Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Build container images to run as non root #5462

Open
squakez opened this issue May 7, 2024 · 1 comment
Open

Build container images to run as non root #5462

squakez opened this issue May 7, 2024 · 1 comment
Labels
area/builder kind/feature New feature or request
Milestone
3.x

Comments

@squakez
Copy link
Contributor

squakez commented May 7, 2024
edited
Loading

As seen in #5461 the managed application build is using a root default user. We need to switch to a non root user by default to strengthen security.
@squakez squakez added kind/feature New feature or request area/builder labels May 7, 2024
@squakez squakez added this to the 2.4.0 milestone May 7, 2024
@squakez squakez mentioned this issue May 8, 2024
Closed
3 tasks
@squakez squakez modified the milestones: 2.4.0, 2.5.0 Jul 30, 2024
@squakez squakez modified the milestones: 2.5.0, 2.6.0 Oct 21, 2024
@squakez squakez self-assigned this Nov 23, 2024
squakez added a commit to squakez/camel-k that referenced this issue Nov 23, 2024
@squakez
feat(builder): dependencies privileges
f2d7465 
We need to have the dependencies as publicly readable and executable in order to let any container user to run the application properly. So far we could only have root when using Jib publishing strategy.

Ref apache#5462
@squakez squakez mentioned this issue Nov 23, 2024
Merged
squakez added a commit that referenced this issue Nov 27, 2024
@squakez
feat(builder): dependencies privileges
776ef4f 
We need to have the dependencies as publicly readable and executable in order to let any container user to run the application properly. So far we could only have root when using Jib publishing strategy.

Ref #5462
@squakez
Copy link
Contributor Author

squakez commented Nov 28, 2024

This is now feasible after the work done in #5960. However it would open potential backward compatibility, as, if we default to a non-root user and the operator pick an old IntegrationKit, it would be impossible to run it. Moving into 3.x milestone.

@squakez squakez modified the milestones: 2.6.0, 3.x Nov 28, 2024
@squakez squakez removed their assignment Nov 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/builder kind/feature New feature or request
Projects
None yet
Milestone
3.x
Development

No branches or pull requests
1 participant
@squakez