[
https://issues.apache.org/jira/browse/AMQ-9588?focusedWorklogId=1004646&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1004646
]
ASF GitHub Bot logged work on AMQ-9588:
---------------------------------------
Author: ASF GitHub Bot
Created on: 11/Feb/26 17:06
Start Date: 11/Feb/26 17:06
Worklog Time Spent: 10m
Work Description: jeanouii commented on code in PR #1665:
URL: https://github.com/apache/activemq/pull/1665#discussion_r2794451805
##########
assembly/src/docker/entrypoint.sh:
##########
@@ -89,4 +91,15 @@ if [ -z "${ACTIVEMQ_OPTS}" ]; then
export ACTIVEMQ_OPTS
fi
-exec "$@"
+_term() {
+ echo "Received signal, stopping ActiveMQ..."
+ if [ -n "${child_pid:-}" ] && kill -0 "${child_pid}" 2>/dev/null; then
+ kill -TERM "${child_pid}" 2>/dev/null || true
+ fi
+}
+
+trap _term TERM INT
+
+"$@" &
+child_pid=$!
+wait "${child_pid}"
Review Comment:
exit missing right?
`exit $?`
##########
assembly/src/docker/entrypoint.sh:
##########
@@ -18,6 +18,8 @@
# limitations under the License.
################################################################################
+set -e
Review Comment:
Is it expected?
Any sed command bellow failing will fail silently. Not sure if you wanted
that or not
Issue Time Tracking
-------------------
Worklog Id: (was: 1004646)
Time Spent: 20m (was: 10m)
> Running Docker image as root is required for proper functionality
> -----------------------------------------------------------------
>
> Key: AMQ-9588
> URL: https://issues.apache.org/jira/browse/AMQ-9588
> Project: ActiveMQ
> Issue Type: Bug
> Components: Docker
> Affects Versions: 5.18.4
> Reporter: Giovanni Toraldo
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Fix For: 6.3.0, 5.19.2, 6.2.1
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> During the evaluation of the new Docker image, we found that running it as a
> non-privileged user is currently not supported. This raises a significant
> security concern, as it contradicts best practices for container security,
> where running processes as root should be avoided to minimize risks.
> Below is a log excerpt from our attempt to run the container as a
> non-privileged user while setting a custom password via the dedicated
> environment variable:
>
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedB5ltuV:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sednfPcf9:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedto1f2G:
> Permission denied │}}
> {{│ touch: cannot touch
> '/opt/apache-activemq/conf/connection.security.enabled': Permission denied
> │}}
> {{│ Enabling ActiveMQ JMX security
> │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedoJUbth:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/seduC85KQ:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedSDm7nf:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedanmNww:
> Permission denied │}}
> {{│ touch: cannot touch '/opt/apache-activemq/conf/jmx.security.enabled':
> Permission denied │}}
> {{│ Enabling ActiveMQ WebConsole security
> │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/seddcJbla:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedFWZO7r:
> Permission denied}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
