Himavanth commented on issue #3579: Using non root user in controller URL: https://github.com/apache/incubator-openwhisk/pull/3579#issuecomment-396251807 @rabbah @fmaschler My 2 cents.. I have found that both the approaches have their limitations. Using a non-root user within the container works for controller and action containers but does not work for invoker since invoker needs privileged access to create action containers. A User namespace has its own limitations documented here. https://docs.docker.com/engine/security/userns-remap/#user-namespace-known-limitations One of the limitations listed is pid=host which is the default ansible config in OW Invoker. The best practice as per docker seems to " configure your container’s applications to run as unprivileged users"
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
