Closed candrews closed 1 year ago
https://github.com/Cisco-Talos/clamav/pull/666 would be required for this issue
@candrews I believe this issue is a duplicate of https://github.com/Cisco-Talos/clamav/issues/478 Is that correct?
@candrews I believe this issue is a duplicate of #478 Is that correct?
I wasn't aware of #478, thank you for pointing it out. I've added a comment: https://github.com/Cisco-Talos/clamav/issues/478#issuecomment-1210049327
I think it's very important for both root and non-root images to be published, which I've stated in this issue, whereas the current description of #478 seems to indicate that only non-root images would be published going forward (which would be a major problem for me and IMHO a major break in backwards compatibility).
Closing this one to continue discussion in #478 and I will update the title and make a comment along those lines.
Describe the bug
It's a nice practice for security reasons to have docker images use a non-root user.
For example, nginx publishes nginxinc/nginx-unprivileged (which uses the non-root user
nginx
) and nginx which uses root.Ideally, the non-root / unprivileged
Dockerfile
may be as simple as:and those images would be published alongside the existing (root user using) images with a suffix, for example, there would be:
How to reproduce the problem
Run a docker image, for example,
docker run -it --entrypoint /bin/sh clamav/clamav
, and note that the user is root.It would be nice if one could run
docker run -it --entrypoint /bin/sh clamav/clamav:latest-unprivileged
and see that a non-root user is used.