mgerb
commented
8 months ago I've gotta make some updates to the Dockerfile so it can build with the latest version of Go. To prevent conflicts, I'm going to go ahead and merge this and then make some followup changes. Thanks for the PR!
This makes the docker container user not run as root and instead run as a user with the defined UID and GID.
This should improve security for those who use the docker daemon as it protects the host from container breakouts, as the compromised user would likely not have access to anything sensitive on the host.
The only downside with this is that it adds the restriction that the person mapping the config.json needs to ensure that the file can be read by the container user too, but the default UMASK already allows all users to read a file, so I do not think this is really a problem unless the person alters their config.json permission bits to not allow some people to read it.