You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The final start command is run as root in the deployed container.
This is bad practice, and can open up vulnerabilities for the app run as root.
This also causes certain programs like puppeteer to refuse to launch (ERROR:zygote_host_impl_linux.cc(90)] Running as root without --no-sandbox is not supported.)
To reproduce
Build a project with Nixpacks.
Run the resulting OCI image.
The start command will be run as root.
Expected behavior
The start command should be deescalated and run as another PID.
Environment
Windows 11, Nixpacks v0.3.8
(affects all versions)
The text was updated successfully, but these errors were encountered:
Is there an existing issue for this?
Describe the bug
The final start command is run as
root
in the deployed container.This is bad practice, and can open up vulnerabilities for the app run as
root
.This also causes certain programs like
puppeteer
to refuse to launch (ERROR:zygote_host_impl_linux.cc(90)] Running as root without --no-sandbox is not supported.
)To reproduce
Build a project with Nixpacks.
Run the resulting OCI image.
The start command will be run as root.
Expected behavior
The start command should be deescalated and run as another PID.
Environment
Windows 11, Nixpacks v0.3.8
(affects all versions)
The text was updated successfully, but these errors were encountered: