-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix non-root directory permission denied error #578
Conversation
rahul2393
commented
Jul 29, 2020
•
edited
edited
@knqyf263 Please have a look |
Dockerfile
Outdated
USER appuser | ||
WORKDIR /newfolder |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this directory resolve something?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@knqyf263 Removed was testing out something
README.md
Outdated
Try: | ||
|
||
``` | ||
$ docker run --rm -v $PWD:/root/.cache/ aquasec/trivy:0.9.2 --cache-dir root/.cache image centos:7 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This command doesn't store the cache in a host, right? You mount the host directory to /root/.cache
, but it will be never used as you specify /newfolder/root/.cache
. The reason a user mounts the volume is that they want to make the cache persistent.
So, /tmp
looks better.
$ docker run --rm -v $PWD:/root/.cache/ aquasec/trivy:0.9.2 --cache-dir root/.cache image centos:7 | |
$ docker run --rm -v $PWD:/tmp/.cache/ aquasec/trivy:0.9.2 --cache-dir /tmp/.cache image centos:7 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@knqyf263 Thanks for the clarification, fixed 👍
README.md
Outdated
$ docker run --rm -v $PWD:/root/.cache/ aquasec/trivy:0.9.2 --cache-dir /root/.cache image centos:7 | ||
2020-07-29T15:02:54.435Z FATAL unable to initialize the cache: failed to create cache dir: mkdir /root/.cache: permission denied | ||
``` | ||
|
||
Try: | ||
|
||
``` | ||
$ docker run --rm -v $PWD:/tmp/.cache/ aquasec/trivy:0.9.2 --cache-dir /tmp/.cache image centos:7 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the version numbers maybe it's better to show people to use latest
than to hardcode with a particular version. This could be useful in case people just copy-pasta commands to run them.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@simar7 Done
Dockerfile
Outdated
@@ -6,4 +6,4 @@ COPY contrib/gitlab.tpl contrib/gitlab.tpl | |||
COPY contrib/junit.tpl contrib/junit.tpl | |||
COPY contrib/sarif.tpl contrib/sarif.tpl | |||
USER appuser | |||
ENTRYPOINT ["trivy"] | |||
ENTRYPOINT ["trivy"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you revert that if there is no reason you want to remove the newline at end of file?
Thanks. |
* Fix non-root directory permission denied error * Updated Readme * Fixed Readme * Updated readme to use latest tag for QA error * updated Dockerfile * Moved error to others section
…uasecurity#641) * fix(google): Fix false positive for Google Compute Firewall Rules Resolves aquasecurity#578 Signed-off-by: Liam Galvin <liam.galvin@aquasec.com>