-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pulsar containers should not run as the root user #8751
Comments
related to |
… Use pulsar User (nonroot user) (#8796) Fixes #8751 ### Motivation Pulsar does not need to run as the root user. This PR updates the pulsar and the pulsar dashboard images to make them run as a new `pulsar` user (user ~1000~ 10000 and group 10001). This change increases the security of pulsar images. ### Modifications Update two `Dockerfile`s to create a pulsar user, chown the appropriate directories, and then use that user by default. ### Verifying this change - [ ] Make sure that the change passes the CI checks. I manually verified that the docker images run with the correct user and file permissions. As this is my first commit, I'm not familiar with pulsar testing. Are there tests that run against the produced docker images? If so, then there is likely no further testing needed.
… Use pulsar User (nonroot user) (#8796) Fixes #8751 Pulsar does not need to run as the root user. This PR updates the pulsar and the pulsar dashboard images to make them run as a new `pulsar` user (user ~1000~ 10000 and group 10001). This change increases the security of pulsar images. Update two `Dockerfile`s to create a pulsar user, chown the appropriate directories, and then use that user by default. - [ ] Make sure that the change passes the CI checks. I manually verified that the docker images run with the correct user and file permissions. As this is my first commit, I'm not familiar with pulsar testing. Are there tests that run against the produced docker images? If so, then there is likely no further testing needed. (cherry picked from commit 4264a67)
… Use pulsar User (nonroot user) (apache#8796) Fixes apache#8751 Pulsar does not need to run as the root user. This PR updates the pulsar and the pulsar dashboard images to make them run as a new `pulsar` user (user ~1000~ 10000 and group 10001). This change increases the security of pulsar images. Update two `Dockerfile`s to create a pulsar user, chown the appropriate directories, and then use that user by default. - [ ] Make sure that the change passes the CI checks. I manually verified that the docker images run with the correct user and file permissions. As this is my first commit, I'm not familiar with pulsar testing. Are there tests that run against the produced docker images? If so, then there is likely no further testing needed. (cherry picked from commit 4264a67)
… Use pulsar User (nonroot user) (apache#8796) Fixes apache#8751 Pulsar does not need to run as the root user. This PR updates the pulsar and the pulsar dashboard images to make them run as a new `pulsar` user (user ~1000~ 10000 and group 10001). This change increases the security of pulsar images. Update two `Dockerfile`s to create a pulsar user, chown the appropriate directories, and then use that user by default. - [ ] Make sure that the change passes the CI checks. I manually verified that the docker images run with the correct user and file permissions. As this is my first commit, I'm not familiar with pulsar testing. Are there tests that run against the produced docker images? If so, then there is likely no further testing needed. (cherry picked from commit 4264a67)
… Use pulsar User (nonroot user) (apache#8796) Fixes apache#8751 Pulsar does not need to run as the root user. This PR updates the pulsar and the pulsar dashboard images to make them run as a new `pulsar` user (user ~1000~ 10000 and group 10001). This change increases the security of pulsar images. Update two `Dockerfile`s to create a pulsar user, chown the appropriate directories, and then use that user by default. - [ ] Make sure that the change passes the CI checks. I manually verified that the docker images run with the correct user and file permissions. As this is my first commit, I'm not familiar with pulsar testing. Are there tests that run against the produced docker images? If so, then there is likely no further testing needed. (cherry picked from commit 4264a67) (cherry picked from commit bf00805)
… Use pulsar User (nonroot user) (apache#8796) Fixes apache#8751 Pulsar does not need to run as the root user. This PR updates the pulsar and the pulsar dashboard images to make them run as a new `pulsar` user (user ~1000~ 10000 and group 10001). This change increases the security of pulsar images. Update two `Dockerfile`s to create a pulsar user, chown the appropriate directories, and then use that user by default. - [ ] Make sure that the change passes the CI checks. I manually verified that the docker images run with the correct user and file permissions. As this is my first commit, I'm not familiar with pulsar testing. Are there tests that run against the produced docker images? If so, then there is likely no further testing needed. (cherry picked from commit 4264a67) (cherry picked from commit bf00805)
@frankjkelly - I don't know of any equivalent issue. I will open a new issue today with details for what needs to happen in order to get this feature added. Based on a recent pulsar community meeting, there is a desire for more integration testing before merging this change. I plan to help contribute this feature, but I don't expect to be able to work on it for a couple of weeks. |
@michaeljmarshall thanks - that sounds good |
@frankjkelly - here is the new issue: #11269. |
… Use pulsar User (nonroot user) (apache#8796) Fixes apache#8751 Pulsar does not need to run as the root user. This PR updates the pulsar and the pulsar dashboard images to make them run as a new `pulsar` user (user ~1000~ 10000 and group 10001). This change increases the security of pulsar images. Update two `Dockerfile`s to create a pulsar user, chown the appropriate directories, and then use that user by default. - [ ] Make sure that the change passes the CI checks. I manually verified that the docker images run with the correct user and file permissions. As this is my first commit, I'm not familiar with pulsar testing. Are there tests that run against the produced docker images? If so, then there is likely no further testing needed. (cherry picked from commit 4264a67) (cherry picked from commit bf00805) (cherry picked from commit 1b44c32)
Is your enhancement request related to a problem? Please describe.
The image produced by pulsar unnecessarily runs as the root user. My company requires applications to run with the least privilege necessary, and the current pulsar docker images do not comply with that policy.
Describe the solution you'd like
Given that pulsar only needs privileges to read/write from/to certain directories, the Dockerfile should add a user with the appropriate level of permission,
chown
the appropriate directories, and then run as that user.Describe alternatives you've considered
I don't see an alternative--Pulsar does not need root privileges.
Additional context
Note that I want to deploy pulsar on a kubernetes cluster that has a pod security policy that prevents applications from running as root. Given that it is a good security principal to give applications the least permission possible, I see this enhancement as a way to make pulsar more secure and more easy to adopt for other organizations.
The text was updated successfully, but these errors were encountered: