Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Pulsar containers should not run as the root user
See original GitHub issueIs your enhancement request related to a problem? Please describe. The image produced by pulsar unnecessarily runs as the root user. My company requires applications to run with the least privilege necessary, and the current pulsar docker images do not comply with that policy.
Describe the solution you’d like
Given that pulsar only needs privileges to read/write from/to certain directories, the Dockerfile should add a user with the appropriate level of permission, chown the appropriate directories, and then run as that user.
Describe alternatives you’ve considered I don’t see an alternative–Pulsar does not need root privileges.
Additional context Note that I want to deploy pulsar on a kubernetes cluster that has a pod security policy that prevents applications from running as root. Given that it is a good security principal to give applications the least permission possible, I see this enhancement as a way to make pulsar more secure and more easy to adopt for other organizations.
Issue Analytics
- State:
- Created 3 years ago
- Reactions:2
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@frankjkelly - here is the new issue: https://github.com/apache/pulsar/issues/11269.
@michaeljmarshall thanks - that sounds good