fmaschler commented on issue #3579: Using non root user in controller URL: https://github.com/apache/incubator-openwhisk/pull/3579#issuecomment-387765815 I checked the namespaces but on the host the process still runs as root: ``` $ docker exec -i -t controller0 /bin/bash bash-4.3# ps PID USER TIME COMMAND 1 root 5:32 /usr/lib/jvm/java-8-oracle/bin/java -Djava.security.egd=file:/dev/./urandom -Xmx2g -XX:+ bash-4.3# exit $ ps -aux | grep java.security root 21745 9.2 6.7 5736432 545532 ? Ssl 13:46 5:54 /usr/lib/jvm/java-8-oracle/bin/java -Djava.security.egd=file:/dev/./urandom -Xmx2g -XX:+... ``` When I run the changed image it already fails at deployment while copying jmxremote to `/root/` @mcdan Do you mean the container logs? Cause they are owned by the non-root user. If the invoker reads the daemon log at `/var/log/upstart/docker.log` it feels like a security issue anyway.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services