APISIX and APISIX-ingress containers to work without anyuid SCC#612
Open
Vishva066 wants to merge 1 commit intoapache:masterfrom
Open
APISIX and APISIX-ingress containers to work without anyuid SCC#612Vishva066 wants to merge 1 commit intoapache:masterfrom
Vishva066 wants to merge 1 commit intoapache:masterfrom
Conversation
…APISIX to run in Openshift instead of anyuid command
Contributor
|
Hi @Vishva066, do Dockerfiles for other image types need to be modified? |
Author
|
Yes for the other os also it needs to be updated. I thought this is the mostly used docker files so I updated it first. I can also update the other docker files also |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request improves the security and consistency of the Docker images by updating user and group permissions for the
apisixdirectory in both thedebiananddebian-devDockerfiles.The main changes ensure that the container runs as a non-root user and that directory permissions are set appropriately for group access.
Dockerfile permission and user management updates:
/usr/local/apisixto group ID 0 and set group permissions to match user permissions, improving compatibility with OpenShift and similar environments (debian/Dockerfile,debian-dev/Dockerfile). [1] [2]debian-dev/Dockerfile, explicitly added creation of theapisixsystem group and user, set ownership and permissions for/usr/local/apisix, and switched to running the container as theapisixuser.This PR closes #611