines because you were experiencing some errors while running the container.
- What errors were you experiencing?
- What version of docker were you running? (seems like an error in docker-for-linux)
There was a problem hiding this comment.
I experienced the same error as @cjones-teradici when trying to run threagile via the provided Docker image:
gholland@TERVDIU18AZR037 % docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -create-stub-model -output /app/work
panic: open /app/work/threagile-stub-model.yaml: permission denied
goroutine 1 [running]:
main.checkErr(...)
/app/main.go:663
main.createStubModelFile()
/app/main.go:3850 +0xab
main.parseCommandlineArgs()
/app/main.go:3798 +0x26e5
main.main()
/app/main.go:668 +0x19
Note that I have user namespace remapping setup on my docker daemon.
|
It's good security practice to run processes in containers as some other low-privileged user instead of root (see for example https://medium.com/@mccode/processes-in-containers-should-not-run-as-root-2feae3f0df3b ). Possibly it would be clearer to also add group/user inside the Dockerfile via groupadd/useradd to make this more obvious, instead of only using the USER directive to switch to a non-root user. |
|
Bump please? |
|
@cjones-teradici can we resolve conflicts and try to merge this into main? |
|
this pr has been resolved with #57 |
Here is a pull request to fix some of the issues.
More to follow