Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [hono-dev] Running Docker containers as non-root user

Sounds good to me.

On Wed, Nov 22, 2017 at 9:09 AM, Hudalla Kai (INST/ECS4) <kai.hudalla@xxxxxxxxxxxx> wrote:

Hi,

as part of building the Hono Docker images we are currently creating a "hono" (system) user which we also use to run the container (by means of Dockerfile's USER hono). However, container orchestration platforms like Openshift usually have their own means to prevent containers from being run as root, e.g. by creating a temporary user and running the container under that user (docker run --user UID:GID). In such cases we would probably interfere with such efforts, in particular when it comes to managing access to file system resources.

I therefore currently tend to remove the special "hono" user from our images and let the container orchestration platform take care of switching to a less priviledged user (if required/wanted).

Any thoughts on that?

--

Mit freundlichen Grüßen / Best regards

Kai Hudalla
Chief Software Architect

Bosch Software Innovations GmbH
Ullsteinstraße 128
12109 Berlin
GERMANY
www.bosch-si.com

Registered Office: Berlin, Registration Court: Amtsgericht Charlottenburg; HRB 148411 B
Chairman of the Supervisory Board: Dr.-Ing. Thorsten Lücke; Managing Directors: Dr.-Ing. Rainer Kallenbach, Michael Hahn


_______________________________________________
hono-dev mailing list
hono-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/hono-dev




--
Regards
--
Dejan Bosanac
http://sensatic.net/about

Back to the top