Giter Site home page Giter Site logo

container-rhel-examples's Introduction

Build Status

Getting started

Build

build rhel7 images

# build many
$ make

# or build one
$ make -C starter

build centos7 images

# build many
$ make TARGET=centos7

# or build one
$ make -C starter TARGET=centos7

Run

run a built rhel7 image

$ make run -C starter

run a built centos7 image

$ make run -C starter TARGET=centos7

Optional

Lint

lint your Dockerfiles

$ yum -y install nodejs
$ npm install -g dockerfile_lint
$ make lint

Test

rhel7

# test many images
$ make test

# or test one image
$ make test -C starter

centos7

# test many images
$ make test TARGET=centos7

# or test one image
$ make test -C starter TARGET=centos7

OpenShift Test

env setup

# login as an admin user to retrieve the registry address
$ oc login -u system:admin
$ REGISTRY=`oc get svc/docker-registry -n default --template '{{.spec.clusterIP}}:{{index .spec.ports 0 "port"}}'`
# login as a regular user before executing any tests
$ oc login -u developer -p developer

test an image in openshift

$ make openshift-test -C starter OC_USER=`oc whoami` OC_PASS=`oc whoami -t` REGISTRY=${REGISTRY}

# or test a centos7 image
$ make openshift-test -C starter TARGET=centos7 OC_USER=`oc whoami` OC_PASS=`oc whoami -t` REGISTRY=${REGISTRY}

container-rhel-examples's People

Contributors

codificat avatar fbladilo avatar jcpowermac avatar rflorenc avatar tchughesiv avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

container-rhel-examples's Issues

Using nsswrapper is not now recommended method.

Using nsswrapper is no longer the recommended method. The preferred suggestion now is to make /etc/passwd and /etc/group writable and add entries from the ENTRYPOINT script.

See section 'Support Arbitrary User IDs`` in:

For an actual example, which also includes updating /etc/group which sometimes is also necessary but docs don't mention, see:

Making /etc/passwd group writable allows privilege escalation

This repository recommends making /etc/passwd group writable so that the uid_entrypoint script can add a user. At the very least, the uid_entrypoint script should end by removing the group write bit on the file, otherwise it could be written again to allow privilege escalation with su.

However, creating an image with a writeable /etc/passwd and relying on the entrypoint script to secure it means that any user who overrides the entrypoint in a container would lose that protection. Users do not generally expect that overriding an entrypoint will leave their container less secure. Therefore, while I believe this would be an improvement over the status quo, it is still flawed.

In general I am concerned that running as GID 0 may create similar unexpected vulnerabilities in cases where authors of other files on the system may have left them group-writable under GID 0 while not expecting a non-root user to be running with GID 0.

starter-apb stale

@jcpowermac do we update it? or remove and point folks at apb-examples if Q's arise? idk, might be nice to have a starter image that's more of a template... but its just changing so rapidly.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.