Docker instance running as root, possible security issue for local data access. REVISITED #5959
Labels
Comments
|
@PeteClapham Thank you for bringing it back up. This is outside of my area of expertise, I've never used singularity or multi-tenant docker environmentsr. All of our docker use is running docker containers independently on isolated vms. Would you be able to create a pull request to make the changes you think are necessary? |
|
Happy to, I'll attempt to get this to you over the w/end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Apologies for re-opening, this is becoming an increasing issue for those looking to run GATK via Docker or singularity in a multi-tenant environment.
Currently:
Docker creation and images provided run with a default user root within the container.
Dropping privileges within the instance to a gatk user, would reduce the risk of inadvertent data access or harm when run in a multi-user environment.
A possible solution:
Add something like the following within the Dockerfile:
RUN useradd -ms /bin/bash dev
WORKDIR /home/dev
USER dev
Providing:
Making changes like the above would bring the GATK docker container into line with best practice and greatly assist sites which are also looking to apply minimum standards enforcable through 3rd party applications, i.e. Aqua etc.
The text was updated successfully, but these errors were encountered: