electerious
commented
2 years ago Thanks for the suggestion! A PR is welcome.
Closed llarsson closed 2 years ago
electerious
commented
2 years ago Thanks for the suggestion! A PR is welcome.
electerious
commented
2 years ago A PR as been merged. It will be part of the next version.
🐣 Is your feature request related to a problem? Please describe.
Running processes in containers as root means that a whole slew of privilege escalation exploits are made much, much easier. It doesn't seem to me that anything Ackee does requires running as root. So by simply adding a regular, non-privileged user to the Docker image, and setting it as the active user for the process, security against unknown attacks will be greatly reduced.
💡 Describe the solution you'd like
To add a non-privileged user and set it as the owner of the containerized process. The Dockerfile best practices shows how this is done.
❓ Describe alternatives you've considered
There are no useful alternatives to this. One could base a new Docker image from the official one and add the non-privileged user there, but that's a bad workaround, which would run the risk of version drift.
📋 Additional context
Aforementioned Dockerfile best practices documentation: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user