search

Graylog2 / graylog-docker

Official Graylog Docker image
https://hub.docker.com/r/graylog/graylog/
Apache License 2.0
367 stars 133 forks source link

Allow container to setup as root and drop privileges to start graylog process #78

Closed juliohm1978 closed 5 years ago

juliohm1978 commented 5 years ago

This is a proposed fix for https://github.com/Graylog2/graylog-docker/issues/76. It should allow the graylog container to start as root in order to run its setup more effectively in a wider range of scenarios. It will drop privileges at the end of the entrypoint to launch the graylog process.

In summary:

The USER directive was removed from the Dockerfile.

All steps related to the launch of the graylog process were removed from docker-entrypoint.sh and placed in graylog-start.sh. Only steps that need the root privilege were kept in the entrypoint.

At the end of the entrypoint, chroot is used to execute graylog-start.sh with the graylog:graylog user.

juliohm1978 commented 5 years ago

Recent PR from Graylog chart community works around the issue by hard coding the uid:gid in their init container.

https://github.com/helm/charts/pull/12983

If this sparks any interest in the future, feel free to reopen or request further discussion.