Only known use-cases not working when /sbin/nologin is set as default shell are:
1) executing $SHELL explicitly in already running container
2) explicitly running 'login' command when starting the container (e.g.,
podman run --rm login)
3) connecting to running container with 'exec login'
4) ssh-ing to container
And there is not any reason why these use-cases should not work in sclorg images.
The openshift runs the containers under random UID. In this case the default shell is /bin/sh. This removal thus should not change the behavior of the images run on openshift.
Further changes will be needed in images using NSS_WRAPPER and in micro images because the user is generated differently there.
zmiklank
commented
12 months ago
Only known use-cases not working when /sbin/nologin is set as default shell are: 1) executing $SHELL explicitly in already running container 2) explicitly running 'login' command when starting the container (e.g., podman run --rm login)
3) connecting to running container with 'exec login'
4) ssh-ing to container
And there is not any reason why these use-cases should not work in sclorg images.
The openshift runs the containers under random UID. In this case the default shell is /bin/sh. This removal thus should not change the behavior of the images run on openshift.
Further changes will be needed in images using NSS_WRAPPER and in micro images because the user is generated differently there.
Partly closes: https://github.com/sclorg/s2i-base-container/issues/283