You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2020/11/30 19:04:37 UTC
[GitHub] [pulsar] michaeljmarshall opened a new issue #8751: Pulsar containers should not run as the root user
michaeljmarshall opened a new issue #8751:
URL: https://github.com/apache/pulsar/issues/8751
**Is your enhancement request related to a problem? Please describe.**
The image produced by pulsar unnecessarily runs as the root user. My company requires applications to run with the least privilege necessary, and the current pulsar docker images do not comply with that policy.
**Describe the solution you'd like**
Given that pulsar only needs privileges to read/write to/from certain directories, the [Dockerfile](https://github.com/apache/pulsar/blob/master/docker/pulsar/Dockerfile) should add a user with the appropriate level of permission, `chown` the appropriate directories, and then run as that user.
**Describe alternatives you've considered**
I don't see an alternative--Pulsar does not _need_ root privileges.
**Additional context**
Note that I want to deploy pulsar on a kubernetes cluster that has a pod security policy that prevents applications from running as root. Given that it is a good security principal to give applications the least permission possible, I see this enhancement as a way to make pulsar more secure and more easy to adopt for other organizations.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] sijie closed issue #8751: Pulsar containers should not run as the root user
Posted by GitBox <gi...@apache.org>.
sijie closed issue #8751:
URL: https://github.com/apache/pulsar/issues/8751
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall commented on issue #8751: Pulsar containers should not run as the root user
Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on issue #8751:
URL: https://github.com/apache/pulsar/issues/8751#issuecomment-876550066
@frankjkelly - I don't know of any equivalent issue. I will open a new issue today with details for what needs to happen in order to get this feature added. Based on a recent pulsar community meeting, there is a desire for more integration testing before merging this change. I plan to help contribute this feature, but I don't expect to be able to work on it for a couple of weeks.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] frankjkelly commented on issue #8751: Pulsar containers should not run as the root user
Posted by GitBox <gi...@apache.org>.
frankjkelly commented on issue #8751:
URL: https://github.com/apache/pulsar/issues/8751#issuecomment-876543983
@sijie Although originally closed due to this PR https://github.com/apache/pulsar/pull/8796 however this PR appears to have reverted it https://github.com/apache/pulsar/pull/10861 - should the issue be reopened or is there an equivalent issue that covers this request?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] hpvd edited a comment on issue #8751: Pulsar containers should not run as the root user
Posted by GitBox <gi...@apache.org>.
hpvd edited a comment on issue #8751:
URL: https://github.com/apache/pulsar/issues/8751#issuecomment-736031165
related to
unable to run on rootless kubernetess https://github.com/apache/pulsar/issues/7210
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] frankjkelly commented on issue #8751: Pulsar containers should not run as the root user
Posted by GitBox <gi...@apache.org>.
frankjkelly commented on issue #8751:
URL: https://github.com/apache/pulsar/issues/8751#issuecomment-876556623
@michaeljmarshall thanks - that sounds good
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall commented on issue #8751: Pulsar containers should not run as the root user
Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on issue #8751:
URL: https://github.com/apache/pulsar/issues/8751#issuecomment-876809251
@frankjkelly - here is the new issue: https://github.com/apache/pulsar/issues/11269.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] hpvd commented on issue #8751: Pulsar containers should not run as the root user
Posted by GitBox <gi...@apache.org>.
hpvd commented on issue #8751:
URL: https://github.com/apache/pulsar/issues/8751#issuecomment-736031165
related to https://github.com/apache/pulsar/issues/7210
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org