You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tinkerpop.apache.org by "robertdale (GitHub)" <gi...@apache.org> on 2019/03/08 16:44:02 UTC
[GitHub] [tinkerpop] robertdale opened pull request #1080:
TINKERPOP-2174 Improve Docker Image Security
https://issues.apache.org/jira/browse/TINKERPOP-2174
- use least privileged user:group - `gremlin`
- use the dynamic tag to get the latest image: `openjdk:8-jre-alpine`
also snuck in some non-security ones:
- replaced deprecated `MAINTAINER` with `LABEL maintainer...`
- use `--no-cache` instead of `rm -rf /var/cache/apk/*`
Tested gremlin-console and gremlin-server images.
VOTE +1
[ Full content available at: https://github.com/apache/tinkerpop/pull/1080 ]
This message was relayed via gitbox.apache.org for dev@tinkerpop.apache.org
[GitHub] [tinkerpop] FlorianHockmann commented on pull request #1080:
TINKERPOP-2174 Improve Docker Image Security
Posted by "FlorianHockmann (GitHub)" <gi...@apache.org>.
It should also be possible to add this `chown` directly to the `COPY` command above:
```
COPY --chown=gremlin:gremlin ${GREMLIN_CONSOLE_DIR} /opt/gremlin-console
```
[ Full content available at: https://github.com/apache/tinkerpop/pull/1080 ]
This message was relayed via gitbox.apache.org for dev@tinkerpop.apache.org
[GitHub] [tinkerpop] FlorianHockmann commented on pull request #1080:
TINKERPOP-2174 Improve Docker Image Security
Posted by "FlorianHockmann (GitHub)" <gi...@apache.org>.
OK, no problem. We can still change it some time later.
[ Full content available at: https://github.com/apache/tinkerpop/pull/1080 ]
This message was relayed via gitbox.apache.org for dev@tinkerpop.apache.org
[GitHub] [tinkerpop] robertdale closed pull request #1080:
TINKERPOP-2174 Improve Docker Image Security
Posted by "robertdale (GitHub)" <gi...@apache.org>.
[ pull request closed by robertdale ]
[ Full content available at: https://github.com/apache/tinkerpop/pull/1080 ]
This message was relayed via gitbox.apache.org for dev@tinkerpop.apache.org
[GitHub] [tinkerpop] spmallette commented on issue #1080:
TINKERPOP-2174 Improve Docker Image Security
Posted by "spmallette (GitHub)" <gi...@apache.org>.
VOTE +1
[ Full content available at: https://github.com/apache/tinkerpop/pull/1080 ]
This message was relayed via gitbox.apache.org for dev@tinkerpop.apache.org
[GitHub] [tinkerpop] robertdale commented on pull request #1080:
TINKERPOP-2174 Improve Docker Image Security
Posted by "robertdale (GitHub)" <gi...@apache.org>.
Unfortunately, `--chown` support is not supported in my version.
[ Full content available at: https://github.com/apache/tinkerpop/pull/1080 ]
This message was relayed via gitbox.apache.org for dev@tinkerpop.apache.org