Pulsar containers should not run as the root user #8751
Labels
area/build
type/enhancement
The enhancements for the existing features or docs. e.g. reduce memory usage of the delayed messages
Comments
michaeljmarshall
added
the
type/enhancement
|
related to |
1 task
sijie
pushed a commit
that referenced
this issue
Feb 16, 2021
… Use pulsar User (nonroot user) (#8796) Fixes #8751 ### Motivation Pulsar does not need to run as the root user. This PR updates the pulsar and the pulsar dashboard images to make them run as a new `pulsar` user (user ~1000~ 10000 and group 10001). This change increases the security of pulsar images. ### Modifications Update two `Dockerfile`s to create a pulsar user, chown the appropriate directories, and then use that user by default. ### Verifying this change - [ ] Make sure that the change passes the CI checks. I manually verified that the docker images run with the correct user and file permissions. As this is my first commit, I'm not familiar with pulsar testing. Are there tests that run against the produced docker images? If so, then there is likely no further testing needed.
eolivelli
pushed a commit
that referenced
this issue
May 14, 2021
… Use pulsar User (nonroot user) (#8796) Fixes #8751 Pulsar does not need to run as the root user. This PR updates the pulsar and the pulsar dashboard images to make them run as a new `pulsar` user (user ~1000~ 10000 and group 10001). This change increases the security of pulsar images. Update two `Dockerfile`s to create a pulsar user, chown the appropriate directories, and then use that user by default. - [ ] Make sure that the change passes the CI checks. I manually verified that the docker images run with the correct user and file permissions. As this is my first commit, I'm not familiar with pulsar testing. Are there tests that run against the produced docker images? If so, then there is likely no further testing needed. (cherry picked from commit 4264a67)
eolivelli
pushed a commit
to datastax/pulsar
that referenced
this issue
May 17, 2021
… Use pulsar User (nonroot user) (apache#8796) Fixes apache#8751 Pulsar does not need to run as the root user. This PR updates the pulsar and the pulsar dashboard images to make them run as a new `pulsar` user (user ~1000~ 10000 and group 10001). This change increases the security of pulsar images. Update two `Dockerfile`s to create a pulsar user, chown the appropriate directories, and then use that user by default. - [ ] Make sure that the change passes the CI checks. I manually verified that the docker images run with the correct user and file permissions. As this is my first commit, I'm not familiar with pulsar testing. Are there tests that run against the produced docker images? If so, then there is likely no further testing needed. (cherry picked from commit 4264a67)
eolivelli
pushed a commit
to datastax/pulsar
that referenced
this issue
May 19, 2021
… Use pulsar User (nonroot user) (apache#8796) Fixes apache#8751 Pulsar does not need to run as the root user. This PR updates the pulsar and the pulsar dashboard images to make them run as a new `pulsar` user (user ~1000~ 10000 and group 10001). This change increases the security of pulsar images. Update two `Dockerfile`s to create a pulsar user, chown the appropriate directories, and then use that user by default. - [ ] Make sure that the change passes the CI checks. I manually verified that the docker images run with the correct user and file permissions. As this is my first commit, I'm not familiar with pulsar testing. Are there tests that run against the produced docker images? If so, then there is likely no further testing needed. (cherry picked from commit 4264a67)
eolivelli
pushed a commit
to datastax/pulsar
that referenced
this issue
Jun 9, 2021
… Use pulsar User (nonroot user) (apache#8796) Fixes apache#8751 Pulsar does not need to run as the root user. This PR updates the pulsar and the pulsar dashboard images to make them run as a new `pulsar` user (user ~1000~ 10000 and group 10001). This change increases the security of pulsar images. Update two `Dockerfile`s to create a pulsar user, chown the appropriate directories, and then use that user by default. - [ ] Make sure that the change passes the CI checks. I manually verified that the docker images run with the correct user and file permissions. As this is my first commit, I'm not familiar with pulsar testing. Are there tests that run against the produced docker images? If so, then there is likely no further testing needed. (cherry picked from commit 4264a67) (cherry picked from commit bf00805)
eolivelli
pushed a commit
to datastax/pulsar
that referenced
this issue
Jun 9, 2021
… Use pulsar User (nonroot user) (apache#8796) Fixes apache#8751 Pulsar does not need to run as the root user. This PR updates the pulsar and the pulsar dashboard images to make them run as a new `pulsar` user (user ~1000~ 10000 and group 10001). This change increases the security of pulsar images. Update two `Dockerfile`s to create a pulsar user, chown the appropriate directories, and then use that user by default. - [ ] Make sure that the change passes the CI checks. I manually verified that the docker images run with the correct user and file permissions. As this is my first commit, I'm not familiar with pulsar testing. Are there tests that run against the produced docker images? If so, then there is likely no further testing needed. (cherry picked from commit 4264a67) (cherry picked from commit bf00805)
|
@frankjkelly - I don't know of any equivalent issue. I will open a new issue today with details for what needs to happen in order to get this feature added. Based on a recent pulsar community meeting, there is a desire for more integration testing before merging this change. I plan to help contribute this feature, but I don't expect to be able to work on it for a couple of weeks. |
|
@michaeljmarshall thanks - that sounds good |
|
@frankjkelly - here is the new issue: #11269. |
nicoloboschi
pushed a commit
to datastax/pulsar
that referenced
this issue
Feb 28, 2022
… Use pulsar User (nonroot user) (apache#8796) Fixes apache#8751 Pulsar does not need to run as the root user. This PR updates the pulsar and the pulsar dashboard images to make them run as a new `pulsar` user (user ~1000~ 10000 and group 10001). This change increases the security of pulsar images. Update two `Dockerfile`s to create a pulsar user, chown the appropriate directories, and then use that user by default. - [ ] Make sure that the change passes the CI checks. I manually verified that the docker images run with the correct user and file permissions. As this is my first commit, I'm not familiar with pulsar testing. Are there tests that run against the produced docker images? If so, then there is likely no further testing needed. (cherry picked from commit 4264a67) (cherry picked from commit bf00805) (cherry picked from commit 1b44c32)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your enhancement request related to a problem? Please describe.
The image produced by pulsar unnecessarily runs as the root user. My company requires applications to run with the least privilege necessary, and the current pulsar docker images do not comply with that policy.
Describe the solution you'd like
Given that pulsar only needs privileges to read/write from/to certain directories, the Dockerfile should add a user with the appropriate level of permission,
chownthe appropriate directories, and then run as that user.Describe alternatives you've considered
I don't see an alternative--Pulsar does not need root privileges.
Additional context
Note that I want to deploy pulsar on a kubernetes cluster that has a pod security policy that prevents applications from running as root. Given that it is a good security principal to give applications the least permission possible, I see this enhancement as a way to make pulsar more secure and more easy to adopt for other organizations.
The text was updated successfully, but these errors were encountered: