针对非 root 用户问题的 clamav docker build
[英]clamav docker build for non root user issue
问题描述
From node:16.10-stretch
WORKDIR /app`
COPY . .
RUN apt-get update && npm install && apt-get install clamav-daemon -y && \
freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \
mkdir /unscanned_files && chmod -R 0777 /unscanned_files
RUN useradd -u 10101 clamav_user
RUN chmod -R 0777 /app/bootstrap.sh
USER clamav_user
CMD ["sh", "bootstrap.sh"]
现在 docker build 对非 root 用户来说很好,但是当我们运行这个构建时,它给出了一个权限错误。 错误:无法以追加模式打开 /var/log/clamav/freshclam.log(检查权限) mkdir:无法创建目录“/var/run/clamav”:权限被拒绝在此处输入代码
这个 ClamAV docker 文件需要哪些更改才能在没有权限问题的情况下为非 root 用户运行? 请帮忙
1 个解决方案
解决方案1
0 2021-11-12 10:17:45
From node:16.10-stretch
WORKDIR /app
COPY . .
RUN apt-get update && npm install && apt-get install clamav-daemon -y && \
freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \
mkdir /unscanned_files && chmod -R 0777 /unscanned_files
RUN useradd -u 10101 clamav_user
RUN chmod -R 0777 /app/bootstrap.sh
RUN mkdir -p /var/run/clamav && chown -R clamav_user /var/run/clamav
USER clamav_user
CMD ["sh", "bootstrap.sh"]
附带说明一下,作为优化,您应该按以下方式重新排列 dockerfile
From node:16.10-stretch
COPY package.json /tmp
RUN apt-get update && npm --prefix /tmp/ install && apt-get install clamav-daemon -y && \
freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \
mkdir /unscanned_files && chmod -R 0777 /unscanned_files
RUN useradd -u 10101 clamav_user
RUN mkdir -p /var/run/clamav && chown -R clamav_user /var/run/clamav
WORKDIR /app
COPY . .
RUN chmod -R 0777 /app/bootstrap.sh
USER clamav_user
CMD ["sh", "bootstrap.sh"]
这将避免构建层RUN apt-get update && npm install && apt-get install clamav-daemon -y && \\ freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \\ echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \\ mkdir /unscanned_files && chmod -R 0777 /unscanned_files再次,因为您的源文件仅被更改
我不确定您拥有的 bootstrap.sh 中有什么,但我认为上述更改对您有用。
如何使用非 root 用户权限构建 docker 以使用 pipenv 设置 python 应用程序?
[英]How to build docker with non-root user privileges to setup python application with pipenv?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.