[
https://issues.apache.org/jira/browse/AMQ-9588?focusedWorklogId=1004647&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1004647
]
ASF GitHub Bot logged work on AMQ-9588:
---------------------------------------
Author: ASF GitHub Bot
Created on: 11/Feb/26 17:07
Start Date: 11/Feb/26 17:07
Worklog Time Spent: 10m
Work Description: jbonofre commented on code in PR #1665:
URL: https://github.com/apache/activemq/pull/1665#discussion_r2794462835
##########
assembly/src/docker/entrypoint.sh:
##########
@@ -18,6 +18,8 @@
# limitations under the License.
################################################################################
+set -e
Review Comment:
OK to remove the "debug" output.
Issue Time Tracking
-------------------
Worklog Id: (was: 1004647)
Time Spent: 0.5h (was: 20m)
> Running Docker image as root is required for proper functionality
> -----------------------------------------------------------------
>
> Key: AMQ-9588
> URL: https://issues.apache.org/jira/browse/AMQ-9588
> Project: ActiveMQ
> Issue Type: Bug
> Components: Docker
> Affects Versions: 5.18.4
> Reporter: Giovanni Toraldo
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Fix For: 6.3.0, 5.19.2, 6.2.1
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> During the evaluation of the new Docker image, we found that running it as a
> non-privileged user is currently not supported. This raises a significant
> security concern, as it contradicts best practices for container security,
> where running processes as root should be avoided to minimize risks.
> Below is a log excerpt from our attempt to run the container as a
> non-privileged user while setting a custom password via the dedicated
> environment variable:
>
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedB5ltuV:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sednfPcf9:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedto1f2G:
> Permission denied │}}
> {{│ touch: cannot touch
> '/opt/apache-activemq/conf/connection.security.enabled': Permission denied
> │}}
> {{│ Enabling ActiveMQ JMX security
> │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedoJUbth:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/seduC85KQ:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedSDm7nf:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedanmNww:
> Permission denied │}}
> {{│ touch: cannot touch '/opt/apache-activemq/conf/jmx.security.enabled':
> Permission denied │}}
> {{│ Enabling ActiveMQ WebConsole security
> │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/seddcJbla:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedFWZO7r:
> Permission denied}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
