uname config option unusable
#55
Comments
|
Good morning, can the code here be added back? As far as I read the code from #50 this should fix setups like mine since PUID and PGID are still initialized with 10000, same as previous mumble user inside the container, and all other setups should not be affected by the mumble user existing inside the container with this UID/GID combination. Removal of this option broke all my deployments which start as root to read letsencrypt certificates (with 600 permissions) and then drop down to the mumble user :/ One further thing which I find dangerous is that #50 clones master of https://github.com/ncopa/su-exec without a fixed tag/version hash, which makes this whole mumble-docker image vulnerable to build chain attacks should hostile code be injected into the su-exec repository with a new commit. (Added suggestion how to solve this here: https://github.com/mumble-voip/mumble-docker/pull/50/files#r1918272775 ) |
yes, I think so. Though it would likely be even better if we moved it into the entry point script such that the |
|
That the reason why I've change id mumble uid/gid before the start. You should take back this part. |
|
Opened PR #56 . |
Due to the removal of a dedicated, named user account in #50, the uname server config option is no longer usable. This is because that option requires a non-root user with a known name to exist.
The fix should be as simple as adding back a
USERdirective into theDockerfile(optionally with some runtime variables that can be used to set that user's UID and GID).The text was updated successfully, but these errors were encountered: