jayaddison
commented
4 years ago This is now resolved for all Python microservices.
The remaining microservices (blog, frontend) are invoked via the superuser account, and we rely on nginx dropping to an unprivileged user account for the subprocesses it forks.
Is your feature request related to a problem? Please describe. Ideally the processes within application microservice containers would run using unprivileged user accounts.
Describe the solution you'd like The standard 'build' script across each microservice should be updated to use a limited user account during the entrypoint and/or run command.