Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Container should not run as root #2903

Open
1 task done
Tracked by #2480
jheiselman opened this issue May 3, 2023 · 4 comments
Open
1 task done
Tracked by #2480

Container should not run as root #2903

jheiselman opened this issue May 3, 2023 · 4 comments
Labels
bug bw-unified-deploy An Issue related to Bitwarden unified deployment help wanted

Comments

@jheiselman
Copy link

Steps To Reproduce

  1. Install per the instructions as written at https://bitwarden.com/help/install-and-deploy-unified-beta/ that has a restrictive policy like SELinux

Expected Result

The container should run as a non-root user

Actual Result

The container cannot run in a restrictive environment where root users are not permitted or are highly restricted like in SELinux environments or Kubernetes platforms that enforce a restrictive policy like VMware Tanzu or OpenShift.

Screenshots or Videos

No response

Additional Context

I have attempted to set the running user via policy, but the image is trying to change permissions on startup and is not allowed to.

Githash Version

NA - container does not run

Environment Details

  • Operating System: Photon Linux
  • Platform: Kubernetes (Tanzu)
  • Kubernetes API: 1.21

Database Image

sqlite

Issue-Link

#2480

Issue Tracking Info

  • I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
@jheiselman jheiselman added bug bw-unified-deploy An Issue related to Bitwarden unified deployment labels May 3, 2023
@atjbramley
Copy link

Hi @jheiselman,

This issue has been escalated for further investigation. If you have more information that can help us, please add it below.

Thanks!

@jheiselman
Copy link
Author

I'm not sure what more information I could provide. It's a growing best practice to use a non-root user inside the container. Typically following a pattern of

RUN addgroup bitwarden && adduser -g bitwarden -uid 1000 bitwarden
USER 1000
CMD ["bitwarden-server"]

Please note that I have no looked at your container image at all in any detail to know if these commands are correct, but they should give you the gist of the setup.

@justindbaur justindbaur mentioned this issue May 25, 2023
Open
54 tasks
@justindbaur
Copy link
Member

@jheiselman We are more than willing to accept a PR along these terms but we are not currently working on making this happen. I'm going to leave it open so that you or any other contributor who wants this feature can vote for it or see that we'd accept a PR.

@juanico10
Copy link

Hi, I would be happy to help solve this PR, I have helped other teams with Docker. Best regards

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug bw-unified-deploy An Issue related to Bitwarden unified deployment help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jheiselman @justindbaur @atjbramley @juanico10