#docker (2019-05)

docker

All things docker Archive: https://archive.sweetops.com/docker/

2019-05-28

btai avatar

do you guys create a non-root user in all your dockerfiles?

Nikola Velkovski avatar
Nikola Velkovski

@btai yes

Nikola Velkovski avatar
Nikola Velkovski

sometimes it just works with the nobody:nobody user/group present inside the docker image.

2019-05-21

tamsky avatar
tamsky

https://github.com/moby/moby/issues/2259#issuecomment-494662512

Superb recent comment on docker’s support for volume mount +(uid/gid/access bits) support, and how hacks around this missing basic feature are now appearing in helm charts.

Add ability to mount volume as user other than root · Issue #2259 · moby/moby

Use case: mount a volume from host to container for use by apache as www user. The problem is currently all mounts are mounted as root inside the container. For example, this command docker run -v …

2019-05-09

Exequiel Barrirero avatar
Exequiel Barrirero

For Alpine Linux container based implementations.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5021 :point_up:

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.
CVE - CVE-2019-5021

Common Vulnerabilities and Exposures (CVE®) is a list of entries — each containing an identification number, a description, and at least one public reference — for publicly known cybersecurity vulnerabilities. Assigned by CVE Numbering Authorities (CNAs) from around the world, use of CVE Entries ensures confidence among parties when used to discuss or share information about a unique software vulnerability, provides a baseline for tool evaluation, and enables data exchange for cybersecurity automation.

2019-05-05

johncblandii (Cloud Posse) avatar
johncblandii (Cloud Posse)

Has anyone done docker image promotion on Artifactory? (specifically through jenkins or similar CI)

Blaise Pabon avatar
Blaise Pabon

Oh boy, it was about 2 yrs ago at my last job. We had a groovy method that promoted as part of the release process.

:--1:1
    keyboard_arrow_up