search

jimmidyson / configmap-reload

Simple binary to trigger a reload when a Kubernetes ConfigMap is updated
Apache License 2.0
969 stars 191 forks source link

nonroot user mismatch #94

Closed miguelhar closed 1 week ago

miguelhar commented 11 months ago

Hello, given that upstream image NONROOT user is different than USER

NONROOT = 65532

vs

USER 65534

Dont we need 

RUN chown -R 65534:65534 /home/nonroot

in order to avoid:

OCI runtime create failed: container_linux.go:346: starting container process caused "chdir to cwd (\"/home/nonroot\") set in config.json failed: permission denied"

I have been able to mitigate the issue in 2 ways:

  1. Update the container scc to run as user: 65532
  2. Set container workingDir: "/"
jimmidyson commented 7 months ago

Oops! Thanks for reporting! Let's just change the USER in the Dockerfile to 65532 - would you like to send in a PR to do that? 🙏