Closed fillest closed 1 year ago
If you want to remove the warnings, I would suggest removing user
and group
from your configuration. I would then also suggest adding an explicit --user
to your docker run
line (it defaults to haproxy
, as you've found/noted, but being explicit is definitely better in this case IMO).
Indeed, user
and group
are apparently unneeded, as haproxy already gets started by haproxy
user. Pretty obvious, but silly me :)
Thanks.
I get the following in the log: "haproxy docker: [WARNING] (9) : [haproxy.main()] Failed to drop supplementary groups. Using 'gid'/'group' without 'uid'/'user' is generally useless."
My config has both
user
andgroup
defined:I also tried
uid 99
andgid 99
just in case. I start a container this way:sudo docker run -d --log-driver=journald --network=host --name haproxy --restart=always --init ...-v... docker.io/library/haproxy:2.7.8
(tried without--init
too).If I understand correctly, this image uses
USER haproxy
by default. Which means it probably has nothing to drop as it has no root privileges. But it tries anyway, so should I just ignore this warning then? But I want (and should) usezero-warning
mode for strictness..Docker: 23.0.6 community Image: haproxy:2.7.8 Ubuntu 22.04, kernel 5.15