manolan1 commented on issue #469: GUACAMOLE-890: Security: Allow image to run as non-root user URL: https://github.com/apache/guacamole-client/pull/469#issuecomment-580479653 > > I am also slightly concerned about the unpack change unless someone has profiled the performance, but even if there is no performance impact, it isn't the simplest solution. > > No more an issue with my last commit, which is IMO a much better solution, it solves the various topics we discussed above 👍 But I just don't see the point! I think this is, indeed, a much better solution and it preserves the WEBAPP_CONTEXT behaviour. However, it is solving a problem that *we* shouldn't be solving. If we move to the supported tomcat image, then it runs with a non-root user without any of these changes. Surely that is *much* better than anything else. By all means add the valve, but I don't think that is solving this same issue, so I believe it is a change that should be made under a different Jira.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
