dockerfile - Docker using gosu vs USER -

-

docker kind of had user command run process specific user, in general lot of things had run root.

i have seen lot of images use entrypoint gosu de-elevate process run.

i'm still bit confused need gosu. shouldn't user enough?

i know quite bit has changed in terms of security docker 1.10, i'm still not clear recommended way run process in docker container.

can explain when use gosu vs. user?

thanks

edit:

the docker best practice guide not clear: says if process can run without priviledges, use user, if need sudo, might want use gosu. confusing because 1 can install sorts of things root in dockerfile, create user , give proper privileges, switch user , run cmd user. why need sudo or gosu then?

dockerfiles creating images. see gosu more useful part of container initialization when can no longer change users between run commands in dockerfile.

after image created, gosu allows drop root permissions @ end of entrypoint inside of container. may need root access initialization steps (fixing uid's, host mounted volume permissions, etc). once initialized, run final service without root privileges , pid 1 handle signals cleanly.

edit: here's simple example of using gosu in image docker , jenkins: https://github.com/bmitch3020/jenkins-docker

the entrypoint.sh looks gid of /var/lib/docker.sock file , updates gid of docker user inside container match. allows image ported other docker hosts gid on host may differ. changing group requires root access inside container. had used user jenkins in dockerfile, stuck gid of docker group defined in image wouldn't work if doesn't match of docker host it's running on. root access can dropped when running app gosu comes in.

at end of script, exec call prevents shell forking gosu, , instead replaces pid 1 process. gosu in turn same, switching uid , exec'ing jenkins process takes on pid 1. allows signals handled correctly otherwise ignored shell pid 1.


Comments

Post a Comment

Popular posts from this blog

html - Styling progress bar with inline style -

-
i trying set progress bar color red using inline style. need in way because have access <body> part of document. style need apply: progress { color: red } progress::-moz-progress-bar { background: red;} progress::-webkit-progress-value { background: red; } progress[aria-valuenow]:before { background: red; } i tried <progress style="background: red;"> incorrect effect, progress bar color turns blue red background. guide right direction desired style? thank in advance. here live example: https://jsfiddle.net/z36d3f6l/
Read more

java - Oracle Sql developer error: could not install some modules -

-
i have downloaded fresh copy of sqldeveloper ( sqldeveloper-4.1.3.20.78-no-jre ) oracle website. when unzip , lauch gui, keep getting following error message: warning - not install modules: dynamic module config - no module providing capability org.netbeans.netbinox found. my system: windows 7 32 bit hp probook. jdk 1.6 , 1.7, 1.8 available in java/jdk subdirectory. netbeans 8.0.2 installed finally got way out after dirty hours. extracted sqldeveloper zip in nested directory. i.e: e://a/b/c/sqldeveloper. starting sqldeveloper gui above directory threw erros. solution: go in c:\users**username**\appdata\roaming : delete sql developer , sqldeveloper folders extract sql developer zip in new non nested directory. i.e: e:// start , should work now reference: https://community.oracle.com/thread/3870680?start=0&tstart=0
Read more

How to use autoclose brackets in Jupyter notebook? -

-
this may sound silly question, how make use of autoclose brackets in jupyter notebook? example, when type print( jupyter notebook auto-closes brakets print() and places cursor inside. type argument, say print(1 + 1) now cursor between second 1 , right bracket ) . key navigate right of ) ? of course can press end or → or ) achieve this, not seem save time, purpose of brackets autoclose suppose? thanks in advance.
Read more