Container should not run as root · bitwarden/server#2903

(6 评论) (7 反应) (0 负责人)C# (18,588 star) (1,575 fork)batch import

bugbw-lite-deployhelp wanted

描述

Steps To Reproduce

Install per the instructions as written at https://bitwarden.com/help/install-and-deploy-unified-beta/ that has a restrictive policy like SELinux

Expected Result

The container should run as a non-root user

Actual Result

The container cannot run in a restrictive environment where root users are not permitted or are highly restricted like in SELinux environments or Kubernetes platforms that enforce a restrictive policy like VMware Tanzu or OpenShift.

Screenshots or Videos

No response

Additional Context

I have attempted to set the running user via policy, but the image is trying to change permissions on startup and is not allowed to.

Githash Version

NA - container does not run

Environment Details

Operating System: Photon Linux
Platform: Kubernetes (Tanzu)
Kubernetes API: 1.21

Database Image

sqlite

Issue-Link

https://github.com/bitwarden/server/issues/2480

Issue Tracking Info

I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

贡献者指南

技术栈: csharpdocker
领域: securitydevopscloud
议题类型: security
难度: 3
预计时间: half day
活动状态: active
清晰度: mostly clear
前置要求: Dockerfile basicsLinux user permissions
新手友好度: 60
研究方向: Investigate the Dockerfile in the repository (e.g., Dockerfile or docker compose files) to determine how the container user is configured. The issue requires adding a non root user directive (USER) and ensuring that all necessary file permissions are adjusted for volumes and startup scripts. Review the linked issue #2480 for previous discussion. Test the changes in a SELinux or Kubernetes environment to confirm compliance. Consider using a tool like 'docker run user' or modifying the image entrypoint.