This is to address the issue uncovered while troubleshooting #33
The problem is that in order to mount the squashfs, we need sudo access.
This is problematic because we dont want to run containers as root in production
The only compromise I can think of is to add a user account with passwordless sudo access into the container, and then run the container with the user ID and group ID of the new account.
This should allow sudo access to the squashfs while fulfilling the technical requirement for a non-root account to run the container - though it's still not ideal to have the user account with sudo access.
I imagine through that most people using this script do so as a one-shot job and don't leave the container running for long, which should mean the risks are minimal
This is to address the issue uncovered while troubleshooting #33
The problem is that in order to mount the squashfs, we need sudo access.
This is problematic because we dont want to run containers as root in production
The only compromise I can think of is to add a user account with passwordless sudo access into the container, and then run the container with the user ID and group ID of the new account.
This should allow sudo access to the squashfs while fulfilling the technical requirement for a non-root account to run the container - though it's still not ideal to have the user account with sudo access.
I imagine through that most people using this script do so as a one-shot job and don't leave the container running for long, which should mean the risks are minimal