Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run as a non-root user #69

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Run as a non-root user #69

wants to merge 8 commits into from

Conversation

yo8192
Copy link

@yo8192 yo8192 commented Dec 3, 2022

This is a best security practice for Docker images.

yo8192 and others added 6 commits July 25, 2021 17:42
@yo8192
run as non-root in docker
07d1004
@yo8192
Merge pull request #1 from shenxn/master
298bacb 
Update from shenxn/protonmail-bridge-docker
@yo8192
Run as non-root for higher security
bc9f9b0 
It is best security practice to run the process in docker as non-root.
@yo8192
Docker build from ubuntu:jammy to fix glibc error.
a6c2c97
@yo8192 @actions-user
Sync from origin. (#3)
c875aa8 
* Bump build version to 3.0.5

* Bump build version to 3.0.6

* Bump build version to 3.0.7

Co-authored-by: GitHub Actions <actions@github.com>
@yo8192
Improved user info message in entrypoint.sh.
fa08ca0
@shenxn
Copy link
Owner

shenxn commented Jan 14, 2023

Yes. This is definitely a good idea but it is going to be a breaking change. I'll hold this change and see what we can do to make sure existing users are happy with this.

olivervhansen added a commit to olivervhansen/protonmail-bridge-docker that referenced this pull request Jun 6, 2023
@olivervhansen
Add PR shenxn#69 from upstream
44fbc26
olivervhansen added a commit to olivervhansen/protonmail-bridge-docker that referenced this pull request Jun 6, 2023
@olivervhansen
Update deb dockerfile and entrypoint like PR shenxn#69 from upstream
26aae56
@mark-monteiro
Copy link
Contributor

It would be ideal if the user/group id used was configurable (i.e. via environment variables UID and GID).

This would also be a good route to maintaining backwards compatibility. If neither value is set, the default is to run as root.

@yo8192 @actions-user
@sgtaziz @dngray
Merge from upstream (#4)
69f65ed 
* Bump build version to 3.0.10

* Bump build version to 3.0.12

* Bump build version to 3.0.14

* Bump build version to 3.0.15

* Bump build version to 3.0.16

* Bump deb version to 3.0.17-1

* Bump build version to 3.0.18

* Bump deb version to 3.0.19-1

* Bump build version to 3.0.19

* Bump deb version to 3.0.20-1

* Bump build version to 3.0.20

* Update Ubuntu tag for deb to fix GLIBC dependency (shenxn#80)

GLIBC dependency issue highlighted in
shenxn#79 is caused
by v3 of the bridge not supporting bionic. This PR simply updates the
"deb" version to match the "build" version which is already on
ubuntu:jammy.

* Bump deb version to 3.0.21-1

* Bump build version to 3.0.21

* Bump build version to 3.1.0

* Bump build version to 3.1.1

* Bump deb version to 3.1.2-1

* Bump build version to 3.1.2

* Add a docker compose file (shenxn#70)

It's quite the norm to include a docker-compose file, generally in the
README or the root for people to copy and modify. For example as
https://github.com/wfg/docker-openvpn-client has done so.

If there are [Environmental
variables](https://github.com/wfg/docker-openvpn-client#environment-variables),
they should also be documented - in this case there isn't.

* Bump deb version to 3.1.3-1

* Bump build version to 3.1.3

* Bump build version to 3.2.0

* Bump deb version to 3.2.0-1

* Bump build version to 3.3.0

* Bump deb version to 3.3.0-1

* Bump build version to 3.3.1

* Bump deb version to 3.3.2-1

* Bump build version to 3.3.2

* Bump build version to 3.4.0

* Bump build version to 3.4.1

* Bump build version to 3.4.2

* Bump build version to 3.5.0

* Bump deb version to 3.4.2-1

* Bump build version to 3.5.1

* Bump deb version to 3.5.1-1

* Bump deb version to 3.4.2-1

* Bump build version to 3.5.2

* Bump deb version to 3.5.3-1

* Bump build version to 3.5.3

* Bump build version to 3.6.0

* Bump deb version to 3.5.4-1

* Bump build version to 3.6.1

* Bump deb version to 3.6.1-2

* Bump build version to 3.7.0

* Bump build version to 3.7.1

* Bump deb version to 3.7.1-1

* Bump build version to 3.8.0

* Bump build version to 3.8.1

* Bump deb version to 3.8.1-1

* Bump build version to 3.9.0

* Bump deb version to 3.8.2-1

---------

Co-authored-by: GitHub Actions <actions@github.com>
Co-authored-by: Aziz Hasanain <sgtaziz013@gmail.com>
Co-authored-by: Daniel Nathan Gray <dng@disroot.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@yo8192 @shenxn @mark-monteiro