針對非 root 用戶問題的 clamav docker build
[英]clamav docker build for non root user issue
問題描述
From node:16.10-stretch
WORKDIR /app`
COPY . .
RUN apt-get update && npm install && apt-get install clamav-daemon -y && \
freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \
mkdir /unscanned_files && chmod -R 0777 /unscanned_files
RUN useradd -u 10101 clamav_user
RUN chmod -R 0777 /app/bootstrap.sh
USER clamav_user
CMD ["sh", "bootstrap.sh"]
現在 docker build 對非 root 用戶來說很好,但是當我們運行這個構建時,它給出了一個權限錯誤。 錯誤:無法以追加模式打開 /var/log/clamav/freshclam.log(檢查權限) mkdir:無法創建目錄“/var/run/clamav”:權限被拒絕在此處輸入代碼
這個 ClamAV docker 文件需要哪些更改才能在沒有權限問題的情況下為非 root 用戶運行? 請幫忙
1 個解決方案
解決方案1
0 2021-11-12 10:17:45
From node:16.10-stretch
WORKDIR /app
COPY . .
RUN apt-get update && npm install && apt-get install clamav-daemon -y && \
freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \
mkdir /unscanned_files && chmod -R 0777 /unscanned_files
RUN useradd -u 10101 clamav_user
RUN chmod -R 0777 /app/bootstrap.sh
RUN mkdir -p /var/run/clamav && chown -R clamav_user /var/run/clamav
USER clamav_user
CMD ["sh", "bootstrap.sh"]
附帶說明一下,作為優化,您應該按以下方式重新排列 dockerfile
From node:16.10-stretch
COPY package.json /tmp
RUN apt-get update && npm --prefix /tmp/ install && apt-get install clamav-daemon -y && \
freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \
mkdir /unscanned_files && chmod -R 0777 /unscanned_files
RUN useradd -u 10101 clamav_user
RUN mkdir -p /var/run/clamav && chown -R clamav_user /var/run/clamav
WORKDIR /app
COPY . .
RUN chmod -R 0777 /app/bootstrap.sh
USER clamav_user
CMD ["sh", "bootstrap.sh"]
這將避免構建層RUN apt-get update && npm install && apt-get install clamav-daemon -y && \\ freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \\ echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \\ mkdir /unscanned_files && chmod -R 0777 /unscanned_files再次,因為您的源文件僅被更改
我不確定您擁有的 bootstrap.sh 中有什么,但我認為上述更改對您有用。
如何使用非 root 用戶權限構建 docker 以使用 pipenv 設置 python 應用程序?
[英]How to build docker with non-root user privileges to setup python application with pipenv?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.