-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrong ownership for some files in the docker image #56
Comments
Hi @vpag and thank you for reporting this! This is definitely something we need to fix and thank you for giving us suggestions too. Will keep you posted on the issue. Btw. what are you working on with Memgraph? |
Hi @katarinasupe This still isn't fixed? Looks like you are using an outdated library that has been superseeded by core as well? I've been tasked with evaluating Memgraph compared to Neo4j and we run unprivileged containers. |
This is really vexing. This is a rather low hanging fruit and a work-around has been provided. for simply changing one line in a build-pipeline 6 months is really a long time. It is anything but trust inspiring. |
Hi @teatreeoilchocolate, I agree with you and apologize for making you wait this long. The happy news is that we are working on something new to make deployment easier for any developer, and that's why we didn't focus on this issue. Does this issue block your work? |
Not a blocking issue. And to be clear, this is not entitlement speaking. |
Thank you for your feedback, @teatreeoilchocolate. It will help us learn how to improve in the future. We recently changed our prioritization system and still have some tweaks to do. We will update the priorities in the community bugs and incremental features project. In the future, if you notice these things and you feel like something is urgent and we should make more effort, or if you have questions, don't hesitate to contact us by booking an office hours call. We are also quite active on Discord to help the community. |
Let's revisit this with the new Memgraph Platform setup cc @MarkoBarisic @gitbuda |
Since that version of
memgraph-platform
imageI cannot pull new images with
userns-remap
enabled for my docker-daemon (there is a need to Isolate containers with a user namespace):Indeed, It's unlikely for
718322462
to be within ID ranges set in/etc/subuid
and/etc/subgid
files, whenever someone configuresuserns-remap
. I tried to extend them and perform such search for files that have too high uid/gid:I'd like to ask to fix owner/group for those files (and some other at least under
/lab/node_modules/
) before-or-at the docker-build, otherwise, you see,userns-remap
enabled (and ranges specified atsubuid
/subgid
not cover too high IDs),those files would be inaccessible to non-root processes(UPD. Well, they're world-Readable, and their parent dir is everyone-eXecutable).Also that would agree with a good practice to keep the stuff in order.
TIA!
UPD. I suggest
COPY --chown=0:0 <...>
at least at https://github.com/memgraph/memgraph-platform/blob/main/Dockerfile#L98 as good enough workaround, if you wish to fix this at docker-build stage instead of at the files origin (where they are copied from).The text was updated successfully, but these errors were encountered: