[jira] [Commented] (AMQ-9588) Running Docker image as root is required for proper functionality

Wed, 02 Oct 2024 22:48:04 -0700 


    [ 
https://issues.apache.org/jira/browse/AMQ-9588?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17886565#comment-17886565
 ] 

Jean-Baptiste Onofré commented on AMQ-9588:
-------------------------------------------

I'm not sure I follow you here.

 

Do you mount /opt/apache-activemq as a PV or is it the container fs ? Do you 
have a test case to reproduce it ?

> Running Docker image as root is required for proper functionality
> -----------------------------------------------------------------
>
>                 Key: AMQ-9588
>                 URL: https://issues.apache.org/jira/browse/AMQ-9588
>             Project: ActiveMQ Classic
>          Issue Type: Bug
>          Components: Docker
>    Affects Versions: 5.18.4
>            Reporter: Giovanni Toraldo
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>
> During the evaluation of the new Docker image, we found that running it as a 
> non-privileged user is currently not supported. This raises a significant 
> security concern, as it contradicts best practices for container security, 
> where running processes as root should be avoided to minimize risks.
> Below is a log excerpt from our attempt to run the container as a 
> non-privileged user while setting a custom password via the dedicated 
> environment variable:
>  
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedB5ltuV: 
> Permission denied                                         │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sednfPcf9: 
> Permission denied                                         │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedto1f2G: 
> Permission denied                                         │}}
> {{│ touch: cannot touch 
> '/opt/apache-activemq/conf/connection.security.enabled': Permission denied    
>                                   │}}
> {{│ Enabling ActiveMQ JMX security                                            
>                           │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedoJUbth: 
> Permission denied                                         │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/seduC85KQ: 
> Permission denied                                         │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedSDm7nf: 
> Permission denied                                         │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedanmNww: 
> Permission denied                                         │}}
> {{│ touch: cannot touch '/opt/apache-activemq/conf/jmx.security.enabled': 
> Permission denied                                         │}}
> {{│ Enabling ActiveMQ WebConsole security                                     
>                              │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/seddcJbla: 
> Permission denied                                         │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedFWZO7r: 
> Permission denied}}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@activemq.apache.org
For additional commands, e-mail: issues-h...@activemq.apache.org
For further information, visit: https://activemq.apache.org/contact

Reply via email to