On 17.06.25 15:26, Nick Couchman wrote:
On Tue, Jun 17, 2025 at 8:38 AM ענבל סטולרסקי
<[email protected]> wrote:
Hi :)
I'm new to the guacamole world and I'm trying to deploy it on
openshift using the docker images of guacamole and guacd. My
problem is that the guacamole image requires root privileges that
I cannot provide on my cluster and I'm blocked. I was wondering if
there's something I can do about that and if there's an alternate
image for guacamole that does not require root privileges?
I tried to edit the image myself and work around the root
permissions but no success.
Thanks!
When you say that it requires root privileges, what behavior are you
seeing that requires this? I admittedly have not tried running it in a
"rootless" mode, but I also don't think there's anything within the
Guacamole code or functionality that actually would require root
access - it should work fine as a non-root user/container.
-Nick
I'll happily confirm it works perfectly fine in a rootless docker setup
without any modifications to the base images on both 1.5.5 and 1.6.0-RC#.
Running the container additionally read-only will require a few
exceptions for temp volumes and such, but otherwise this also works fine.
If you want source IP propagation for meaningful connection logging,
you'll have to use something like pasta as network driver and make sure
you set the appropriate headers on your reverse proxy.
Of course, you won't be able to use privileged ports if you don't have
the permissions to grant that capability. So you'll have to map an
appropriate external port.
