1306254 – docker: User gets root in running pod when 'USER root' is set and 'USER default' not appended

Bug 1306254 - docker: User gets root in running pod when 'USER root' is set and 'USER default' not appended

Summary: docker: User gets root in running pod when 'USER root' is set and 'USER defau...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1304699
Blocks:	1306257
TreeView+	depends on / blocked

Reported:	2016-02-10 12:30 UTC by Adam Mariš
Modified:	2019-09-29 13:44 UTC (History)
CC List:	16 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-03-16 23:01:59 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Adam Mariš 2016-02-10 12:30:23 UTC

It was reported that during docker-build, if 'USER root' is set and 'USER default' is not appended afterward in the Dockerfile, a user gets root in the running pod after deployment.

Product bug (contains reproducer):

https://bugzilla.redhat.com/show_bug.cgi?id=1304699

Comment 1 Kurt Seifried 2016-02-10 21:41:45 UTC

Spoke with Brenton to confirm this is NOTABUG, misunderstanding of how Docker/builds works.

Comment 2 Jeremy Choi 2016-02-10 23:37:48 UTC

I don't think this can be closed as 'NOTABUG'. At least Openshift Enterprise is preventing this issue, ending up having a non-root user instead. Any reason why Origin cannot do the same thing as Enterprise?

Note You need to log in before you can comment on or make changes to this bug.