In order to install the Docker ecosystem, follow the instructions in the documentation:
In most cases, the alpine version is enough. It is lighter than the debian version and this will result in smaller images.
You might need the debian (jessie) version when using libraries such as ImageMagick.
Expore the current user id and the group id in environment variables:
UID = $(shell id -u)
GID = $(shell id -g)
And use them to create a docker thanks to the user
flag.
docker run --user "${UID}:${GID}" hello-world
Or, with docker-compose:
version: '3'
services:
hello:
image: hello-world
user: "${UID}:${GID}"
Documentation: - Docker Security - Isolate containers with a user namespace
In some rare cases, some applications need to access to specifics files in your systems (such as Postgres have to read /etc/passwd
).
You can share a file with read-only mode thanks to a volume, like:
docker run --user "${UID}:${GID}" -v "/etc/passwd:/etc/passwd:ro" hello-world
version: '3'
services:
hello:
image: hello-world
user: "${UID}:${GID}"
volumes:
- "/etc/passwd:/etc/passwd:ro"