schnittchen 🏳️🌈 :neocat_flag_gay: :neocat_flag_polyam: on Nostr: docker images come in two flavours: 1) Everything in the container runs as root, yolo ...
docker images come in two flavours:
1) Everything in the container runs as root, yolo
2) Running as root (inside the container) is insecure! We create a user and propery user USER
To improve security for (1), use docker in rootless mode.
Now when using rootless mode and running a (2) container with a volume mounted from filesystem, you run into permission issues. Using `--user=root` MIGHT fix this.
#docker
Published at
2025-03-08 16:53:00Event JSON
{
"id": "74d6c963cb0558ae3f88a7344b4d629073b163dd292d1ed13cbf0813e33b51a8",
"pubkey": "265dd3a6875dad435e4e2d2bffdd3480e17ec4e72ea4b67e92ccda1b4af6e395",
"created_at": 1741452780,
"kind": 1,
"tags": [
[
"t",
"docker"
],
[
"proxy",
"https://tech.lgbt/users/schnittchen/statuses/114127849395904603",
"activitypub"
]
],
"content": "docker images come in two flavours:\n\n1) Everything in the container runs as root, yolo\n\n2) Running as root (inside the container) is insecure! We create a user and propery user USER\n\nTo improve security for (1), use docker in rootless mode.\n\nNow when using rootless mode and running a (2) container with a volume mounted from filesystem, you run into permission issues. Using `--user=root` MIGHT fix this.\n\n#docker",
"sig": "425448662ad2e32e33b9f437923894416fb21d5db05e35eb5f31f257ab1d53092aee8208db80baa7359c5376594fadba5bcd896788cc4fb0368251c61fdd7a67"
}
