-
Notifications
You must be signed in to change notification settings - Fork 143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing security aspects in Docker image #228
Comments
You may also set |
5.1.0 now drops the root privileges. |
5.1.1 switches back to using root privileges within the container. Please see #233. Could you expand a bit more on your particular use case? That might impact how we go forward. |
Hi it looks like since 5.1 the Do you have any plans to add an option to override the log directory path ? I can find some time to PR that in if you are happy with this approach? |
@rakeshv1 as of 6.0.0, this should no longer be an issue. You should be able to run the image with an arbitrary user. |
Using geoippupdate via docker
docker run --user 4711:4711 --name geoipupdate --rm --env-file $HOME/geo/geoip.env -v $HOME/geo/temp:/usr/share/GeoIP maxmindinc/geoipupdate
results in error:
STATE: Creating configuration file at /etc/GeoIP.conf
/usr/bin/entry.sh: line 45: can't create /etc/GeoIP.conf: Permission denied
If i don't use --user xxxx:xxxxx the result file is owned by root. Company policy denies root for any other than admins
Also tried with -e "GEOIPUPDATE_CONF_FILE=/tmp/GeoIP.conf" but next issue is:
error retrieving updates: error acquiring file lock: error acquiring file lock at /usr/share/GeoIP/.geoipupdate.lock: open /usr/share/GeoIP/.geoipupdate.lock: permission denied
That means, the whole image is designed to run under root only, whitch misses every aspect of security
The text was updated successfully, but these errors were encountered: