Use a non-root user to limit root access in docker#411
Open
reimarstier wants to merge 1 commit intonetbirdio:mainfrom
Open
Use a non-root user to limit root access in docker#411reimarstier wants to merge 1 commit intonetbirdio:mainfrom
reimarstier wants to merge 1 commit intonetbirdio:mainfrom
Conversation
|
Any progress? |
Contributor
|
Hi @heisbrot , |
|
I would love to see this implemented! Right now I need to run all my containers as root, which is a security issue for me. |
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I'd like to be able to deploy the netbird dashboard to a highly restricted environment. One of the requirements is to run docker as non-root. See also the best practices mentioned here.
While it is possible to simply start the netbird dashboard container with another user it is not able to run since it is configured to:
I have tested to run the image in my environment and I am fairly confident that it should run somewhere else, too. I did not test running it with letsencrypt. This should be definitely tested before considering this to be merged.
This feature was asked for in #406. Consider this a first shot in this direction.