-
Knative Serving and Eventing's container images are currently based on `gcr.io/distroless/static:nonroot` ([serving](https://github.com/knative/serving/blob/8a116816433fd91fe88dcab32fd2214acdf72d81/.k…
-
# Problem
We run `initdb` without specifying `--username`:
https://github.com/neondatabase/neon/blob/e823b9294714d0c5048942907c06b678c4a6c4a0/control_plane/src/storage_controller.rs#L244-L254
…
-
- missing `securityContext` in related `kustomization` yaml files
```yaml
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
```
- `D…
-
Hi,
we are using godartsass in [Corteza](https://github.com/cortezaproject/corteza). It works as expected in a Debian based image. But while trying to setup a distroless based image with a nonroot …
-
For some reason, non-root users can change modes on files and directories owned by root (e.g. `/root`).
# Steps to reproduce
1. Open iSH
2. Check `ls -lahd /root`
3. Add a new user `nonroot`.
4. Do `s…
-
A minimal distroless busybox
```dockerfile
FROM alpine
SHELL ["/bin/sh", "-exc"]
# Prerequisites
RUN \
# Directory structure and permissions
mkdir -p base/bin base/tmp base/var/tmp base…
-
# Expected Behavior
Workingdir should be created with write access for the group.
Images with the user as nonroot should be able to run commands that require write access in the workingdir.
# Ac…
-
Hi everyone,
We use mcr.microsoft.com/azure-functions/dotnet:3.0 to implement function apps via [KEDA](https://docs.microsoft.com/en-us/azure/azure-functions/functions-kubernetes-keda), and we want…
-
Feature request:
The 'ENTRYPOINT run-document-server.sh' currently runs as root. Good container platform practices prevent the execution of container running as root. Most enterprise Kubernetes dis…
-
Hello, I ask a question, but it's more a feature request than anything else. 😇
First, thank you for `crane`, it's a very good tool I use everyday 👏
As a user, I use it to get the last `digest` f…