[
https://issues.apache.org/jira/browse/AMQ-9588?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18057938#comment-18057938
]
ASF subversion and git services commented on AMQ-9588:
------------------------------------------------------
Commit 635448326ffa4386be7baf015a3293eb3850a16c in activemq's branch
refs/heads/activemq-5.19.x from JB Onofré
[ https://gitbox.apache.org/repos/asf?p=activemq.git;h=635448326f ]
AMQ-9588: Run ActiveMQ with regular user in Docker container, and hook to
easily stop the container (#1665)
> Running Docker image as root is required for proper functionality
> -----------------------------------------------------------------
>
> Key: AMQ-9588
> URL: https://issues.apache.org/jira/browse/AMQ-9588
> Project: ActiveMQ
> Issue Type: Bug
> Components: Docker
> Affects Versions: 5.18.4
> Reporter: Giovanni Toraldo
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Fix For: 6.3.0, 5.19.2, 6.2.1
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> During the evaluation of the new Docker image, we found that running it as a
> non-privileged user is currently not supported. This raises a significant
> security concern, as it contradicts best practices for container security,
> where running processes as root should be avoided to minimize risks.
> Below is a log excerpt from our attempt to run the container as a
> non-privileged user while setting a custom password via the dedicated
> environment variable:
>
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedB5ltuV:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sednfPcf9:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedto1f2G:
> Permission denied │}}
> {{│ touch: cannot touch
> '/opt/apache-activemq/conf/connection.security.enabled': Permission denied
> │}}
> {{│ Enabling ActiveMQ JMX security
> │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedoJUbth:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/seduC85KQ:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedSDm7nf:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedanmNww:
> Permission denied │}}
> {{│ touch: cannot touch '/opt/apache-activemq/conf/jmx.security.enabled':
> Permission denied │}}
> {{│ Enabling ActiveMQ WebConsole security
> │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/seddcJbla:
> Permission denied │}}
> {{│ sed: couldn't open temporary file /opt/apache-activemq/conf/sedFWZO7r:
> Permission denied}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
