Closed uhthomas closed 1 year ago
Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.
We're not going to remove s6 in the near future
Kubernetes is currently not our target audience, nor is rootless in general. onedr0p provides images for this audience.
We're not going to remove s6 in the near future
Is it possible to consider a second image with a different tag like linuxserver/radarr:4.0.0-rootless
? It looks like I'm going to have to build my own image otherwise.
Kubernetes is currently not our target audience, nor is rootless in general. onedr0p provides images for this audience.
A small Kubernetes cluster to run applications like this is becoming increasingly more common, and with improvements to container tools in general I imagine that s6
will eventually become unnecessary? It feels backwards to use an overlay for security rather than delegating it to the container runner.
I don't see any images for radarr published by onedr0p
. Am I missing something?
To be frank, with the amount of images we have, we aren't going to make rootless images along side our main ones.
Support is already stretched at best for our current set of images, duplicating them all for rootless just isn't doable.
To be frank, with the amount of images we have, we aren't going to make rootless images along side our main ones.
Support is already stretched at best for our current set of images, duplicating them all for rootless just isn't doable.
That's a fair point, I respect that.
@uhthomas have you find a way to do do achieve this? I would be interested to the solution if you can share it please.
@ilbarone87 I switched to @onedr0p's image.
Is this a new feature request?
Wanted change
This container needs to be run as root. This is not necessary. For environments like Kubernetes, s6 should be removed entirely really.
Reason for change
Running containers as root is a security risk.
Proposed code change
Providing a non-s6 image is probably the best way forward. I presume it's necessary for environments without security restrictions unlike Kubernetes?