necouchman commented on a change in pull request #469: GUACAMOLE-890: Security: Allow image to run as non-root user URL: https://github.com/apache/guacamole-client/pull/469#discussion_r387909142
########## File path: guacamole-docker/bin/start.sh ########## @@ -30,7 +30,7 @@ GUACAMOLE_HOME_TEMPLATE="$GUACAMOLE_HOME" -GUACAMOLE_HOME="$HOME/.guacamole" +GUACAMOLE_HOME="/tmp/guacamole" Review comment: I really don't like this part of it - making the `GUACAMOLE_HOME` into a temp directory doesn't seem wise to me. Maybe I'm thinking of this too much from a non-docker perspective, but what if the user decides to try to map through `/etc/guacamole` to a specific path? I don't know if there's any other solution for this in the Docker Tomcat world, but this approach just makes me twitch :-). ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
