-
Notifications
You must be signed in to change notification settings - Fork 6.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add dockerfile, update readme #1154
Conversation
running as root is a bad idea |
what's bad about it? |
as best practice it recommended to start process in a container as standard user and not as root |
Quite simply the same reason you shouldn't run any process as root if not absolutely necessary. It is possible to break out of a docker container (look up "docker privilege escalation/breakout" for more info), or it could be misconfigured and misbehave leading to issues with the host system. |
I've reduced the privileges in the latest commit. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As a best practice, RUN
install instructions in a Dockerfile
should not leave cache behind. This helps to minimize the layers & image size. I suggested changes to clear apt
's cache and disable pip3
's cache.
Thanks, @matiboux. I've applied your suggestions in the latest commit. |
I also made docker related files and send PR as #1418 |
Dunno man, all other Dockerfiles I've seen so far look more complex without any (obvious to me) reason. |
OK. Your Dockerfile is almost the same as mine. But my PR has other feature about environment variables. |
#1418 is now more mature than this PR, please consider contributing your ideas there. |
could be used to fix #1138 if the image is published in a container image repository