search

felddy / foundryvtt-docker

An easy-to-deploy Dockerized Foundry Virtual Tabletop server.
https://hub.docker.com/r/felddy/foundryvtt
MIT License
593 stars 116 forks source link

user: 5000:5000 support #948

Open jamilnielsen opened 5 months ago

jamilnielsen commented 5 months ago

Feature description

PUID/PGID are nice and all, but user is more secure on the premise that containers are inherently not very secure, preventing a privilage escalation entirely by having the entire container be non-root helps greatly on this front.

Motivation

Example

compose.yml foundry: image: felddy/foundryvtt:release container_name: foundryvtt user: X:Y #could be anything etc...

Pitch

while some people might throw around words like threat model saying these things are needless and over the top, people who use docker are likely to be running many things on their server, so securing everything that's exposed is essential.

Code of Conduct

inknos commented 1 day ago

@jamilnielsen late to the party. Did you consider running the stack with podman?

gmillerd commented 1 day ago

@jamilnielsen late to the party. Did you consider running the stack with podman?

it's already supported in the IMAGE, just not implemented. Why would the project require podman?

inknos commented 1 day ago

It seemed the concerns were about privesc. so to prevent getting root access outside of the container one could simply use podman as a replacement from docker and get the same functionality. I believe no action would be needed and it could work out of the box.