Commit 3b9471e

authored

Use setpriv instead of gosu for dropping privileges in the entrypoint (#435)

* Use setpriv instead of gosu to drop privileges Changes: setpriv is used instead of gosu with the following flags: * Set reuid and regid to redis user and group * Clear all supplementary groups * Set bouding capabilities to an empty list * Enable no-new-privs bit * Set securebit to exclude regaining capabilities

1 parent 1d61ffb commit 3b9471eCopy full SHA for 3b9471e

4 files changed

+52

-75

lines changed

alpine
- Dockerfile
- docker-entrypoint.sh
debian
- Dockerfile
- docker-entrypoint.sh

4 files changed

+52

-75

lines changed

`‎alpine/Dockerfile`

+2-30

Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

`‎alpine/docker-entrypoint.sh`

+25-4

Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

`‎debian/Dockerfile`

-37

Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

`‎debian/docker-entrypoint.sh`

+25-4

Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Comments

(0)