Skip to content

Run as rootless container like it is allowed in Docker ver 20.10 and Podman #3715

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
PavelSosin-320 opened this issue Jul 4, 2021 · 5 comments
Closed

Run as rootless container like it is allowed in Docker ver 20.10 and Podman #3715

PavelSosin-320 opened this issue Jul 4, 2021 · 5 comments
Labels
feature New user visible feature
Milestone
Backlog Candidates

Comments

@PavelSosin-320
Copy link

Get rid Docker, server, and root user use.
The gaps are:

  1. static config and workspace mount points in the Dockerfile as /config and /workspace.
  2. Don't use ~
@PavelSosin-320 PavelSosin-320 added the feature New user visible feature label Jul 4, 2021
@jsjoeio
Copy link
Contributor

jsjoeio commented Jul 6, 2021

@PavelSosin-320 could you please elaborate on why you want these changes? Thank you!

@jsjoeio jsjoeio added this to the Backlog Candidates milestone Jul 6, 2021
@stale
Copy link

stale bot commented Jan 2, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no activity occurs in the next 5 days.

@stale stale bot added the stale label Jan 2, 2022
@stale stale bot closed this as completed Jan 7, 2022
@mirekphd
Copy link

mirekphd commented Jun 27, 2022
edited
Loading

Presumably because it is a standard practice in corporate clusters to avoid running containers as root. Platforms like Openshift and OKD will by default disallow running containers with elevated privileges (dropping nearly all capabilities) and even randomize runtime user IDs for containers, separately for each user namesapce. This has always restricted the choice of IDEs that are available in such environments. See also points 1 and 2 here: https://sysdig.com/blog/dockerfile-best-practices/

@PavelSosin-320 could you please elaborate on why you want these changes? Thank you!

@mirekphd
Copy link

mirekphd commented Jun 27, 2022
edited
Loading

Currently most of the entrypoint.sh script requires root at runtime.

The main (and only justifiable for an IDE) reason for root here is the need to support docker in VS Code. Why not switch to podman which is rootless by design?

@DevDorrejo
Copy link

DevDorrejo commented Jan 14, 2023
edited
Loading

Hello, I am using podman rootless and the process is required to introduce sudo password of the user, but it won't accept the password and will fail with incorrect password.

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature New user visible feature
Projects
None yet
Milestone
Backlog Candidates
Development

No branches or pull requests
4 participants
@jsjoeio @DevDorrejo @mirekphd @PavelSosin-320