help wantednever-stalesecurity
描述
Hi all,
We are using Harbor v2.5.0 in Docker Container on a Linux Virtual Machine. During some tests, we noticed that those Containers have to run as root users. If we were trying to start them as non-root users, we had the following issue:
[Step 4]: starting Harbor ... Traceback (most recent call last): File "bin/docker-compose", line 6,
in <module> File "compose/cli/main.py", line 71, in main File "compose/cli/main.py", line 124,
in perform_command File "compose/cli/command.py", line 42,
in project_from_options File "compose/cli/command.py", line 115,
in get_project File "compose/config/config.py", line 402, in load File "compose/config/config.py",
line 502, in load_services File "compose/config/config.py",
line 481, in build_services File "compose/config/config.py",
line 481, in <listcomp> File "compose/config/config.py",
line 473, in build_service File "compose/config/config.py",
line 846, in finalize_service File "compose/config/config.py",
line 658, in resolve_environment File "compose/config/environment.py",
line 35, in env_vars_from_file File "/code/.tox/py36/lib/python3.6/codecs.py",
line 897, in open PermissionError:
[Errno 13] Permission denied: '/opt/harbor/v2.5.0/common/config/registryctl/env' [21216] Failed to execute script docker-compose
Are there any plans to change this in the future to increase security?
Thank you in advance!
Alexander Barth (alexander.barth@mercedes-benz.com) on behalf of Mercedes-Benz Tech Innovation GmbH, Provider Information