Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't run functions as gid=0 #663

Open
andeplane opened this issue Jun 26, 2020 · 4 comments
Open

Don't run functions as gid=0 #663

andeplane opened this issue Jun 26, 2020 · 4 comments

Comments

@andeplane
Copy link

There is a runAsNonRoot setting in the faas-netes configuration, but functions do run as gid 0, which was raised as a potential problem by our security team.

Expected Behaviour

It should be possible to run with gid!=0.

Current Behaviour

Containers run as gid=0.

Your Environment

OpenFaaS on GKE.
@alexellis
Copy link
Member

Can you provide a bit more detail including the potential solution and which files need a change and which flags you would like to see added / updated? What GID is preferable? Have you got a link to another project that does this?

@alexellis
Copy link
Member

@andeplane when you have time, please answer my message from June?

@alexellis
Copy link
Member

@LucasRoesler was this covered by profiles?

@LucasRoesler
Copy link
Member

yes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andeplane @LucasRoesler @alexellis