#docker (2019-05)

docker

All things docker

Archive: https://archive.sweetops.com/docker/

2019-05-05

johncblandii avatar
johncblandii
05:23:52 AM

Has anyone done docker image promotion on Artifactory? (specifically through jenkins or similar CI)

Blaise Pabon avatar
Blaise Pabon
04:42:16 AM

Oh boy, it was about 2 yrs ago at my last job. We had a groovy method that promoted as part of the release process.

1

2019-05-09

Exequiel Barrirero avatar
Exequiel Barrirero
04:04:49 PM

For Alpine Linux container based implementations.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5021 :point_up:

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.
CVE - CVE-2019-5021

Common Vulnerabilities and Exposures (CVE®) is a list of entries — each containing an identification number, a description, and at least one public reference — for publicly known cybersecurity vulnerabilities. Assigned by CVE Numbering Authorities (CNAs) from around the world, use of CVE Entries ensures confidence among parties when used to discuss or share information about a unique software vulnerability, provides a baseline for tool evaluation, and enables data exchange for cybersecurity automation.

2019-05-21

tamsky avatar
tamsky
06:34:20 AM

https://github.com/moby/moby/issues/2259#issuecomment-494662512

Superb recent comment on docker’s support for volume mount +(uid/gid/access bits) support, and how hacks around this missing basic feature are now appearing in helm charts.

Add ability to mount volume as user other than root · Issue #2259 · moby/moby

Use case: mount a volume from host to container for use by apache as www user. The problem is currently all mounts are mounted as root inside the container. For example, this command docker run -v …

2019-05-28

btai avatar
btai
09:59:27 PM

do you guys create a non-root user in all your dockerfiles?

Nikola Velkovski avatar
Nikola Velkovski
06:16:52 AM

@btai yes

Nikola Velkovski avatar
Nikola Velkovski
06:17:22 AM

sometimes it just works with the nobody:nobody user/group present inside the docker image.

    keyboard_arrow_up