[
https://issues.apache.org/jira/browse/AMQ-9588?focusedWorklogId=1004651&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1004651
]
ASF GitHub Bot logged work on AMQ-9588:
---------------------------------------
Author: ASF GitHub Bot
Created on: 11/Feb/26 17:16
Start Date: 11/Feb/26 17:16
Worklog Time Spent: 10m
Work Description: jbonofre commented on PR #1665:
URL: https://github.com/apache/activemq/pull/1665#issuecomment-3885814021
@jeanouii good catches, I updated the PR.
Issue Time Tracking
-------------------
Worklog Id: (was: 1004651)
Time Spent: 40m (was: 0.5h)
> Running Docker image as root is required for proper functionality
> -----------------------------------------------------------------
>
> Key: AMQ-9588
> URL: https://issues.apache.org/jira/browse/AMQ-9588
> Project: ActiveMQ
> Issue Type: Bug
> Components: Docker
> Affects Versions: 5.18.4
> Reporter: Giovanni Toraldo
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Fix For: 6.3.0, 5.19.2, 6.2.1
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> During the evaluation of the new Docker image, we found that running it as a
> non-privileged user is currently not supported. This raises a significant
> security concern, as it contradicts best practices for container security,
> where running processes as root should be avoided to minimize risks.
> Below is a log excerpt from our attempt to run the container as a
> non-privileged user while setting a custom password via the dedicated
> environment variable:
>
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedB5ltuV:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sednfPcf9:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedto1f2G:
> Permission denied │}}
> {{│ touch: cannot touch
> '/opt/apache-activemq/conf/connection.security.enabled': Permission denied
> │}}
> {{│ Enabling ActiveMQ JMX security
> │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedoJUbth:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/seduC85KQ:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedSDm7nf:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedanmNww:
> Permission denied │}}
> {{│ touch: cannot touch '/opt/apache-activemq/conf/jmx.security.enabled':
> Permission denied │}}
> {{│ Enabling ActiveMQ WebConsole security
> │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/seddcJbla:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedFWZO7r:
> Permission denied}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
