Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix non-numeric UID #2332

Merged
merged 1 commit into from
Feb 5, 2024
Merged

Fix non-numeric UID #2332

merged 1 commit into from
Feb 5, 2024

Conversation

SISheogorath
Copy link
Contributor

@SISheogorath SISheogorath commented Feb 5, 2024
edited
Loading

This patch adjusts the distroless image to use the predefined non-root UID, which uses explicit UID definitions. This allows orchestrators like Kubernetes to validate non-zero UIDs directly by checking the Image metadata.

The previous setup without an explicit runAsUser in the securityContext would produce the following error when enabling runAsNonRoot:

Error: container has runAsNonRoot and image has non-numeric user (nonroot), cannot verify user is non-root (pod: "miniflux-97cc5955f-pt7vf_miniflux(d1c56d29-ea0a-407c-b3f3-9821fbd7ee61)", container: miniflux)

This should not introduce any functional change. It just moves the UID evaluation from "inspecting the image's /etc/passwd" to image metadata.

Do you follow the guidelines?

@SISheogorath
Fix non-numeric UID
62258b3 
This patch adjusts the distroless image to use the predefined non-root UID, which uses explicit UID definitions. This allows orchestrators like Kubernetes to validate non-zero UIDs directly by checking the Image metadata.

The previous setup without an explicit `runAsUser` in the securityContext would produce the following error when enabling `runAsNonRoot`:

```
Error: container has runAsNonRoot and image has non-numeric user (nonroot), cannot verify user is non-root (pod: "miniflux-97cc5955f-pt7vf_miniflux(d1c56d29-ea0a-407c-b3f3-9821fbd7ee61)", container: miniflux)
```
@fguillot fguillot merged commit 552fb3e into miniflux:main Feb 5, 2024
15 checks passed
fguillot added a commit that referenced this pull request Feb 6, 2024
@fguillot
Use numeric UID in Alpine Docker image
e321178 
Same as PR #2332
@fguillot fguillot mentioned this pull request Feb 6, 2024
Merged
2 tasks
fguillot added a commit that referenced this pull request Feb 6, 2024
@fguillot
Use numeric UID in Alpine Docker image
aa30c35 
Same as PR #2332
@SISheogorath SISheogorath deleted the patch-1 branch February 17, 2024 21:59
jeankhawand pushed a commit to jeankhawand/v2 that referenced this pull request Mar 20, 2024
@fguillot @jeankhawand
Use numeric UID in Alpine Docker image
a6791b3 
Same as PR miniflux#2332
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@SISheogorath @fguillot