The sensor container must currently run as a privileged container and the user inside the container is root. This is generally an issue when running on productions systems as ops often require (and rightly so!) that we use non-root user inside our containers and that containers are not privileged.
The sensor can however run perfectly fine in a non-root container, provided it has been granted the correct capabilities
The sensor container must currently run as a privileged container and the user inside the container is root. This is generally an issue when running on productions systems as ops often require (and rightly so!) that we use non-root user inside our containers and that containers are not privileged.
The sensor can however run perfectly fine in a non-root container, provided it has been granted the correct capabilities
For example I use in my dockerfile
An at the end of the Docker file:
Then, when running the container, I add the capa
Would you consider changing the sensor image so that it runs without root by default ? It also requires disabling the check in sensor.c (https://github.com/powerapi-ng/hwpc-sensor/blob/ae0b8fc3894dc788460e8040aa3ae939a90e2953/src/sensor.c#L169)