Open jamilnielsen opened 5 months ago
@jamilnielsen late to the party. Did you consider running the stack with podman?
@jamilnielsen late to the party. Did you consider running the stack with podman?
it's already supported in the IMAGE, just not implemented. Why would the project require podman?
It seemed the concerns were about privesc. so to prevent getting root access outside of the container one could simply use podman as a replacement from docker and get the same functionality. I believe no action would be needed and it could work out of the box.
Feature description
PUID/PGID are nice and all, but user is more secure on the premise that containers are inherently not very secure, preventing a privilage escalation entirely by having the entire container be non-root helps greatly on this front.
Motivation
Example
compose.yml foundry: image: felddy/foundryvtt:release container_name: foundryvtt user: X:Y #could be anything etc...
Pitch
while some people might throw around words like threat model saying these things are needless and over the top, people who use docker are likely to be running many things on their server, so securing everything that's exposed is essential.
Code of Conduct