You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@guacamole.apache.org by GitBox <gi...@apache.org> on 2020/01/30 19:37:48 UTC
[GitHub] [guacamole-client] manolan1 commented on a change in pull request
#469: GUACAMOLE-890: Security: Allow image to run as non-root user
manolan1 commented on a change in pull request #469: GUACAMOLE-890: Security: Allow image to run as non-root user
URL: https://github.com/apache/guacamole-client/pull/469#discussion_r373152997
##########
File path: Dockerfile
##########
@@ -56,6 +56,13 @@ WORKDIR /opt/guacamole
# Copy artifacts from builder image into this image
COPY --from=builder /opt/guacamole/ .
+# Turn on the Remote IP Valve
+RUN sed -i 's+^\(\( *\)</Host>\)+\2 <Valve className="org.apache.catalina.valves.RemoteIpValve" />\n\n\1+' /usr/local/tomcat/conf/server.xml
Review comment:
Why does the regex care about spaces before the closing tag? And, if it does, shouldn't it use a generic whitespace pattern rather than a space?
What is the impact of configuring the Remote IP Valve with default options? I have only ever seen it with proxy filtering enabled.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services