manolan1 commented on issue #469: GUACAMOLE-890: Security: Allow image to run as non-root user URL: https://github.com/apache/guacamole-client/pull/469#issuecomment-580451157 > > > As this image is based off Docker's official image for Tomcat, and that image doesn't appear to support running as a different user, it may be worth looking into whether this has already been requested of that image and whether there are known issues preventing it. > > > > > > Please see my comment on the issue. I believe this is unnecessary because the image _does_ support running as non-root, but we are not using the right image. > > They do the `chmod 777 /usr/local/tomcat/temp` I initially proposed :) > We would then be able to get rid of the _User writable CATALINA_TMPDIR_ creation done in `start.sh` by this PR, but I think we would still need the few other modifications brought by this patch. > So perhaps we can keep the jre image for now, but up to the repo-maintainers :) Personally, I would prefer to switch to the supported image tag. Better to resolve this issue in the simplest way possible. *And* the jre8 image is not listed in the supported tags, so we should move off it anyway. I am also slightly concerned about the unpack change unless someone has profiled the performance, but even if there is no performance impact, it isn't the simplest solution.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
