atjbramley
commented
1 year ago Hi @jheiselman,
This issue has been escalated for further investigation. If you have more information that can help us, please add it below.
Thanks!
Open jheiselman opened 1 year ago
atjbramley
commented
1 year ago Hi @jheiselman,
This issue has been escalated for further investigation. If you have more information that can help us, please add it below.
Thanks!
jheiselman
commented
1 year ago I'm not sure what more information I could provide. It's a growing best practice to use a non-root user inside the container. Typically following a pattern of
RUN addgroup bitwarden && adduser -g bitwarden -uid 1000 bitwarden
USER 1000
CMD ["bitwarden-server"]Please note that I have no looked at your container image at all in any detail to know if these commands are correct, but they should give you the gist of the setup.
justindbaur
commented
1 year ago @jheiselman We are more than willing to accept a PR along these terms but we are not currently working on making this happen. I'm going to leave it open so that you or any other contributor who wants this feature can vote for it or see that we'd accept a PR.
juanico10
commented
1 year ago Hi, I would be happy to help solve this PR, I have helped other teams with Docker. Best regards
Steps To Reproduce
Expected Result
The container should run as a non-root user
Actual Result
The container cannot run in a restrictive environment where root users are not permitted or are highly restricted like in SELinux environments or Kubernetes platforms that enforce a restrictive policy like VMware Tanzu or OpenShift.
Screenshots or Videos
No response
Additional Context
I have attempted to set the running user via policy, but the image is trying to change permissions on startup and is not allowed to.
Githash Version
NA - container does not run
Environment Details
Database Image
sqlite
Issue-Link
https://github.com/bitwarden/server/issues/2480
Issue Tracking Info