1 個回答
- 最新
- 最多得票
- 最多評論
1
Hi,
Best practice is to run as non-root user: see https://docs.aws.amazon.com/AmazonECS/latest/bestpracticesguide/security-tasks-containers.html
Run containers as a non-root user
You should run containers as a non-root user. By default, containers run as the root
user unless the USER directive is included in your Dockerfile. The default Linux capabilities
that are assigned by Docker restrict the actions that can be run as root, but only marginally.
For example, a container running as root is still not allowed to access devices.
As part of your CI/CD pipeline you should lint Dockerfiles to look for the USER directive and fail the build if it's missin
External sources also recommend to run Fargate images as non-root: https://www.alertlogic.com/blog/aws-fargate-security-best-practices/
Best,
Didier
相關內容
- 已提問 3 個月前
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 7 個月前
- AWS 官方已更新 3 年前
Much appreciated for the fast response!