locsec/notes
1
Форкнуть 0
зеркало из https://github.com/iharh/notes.git synced 2025-10-30 13:16:07 +02:00
Код Задачи Пакеты Проекты Релизы Вики Активность
notes/devops/container/docker/features/security/rootless.txt
Ihar Hancharenka fcffff1496 m
2023-09-04 20:08:27 +03:00

24 строки
1.1 KiB
Plaintext
Исходник Ответственный История

https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
RUN groupadd -r postgres && useradd --no-log-init -r -g postgres postgres
samples
https://github.com/argoproj-labs/argocd-operator/blob/master/build/bin/user_setup
#!/bin/sh
set -x
# ensure $HOME exists and is accessible by group 0 (we don't know what the runtime UID will be)
echo "${USER_NAME}:x:${USER_UID}:0:${USER_NAME} user:${HOME}:/sbin/nologin" >> /etc/passwd
mkdir -p "${HOME}"
chown "${USER_UID}:0" "${HOME}"
chmod ug+rwx "${HOME}"
# no need for this script to remain in the image after running
rm "$0"
2022
https://itsecforu.ru/2022/03/22/%f0%9f%90%b3-%d1%87%d1%82%d0%be-%d1%82%d0%b0%d0%ba%d0%be%d0%b5-docker-%d0%b1%d0%b5%d0%b7-root-rootless/
https://itsecforu.ru/2022/08/18/%f0%9f%90%b3-%d0%bf%d0%be%d1%87%d0%b5%d0%bc%d1%83-%d0%bf%d1%80%d0%be%d1%86%d0%b5%d1%81%d1%81%d1%8b-%d0%b2-%d0%ba%d0%be%d0%bd%d1%82%d0%b5%d0%b9%d0%bd%d0%b5%d1%80%d0%b0%d1%85-docker-%d0%bd%d0%b5-%d0%b4/
docker run -d --user demo-user:demo-group demo-image:latest
/etc/docker/daemon.json:
{
"userns-remap": "demo-user"
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку