Fix non-root directory permission denied error #578
Conversation
rahul2393
commented
Jul 29, 2020
•
rahul2393
commented
|
@knqyf263 Please have a look |
Dockerfile
Outdated
| USER appuser | ||
| WORKDIR /newfolder |
There was a problem hiding this comment.
Does this directory resolve something?
There was a problem hiding this comment.
@knqyf263 Removed was testing out something
README.md
Outdated
| Try: | ||
|
|
||
| ``` | ||
| $ docker run --rm -v $PWD:/root/.cache/ aquasec/trivy:0.9.2 --cache-dir root/.cache image centos:7 |
There was a problem hiding this comment.
This command doesn't store the cache in a host, right? You mount the host directory to /root/.cache, but it will be never used as you specify /newfolder/root/.cache. The reason a user mounts the volume is that they want to make the cache persistent.
So, /tmp looks better.
| $ docker run --rm -v $PWD:/root/.cache/ aquasec/trivy:0.9.2 --cache-dir root/.cache image centos:7 | |
| $ docker run --rm -v $PWD:/tmp/.cache/ aquasec/trivy:0.9.2 --cache-dir /tmp/.cache image centos:7 |
There was a problem hiding this comment.
@knqyf263 Thanks for the clarification, fixed 👍
README.md
Outdated
| $ docker run --rm -v $PWD:/root/.cache/ aquasec/trivy:0.9.2 --cache-dir /root/.cache image centos:7 | ||
| 2020-07-29T15:02:54.435Z FATAL unable to initialize the cache: failed to create cache dir: mkdir /root/.cache: permission denied | ||
| ``` | ||
|
|
||
| Try: | ||
|
|
||
| ``` | ||
| $ docker run --rm -v $PWD:/tmp/.cache/ aquasec/trivy:0.9.2 --cache-dir /tmp/.cache image centos:7 |
There was a problem hiding this comment.
For the version numbers maybe it's better to show people to use latest than to hardcode with a particular version. This could be useful in case people just copy-pasta commands to run them.
Dockerfile
Outdated
| @@ -6,4 +6,4 @@ COPY contrib/gitlab.tpl contrib/gitlab.tpl | |||
| COPY contrib/junit.tpl contrib/junit.tpl | |||
| COPY contrib/sarif.tpl contrib/sarif.tpl | |||
| USER appuser | |||
| ENTRYPOINT ["trivy"] | |||
| ENTRYPOINT ["trivy"] | |||
There was a problem hiding this comment.
Could you revert that if there is no reason you want to remove the newline at end of file?
|
Thanks. |
* Fix non-root directory permission denied error * Updated Readme * Fixed Readme * Updated readme to use latest tag for QA error * updated Dockerfile * Moved error to others section
…uasecurity#641) * fix(google): Fix false positive for Google Compute Firewall Rules Resolves aquasecurity#578 Signed-off-by: Liam Galvin <liam.galvin@aquasec.com>
