Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modified the Dockerfile to use numeric UID #773

Merged
merged 1 commit into from
May 15, 2021
Merged

Modified the Dockerfile to use numeric UID #773

merged 1 commit into from
May 15, 2021

Conversation

Rchanger
Copy link
Contributor

@Rchanger Rchanger commented May 12, 2021
edited

#766
Fix: modified the docker file to use numeric UID.

USE 101

Reason for change:

when we set the RunAsNonRoot field of a security context, k8s internal logic checks the container for numeric UID instead of a username, and if it doesnot found any numeric UID it throughs error container has runAsNonRoot and image has non-numeric user (terrascan), cannot verify user is non-root

Tested the changes for Use cases

  • Admission controller webhook with plane YAML files
  • Admission controller with Helm
  • Admission controller with argoCD

@sonarcloud
Copy link

sonarcloud bot commented May 12, 2021

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@codecov
Copy link

codecov bot commented May 12, 2021

Codecov Report

Merging #773 (60dc1e5) into master (01c8d78) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #773   +/-   ##
=======================================
  Coverage   73.78%   73.78%           
=======================================
  Files         110      110           
  Lines        3285     3285           
=======================================
  Hits         2424     2424           
  Misses        677      677           
  Partials      184      184

@Rchanger Rchanger linked an issue May 12, 2021 that may be closed by this pull request
Update Docker build for terrascan to use numeric UID #766
Closed
@amirbenv amirbenv requested a review from devang-gaur May 12, 2021 16:45
@devang-gaur
Copy link
Contributor

Built the docker file and by default whoami returns 'terrascan'.

$ docker exec -it c7dfa4829a14 /bin/sh
/ $ whoami
terrascan
/ $ ps aux
PID   USER     TIME  COMMAND
    1 terrasca  0:03 /go/bin/terrascan server --log-type json
   17 terrasca  0:00 /bin/sh
   24 terrasca  0:00 ps aux

@devang-gaur devang-gaur merged commit 0e4c830 into tenable:master May 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@devang-gaur devang-gaur devang-gaur approved these changes

@kanchwala-yusuf kanchwala-yusuf Awaiting requested review from kanchwala-yusuf

@jlk jlk Awaiting requested review from jlk

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update Docker build for terrascan to use numeric UID
2 participants
@Rchanger @devang-gaur