stackoom
  简体   繁体   中英

clamav docker build for non root user issue

 原文  2021-11-12 07:30:25       docker/ dockerfile/ clamav/ clam

Question

From node:16.10-stretch
WORKDIR /app`
COPY . .
RUN apt-get update && npm install && apt-get install clamav-daemon -y && \
    freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
    echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \
    mkdir /unscanned_files && chmod -R 0777 /unscanned_files
RUN useradd -u 10101 clamav_user
RUN chmod -R 0777 /app/bootstrap.sh
USER clamav_user
CMD ["sh", "bootstrap.sh"]

Now docker build is creating fine for non-root users but when we run this build it is giving a permission error. Error: Can't open /var/log/clamav/freshclam.log in append mode (check permission) mkdir: cannot create directory '/var/run/clamav' : Permission denied enter code here

what changes are required in this ClamAV docker file to run for non-root users without permission problems?? please help

1 answers

solution1
 0  2021-11-12 10:17:45

From node:16.10-stretch
WORKDIR /app
COPY . .
RUN apt-get update && npm install && apt-get install clamav-daemon -y && \
    freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
    echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \
    mkdir /unscanned_files && chmod -R 0777 /unscanned_files
RUN useradd -u 10101 clamav_user
RUN chmod -R 0777 /app/bootstrap.sh
RUN mkdir -p /var/run/clamav && chown -R clamav_user /var/run/clamav
USER clamav_user
CMD ["sh", "bootstrap.sh"]

on a side note, as optimization you should rearrange dockerfile in following manner

From node:16.10-stretch
COPY package.json /tmp
RUN apt-get update && npm --prefix /tmp/ install && apt-get install clamav-daemon -y && \
    freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
    echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \
    mkdir /unscanned_files && chmod -R 0777 /unscanned_files
RUN useradd -u 10101 clamav_user
RUN mkdir -p /var/run/clamav && chown -R clamav_user /var/run/clamav
WORKDIR /app
COPY . .
RUN chmod -R 0777 /app/bootstrap.sh
USER clamav_user
CMD ["sh", "bootstrap.sh"]

This will avoid building layer RUN apt-get update && npm install && apt-get install clamav-daemon -y && \\ freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \\ echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \\ mkdir /unscanned_files && chmod -R 0777 /unscanned_files again as your source files are only changed

I am not sure what's in the bootstrap.sh you have, but i think the above changes will work for you.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Build and Run Docker image as non-root user Non-root user in Docker docker secrets with non root user Run docker inside docker as non root user How to build docker with non-root user privileges to setup python application with pipenv? Building Docker image as non-root user Running docker containe process as non root user Building Docker image as non root user .NET Docker container as dynamic non root User Mount volumes as non root user in docker container
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM