堆栈内存溢出
  简体   繁体   English

如何从 Dockerfile 为 OpenShift 创建具有非 root 访问权限的映像?

[英]How to create an Image with non-root access from a Dockerfile for OpenShift?

 原文  2019-10-29 17:41:37       docker/ openshift

问题描述

I need to create an image from a docker file with non-root permission, because I don't have root access on our OpenShift Container Platform.我需要从具有非 root 权限的 docker 文件创建一个映像,因为我在我们的 OpenShift 容器平台上没有 root 访问权限。 Root access is forbidden by our service provider.我们的服务提供商禁止 Root 访问。 When I try to pull the image from docker hub:当我尝试从 docker 集线器中提取图像时:

https://s19.directupload.net/images/191029/2vvyrpw2.jpg https://s19.directupload.net/images/191029/2vvyrpw2.jpg

Container is not runing, because it's need root access.容器没有运行,因为它需要 root 访问权限。

https://s19.directupload.net/images/191029/f42sreci.jpg https://s19.directupload.net/images/191029/f42sreci.jpg

I tried to re-build the image and changed the permission of the path.我试图重新构建图像并更改路径的权限。

Docker File: Docker 文件:

RUN set -x \ && chmod g+rx /usr/local/HelpSystems/GoAnywhere/jre/bin/java

I get this error now:我现在收到此错误:

/usr/local/HelpSystems/GoAnywhere/tomcat/bin/../../jre/bin/java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory

How can I create an image with non-root-access?如何创建具有非 root 访问权限的图像?

1 个解决方案

解决方案1
 1  2019-10-30 13:37:44

By default, OpenShift does not allow containers to run as root .默认情况下,OpenShift 不允许容器以root身份运行。 This is a great security feature from Red Hat.这是 Red Hat 的一项出色的安全功能。

When creating a Docker image using a Dockerfile , I always create a non-root user:使用Dockerfile创建 Docker 映像时,我总是创建一个non-root用户:

  1. Create a non-root user ( USER 1001 ) when running a command to perform some action in your Dockerfile: RUN a,b,c在运行命令以在 Dockerfile 中执行某些操作时创建非 root 用户 ( USER 1001 ): RUN a,b,c
  2. At the end of my Dockerfile, I will set USER 1001 so the container will run as the 1001 user, ie non-root.在我的 Dockerfile 结束时,我将设置USER 1001 ,以便容器将以 1001 用户身份运行,即非 root。

If you need a container to run as root ,如果您需要一个容器以root身份运行,

  1. Create the image off the OpenShift platform从 OpenShift 平台创建映像
  2. Grant privileged access to the container.授予对容器的特权访问 I would not recommend this.我不会推荐这个。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 R + Anaconda3 + 非 root 用户创建 Dockerfile - How to create Dockerfile with R + Anaconda3 + non-root User 如何为非 root 用户配置 Dockerfile 但授予他们访问权限以写入根目录中的文件? - How to configure Dockerfile for non-root user but give them access privileges to write to a file in the root dir? Dockerfile - 创建非 root 用户几乎会使图像大小翻倍 - Dockerfile - Creating non-root user almost doubles the image size 从现有的 Dockerfile 派生 + 将 USER 设置为非 root - Deriving FROM existing Dockerfile + setting USER to non-root 通过 Dockerfile 设置非 root 用户 - Set a Non-Root User by Dockerfile 在jupyter dockerfile中创建非root用户 - Creating non-root user in jupyter dockerfile 如何创建具有非root用户访问权限和docker-compose的共享卷? - How can I create a shared volume with non-root access rights and docker-compose? 使用非 root 用户在 Dockerfile 中运行 root 服务 - Running root service in Dockerfile with non-root user 如何以非root用户身份运行docker镜像? - How to run docker image as a non-root user? 如何用非root用户创建K8S集群? - How to create K8S cluster with non-root user?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM