Open
Description
Description
Running our Docker Container as ROOT could pose a security risk.
even with the container is isolated, it does not prevent the attacker from exploiting other services via the network.
Version information
- Project commit/version: js-sdk 8d6b956 11.0b4
Implementation
configuring our container to use unprivileged user is the best way to prevent privilege escalation attacks.
we can refer to this example for implementation:
Example:
FROM alpine
RUN groupadd -r myuser && useradd -r -g myuser myuser
"HERE DO WHAT YOU HAVE TO DO AS A ROOT USER LIKE INSTALLING PACKAGES ETC."
USER myuser
"THINGS DON'T REQUIRE ROOT"Useful References
https://docs.docker.com/engine/reference/builder/#user
https://americanexpress.io/do-not-run-dockerized-applications-as-root/
https://engineering.bitnami.com/articles/why-non-root-containers-are-important-for-security.html
http://www.projectatomic.io/blog/2016/01/how-to-run-a-more-secure-non-root-user-container/
Metadata
Metadata
Assignees
Labels
No labels