Switch to Docker Hardened Image for base, split into multi-stage build#427
Open
mbacon-renci wants to merge 3 commits into
Open
Switch to Docker Hardened Image for base, split into multi-stage build#427mbacon-renci wants to merge 3 commits into
mbacon-renci wants to merge 3 commits into
Conversation
Collaborator
Author
|
Hold reviews on this -- there's definitely something still broken. |
Collaborator
Author
|
Okay, review request back on, when it's convenient. |
YaphetKG
requested changes
Mar 23, 2026
Contributor
YaphetKG
left a comment
YaphetKG
left a comment
There was a problem hiding this comment.
Can we revert back the home dir , and just change the image?
there are specific dir that are being mounted to and etc.. on the deployment files, changes here would mean changes there.
Unless there is any real reason for moving stuff around , we should avoid doing so.
Collaborator
Author
|
It's a little more complicated with DHI, but I can probably do that. (I think. DHI puts some really funny constraints on in places.) |
…dow copy rather than adduser
Collaborator
Author
|
@YaphetKG I've put the home directory back and switched the executable user. I realized I could just copy /etc/passwd and shadow over instead of using adduser. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is an attempt to both update the base image to address vulnerabilities and to switch to a Docker Hardened Image to reduce the frequency of future updates.
For me this appears to work but I'm not sure I have the parameters right. Low priority merge but one that might save us some work down the road.