Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Containers are run as root #128

Open
uniqueg opened this issue Nov 6, 2021 · 3 comments
Open

Containers are run as root #128

uniqueg opened this issue Nov 6, 2021 · 3 comments

Comments

@uniqueg
Copy link
Member

uniqueg commented Nov 6, 2021

The current implementation runs all containers as root. This is not necessary and a security concern. Re-factor to run containers as non-privileged users instead.
@uniqueg
Copy link
Member Author

uniqueg commented Nov 6, 2021

Requested by Czech ELIXIR node, see here: https://docs.google.com/spreadsheets/d/1vBFhBQ-nFqhSL5dLjQfOWO6x9BzmV9x6l18p9GYRZdQ/edit#gid=0

Contacts: @xhejtman & @viktoriaas

@lvarin
Copy link
Contributor

lvarin commented Nov 8, 2021

OpenShift runs then as a non root user by default, so this should be easy to solve by changing the HELM charts for the kubernetes templates.

@aniewielska
Copy link
Contributor

There is also an issue #113 which appears when an executor is run as a non-root user and it most probably causes problems with permissions to access files creates by a root-run filer. It is not enough to change the user in the container of filer, as it is likely to cause even more issues with file access. The solution would be as @lvarin suggests, to force securityContext via K8s (runAsUser and sth to coordinate file access).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lvarin @uniqueg @aniewielska