feat: 移除 systemd-journal

wojiushixiaobai commented 8 months ago

docker run --rm -it cr.loongnix.cn/library/debian:buster-slim bash
root@8d83c00bbd0d:/# cat /etc/group | grep systemd-journal
systemd-journal:x:101:

systemd-journal 占用了 nginx 的 gid，需要移除。

https://github.com/nginxinc/docker-nginx/blob/master/stable/debian/Dockerfile#L16

qiangxuhui commented 8 months ago

cr.loongnix.cn/library/debian:buster-slim

	code	level	alerts
0	CIS-DI-0001	WARN	Last user should not be root
1	CIS-DI-0005	INFO	export DOCKER_CONTENT_TRUST=1 before docker pull/build
2	CIS-DI-0006	INFO	not found HEALTHCHECK statement
3	CIS-DI-0008	INFO	setuid file: urwxr-xr-x usr/bin/gpasswd

qiangxuhui commented 8 months ago

cr.loongnix.cn/library/debian:buster-slim本次镜像更新会涉及如下项目:

[
  "cr.loongnix.cn/prometheus/busybox:glibc",
  "cr.loongnix.cn/kubevirt/passwd:0.50.0",
  "cr.loongnix.cn/library/haproxy:2.3",
  "cr.loongnix.cn/library/ruby:2.5.5",
  "cr.loongnix.cn/library/spiped:1.6",
  "cr.loongnix.cn/library/python:3.9",
  "cr.loongnix.cn/library/python:3.12",
  "cr.loongnix.cn/library/python:3.7.10",
  "cr.loongnix.cn/library/node:18.13.0-debian",
  "cr.loongnix.cn/library/postgres:13.13-debian",
  "cr.loongnix.cn/library/redis:7.2",
  "cr.loongnix.cn/library/python:3.10",
  "cr.loongnix.cn/library/python:3.11",
  "cr.loongnix.cn/library/node:20.8.0-debian",
  "cr.loongnix.cn/library/caddy:debian",
  "cr.loongnix.cn/library/openjdk:8-buster",
  "cr.loongnix.cn/library/openjdk:21-buster",
  "cr.loongnix.cn/library/openjdk:17-buster",
  "cr.loongnix.cn/library/openjdk:11-buster",
  "cr.loongnix.cn/minio/mc:debian",
  "cr.loongnix.cn/minio/minio:debian",
  "cr.loongnix.cn/library/redis:7.0",
  "cr.loongnix.cn/library/redis:6.0",
  "cr.loongnix.cn/library/redis:6.2",
  "cr.loongnix.cn/library/mariadb:10.6",
  "cr.loongnix.cn/library/mariadb:10.11"
]

@zhaixiaojuan @znley

qiangxuhui commented 8 months ago

cr.loongnix.cn/library/debian:buster-slim

	code	level	alerts
0	CIS-DI-0001	WARN	Last user should not be root
1	CIS-DI-0005	INFO	export DOCKER_CONTENT_TRUST=1 before docker pull/build
2	CIS-DI-0006	INFO	not found HEALTHCHECK statement
3	CIS-DI-0008	INFO	setuid file: urwxr-xr-x usr/bin/passwd

qiangxuhui commented 8 months ago

cr.loongnix.cn/library/debian:buster-slim本次镜像更新会涉及如下项目:

[
  "cr.loongnix.cn/prometheus/busybox:glibc",
  "cr.loongnix.cn/kubevirt/passwd:0.50.0",
  "cr.loongnix.cn/library/haproxy:2.3",
  "cr.loongnix.cn/library/ruby:2.5.5",
  "cr.loongnix.cn/library/spiped:1.6",
  "cr.loongnix.cn/library/python:3.9",
  "cr.loongnix.cn/library/python:3.12",
  "cr.loongnix.cn/library/python:3.7.10",
  "cr.loongnix.cn/library/node:18.13.0-debian",
  "cr.loongnix.cn/library/postgres:13.13-debian",
  "cr.loongnix.cn/library/redis:7.2",
  "cr.loongnix.cn/library/python:3.10",
  "cr.loongnix.cn/library/python:3.11",
  "cr.loongnix.cn/library/node:20.8.0-debian",
  "cr.loongnix.cn/library/caddy:debian",
  "cr.loongnix.cn/library/openjdk:8-buster",
  "cr.loongnix.cn/library/openjdk:21-buster",
  "cr.loongnix.cn/library/openjdk:17-buster",
  "cr.loongnix.cn/library/openjdk:11-buster",
  "cr.loongnix.cn/minio/mc:debian",
  "cr.loongnix.cn/minio/minio:debian",
  "cr.loongnix.cn/library/redis:7.0",
  "cr.loongnix.cn/library/redis:6.0",
  "cr.loongnix.cn/library/redis:6.2",
  "cr.loongnix.cn/library/mariadb:10.6",
  "cr.loongnix.cn/library/mariadb:10.11"
]

@zhaixiaojuan @znley

Loongson-Cloud-Community / dockerfiles

feat: 移除 systemd-journal #162