[MDEV-25497] rootl(full?) container images and singularity compatibility Created: 2021-04-23 Updated: 2022-02-03 Resolved: 2022-02-03 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Docker |
| Fix Version/s: | N/A |
| Type: | Task | Priority: | Minor |
| Reporter: | Daniel Black | Assignee: | Daniel Black |
| Resolution: | Not a Bug | Votes: | 0 |
| Labels: | None | ||
| Issue Links: |
|
||||
| Description |
|
Apparently the best practice to achieve rootless is: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user So USER=mysql in the container file. given https://github.com/MariaDB/mariadb-docker/blob/master/docker-entrypoint.sh#L350 is the only usage of gosu, and its conditional, I'm note sure why the previous folks didn't do it. I'll ask. Interesting interactions need investigating |
| Comments |
| Comment by Daniel Black [ 2021-04-23 ] | |||||||||
|
and consider https://github.com/MariaDB/mariadb-docker/pull/348 | |||||||||
| Comment by Daniel Black [ 2021-05-20 ] | |||||||||
|
At the moment its looks like the entrypoint can be run as root and non-root users. running as arbitrary user works - https://github.com/MariaDB/mariadb-docker/issues/363#issuecomment-824496833 Probably can't change without breaking compatibility | |||||||||
| Comment by Daniel Black [ 2022-01-29 ] | |||||||||
|
Need to look closer at singularity (and found its a fedora package) https://github.com/MariaDB/mariadb-docker/pull/348 was the original. | |||||||||
| Comment by Daniel Black [ 2022-02-03 ] | |||||||||
|
Comments on pull request, but once I specified a datadir volume and scratch space (or changed the socket/pid-file to the datadir), it started fine.
|