influxdata
Run as non-root user
Hi, I'm Ted Hahn and I'm working on the Kubernetes team at Nordstrom. We're trying to implement Pod Security Policies (PSP) org-wide, and your container image is used by some of our teams.
I'm trying to remedy the following attributes:
- [ ] Runs as Root
Even though containers run in namespaces, it is possible (through bugs or by leveraging exposed parts of the host namespace) to "escape" the container and affect the root system. To reduce the surface area of these escapes, containers should run as a non-root user.
The tests seem to have failed because of transient network issues:
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 05CE15085FC09D18E99EFB22684A14CF2582E0C5
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: keyserver receive failed: Cannot assign requested address
+ gpg --keyserver pgp.mit.edu --recv-keys 05CE15085FC09D18E99EFB22684A14CF2582E0C5
gpg: keyserver receive failed: No data
+ gpg --keyserver keyserver.pgp.com --recv-keys
05CE15085FC09D18E99EFB22684A14CF2582E0C5
gpg: keyserver receive failed: Connection timed out
The command '/bin/sh -c set -ex && for key in 05CE15085FC09D18E99EFB22684A14CF2582E0C5 ; do gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key" || gpg --keyserver pgp.mit.edu --recv-keys "$key" || gpg --keyserver keyserver.pgp.com --recv-keys "$key" ; done' returned a non-zero code: 2
Can you try rerunning?
This is a change I'm also interested in. I currently take the Dockerfiles and modify them to meet my requirements, but it would be nice to have a reduction in the changes I'm required to make.
