Open andrewg-xyz opened 3 days ago
I think I'm on team "Must be non-root for silver where intrinsic application functionality doesn't require it"
I'd also like to say that any containers running as root or root-ish need to have justifications/explanations, even at bronze.
Completely agree with @corang on this regarding his two comments.
There is software (and containers) that seem to require running as root (tip: you shouldn't) We will proactively encourage upstream to avoid this bad practice Ex. confluent#364).
Do we actively prohibit containers running as root?
(summary of offline discussion)
Summary of Discussion on Root Containers in Kubernetes
The team engaged in a conversation regarding the challenges and risks of running containers as root in Kubernetes, prompted by @corang's concern about packages requiring root.
Initial Concern: @corang pointed out the difficulty of avoiding root containers, asking if running as root is a show-stopper for apps in the appstore.
General Consensus:
Security Risk Discussion:
Mitigation Suggestions:
Conclusion: The discussion indicated a need to balance security with functionality, using mitigations like user namespaces or separate clusters. The topic of root containers might influence badging levels in the appstore, with stricter rules (e.g., Gold or Silver level) being considered for apps running root containers. Further input was requested from experts like @bburky and @tomclapper to refine the team's stance on the matter.