Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run as non-root by default (and allow arbitrary --user values) #48

Merged
merged 1 commit into from
Jan 26, 2016
Merged

Run as non-root by default (and allow arbitrary --user values) #48

merged 1 commit into from
Jan 26, 2016

Conversation

tianon
Copy link
Member

@tianon tianon commented Jan 26, 2016

No description provided.

@tianon
Copy link
Member Author

tianon commented Jan 26, 2016

Worth also noting that 3.2 will not work without either this, or adding -R to the default flags (which is icky).

@yosifkit
Copy link
Member

LGTM

yosifkit added a commit that referenced this pull request Jan 26, 2016
@yosifkit
Merge pull request #48 from infosiftr/non-root
e10119b 
Run as non-root by default (and allow arbitrary --user values)
@yosifkit yosifkit merged commit e10119b into docker-library:master Jan 26, 2016
@yosifkit yosifkit deleted the non-root branch January 26, 2016 20:50
@yosifkit
Copy link
Member

Same --user improvement as docker-library/rabbitmq#60; so OSX users can do the following and it should work.

$ docker run -d -v /Users/...cassandra/:/var/lib/cassandra --user 1000:50 cassandra

tianon added a commit to infosiftr/stackbrew that referenced this pull request Jan 26, 2016
@tianon
Update docker-library images
14c8065 
- `cassandra`: 3.2 (docker-library/cassandra#47), run as non-root and allow arbitrary `--user` (docker-library/cassandra#48)
- `celery`: 3.1.20
- `mariadb`: resync entrypoint with MySQL (MariaDB/mariadb-docker#37, MariaDB/mariadb-docker#34)
- `memcached`: fix SHA1 checking (docker-library/memcached#6)
- `mongo`: 3.0.9, conditional chown, configdb (MariaDB/mariadb-docker#78)
- `mysql`: fix init failure a bit (docker-library/mysql#134)
- `percona`: resync entrypoint with MySQL (docker-library/percona#12)
- `php`: update FPM to use `php-fpm.d` for config (docker-library/php#184)
- `postgres`: remove EOL 9.0 (docker-library/postgres#122)
- `python`: remove EOL 3.2 (docker-library/python#87)
- `rabbitmq`: allow for arbitrary `--user` (docker-library/rabbitmq#60)
- `rails`: 4.2.5.1
- `redmine`: add SCMs (docker-library/redmine#9)
- `rocket.chat`: 0.15.0 (RocketChat/Docker.Official.Image#13)
- `ruby`: silence `root` warning (docker-library/ruby#63)
This was referenced Jan 26, 2016
Merged
Merged
This was referenced Feb 23, 2016
Merged
Merged
@yosifkit yosifkit mentioned this pull request Feb 29, 2016
Closed
@tianon tianon mentioned this pull request Apr 15, 2016
Merged
This was referenced May 17, 2016
Merged
Merged
RichardScothern pushed a commit to RichardScothern/official-images that referenced this pull request Jun 14, 2016
@tianon @rscothern
Update docker-library images
4112a68 
- `cassandra`: 3.2 (docker-library/cassandra#47), run as non-root and allow arbitrary `--user` (docker-library/cassandra#48)
- `celery`: 3.1.20
- `mariadb`: resync entrypoint with MySQL (MariaDB/mariadb-docker#37, MariaDB/mariadb-docker#34)
- `memcached`: fix SHA1 checking (docker-library/memcached#6)
- `mongo`: 3.0.9, conditional chown, configdb (MariaDB/mariadb-docker#78)
- `mysql`: fix init failure a bit (docker-library/mysql#134)
- `percona`: resync entrypoint with MySQL (docker-library/percona#12)
- `php`: update FPM to use `php-fpm.d` for config (docker-library/php#184)
- `postgres`: remove EOL 9.0 (docker-library/postgres#122)
- `python`: remove EOL 3.2 (docker-library/python#87)
- `rabbitmq`: allow for arbitrary `--user` (docker-library/rabbitmq#60)
- `rails`: 4.2.5.1
- `redmine`: add SCMs (docker-library/redmine#9)
- `rocket.chat`: 0.15.0 (RocketChat/Docker.Official.Image#13)
- `ruby`: silence `root` warning (docker-library/ruby#63)
@albttx
Copy link

albttx commented Sep 16, 2016
edited
Loading

@yosifkit I like the idea, and now my container isn't crashing when i try to create a volume.
Unfortunately, it didn't solve my problem about sharing data volume. :/

WARN  13:56:17 Unable to lock JVM memory (ENOMEM). This can result in part of the JVM being swapped out, especially with mmapped I/O enabled. Increase RLIMIT_MEMLOCK or run Cassandra as root.
db_1             | WARN  13:56:17 jemalloc shared library could not be preloaded to speed up memory allocations
db_1             | WARN  13:56:17 JMX is not enabled to receive remote connections. Please see cassandra-env.sh for more info.
db_1             | WARN  13:56:17 OpenJDK is not recommended. Please upgrade to the newest Oracle Java release
db_1             | INFO  13:56:17 Initializing SIGAR library
db_1             | WARN  13:56:17 Cassandra server running in degraded mode. Is swap disabled? : false,  Address space adequate? : true,  nofile limit adequate? : true, nproc limit adequate? : true
db_1             | INFO  13:56:19 Initialized prepared statement caches with 10 MB (native) and 10 MB (Thrift)
db_1             | INFO  13:56:23 Initializing system.IndexInfo
db_1             | ERROR 13:56:25 Exiting due to error while processing commit log during initialization.
db_1             | org.apache.cassandra.io.FSWriteError: java.io.IOException: Invalid argument
db_1             |      at org.apache.cassandra.db.commitlog.MemoryMappedSegment.createBuffer(MemoryMappedSegment.java:75) ~[apache-cassandra-3.7.jar:3.7]
db_1             |      at org.apache.cassandra.db.commitlog.CommitLogSegment.<init>(CommitLogSegment.java:173) ~[apache-cassandra-3.7.jar:3.7]
db_1             |      at org.apache.cassandra.db.commitlog.MemoryMappedSegment.<init>(MemoryMappedSegment.java:46) ~[apache-cassandra-3.7.jar:3.7]
db_1             |      at org.apache.cassandra.db.commitlog.CommitLogSegment.createSegment(CommitLogSegment.java:128) ~[apache-cassandra-3.7.jar:3.7]
db_1             |      at org.apache.cassandra.db.commitlog.CommitLogSegmentManager$1.runMayThrow(CommitLogSegmentManager.java:120) ~[apache-cassandra-3.7.jar:3.7]
db_1             |      at org.apache.cassandra.utils.WrappedRunnable.run(WrappedRunnable.java:28) [apache-cassandra-3.7.jar:3.7]
db_1             |      at java.lang.Thread.run(Thread.java:745) [na:1.8.0_91]
db_1             | Caused by: java.io.IOException: Invalid argument
db_1             |      at sun.nio.ch.FileChannelImpl.map0(Native Method) ~[na:1.8.0_91]
db_1             |      at sun.nio.ch.FileChannelImpl.map(FileChannelImpl.java:926) ~[na:1.8.0_91]
db_1             |      at org.apache.cassandra.db.commitlog.MemoryMappedSegment.createBuffer(MemoryMappedSegment.java:71) ~[apache-cassandra-3.7.jar:3.7]
db_1             |      ... 6 common frames omitted

Any idea ?

@yosifkit
Copy link
Member

It seems that Cassandra uses memory mapped files like mongodb, and that is not possible in the virtual box shared folder. 😢

The only alternative is to setup nfs from host to vm.

@tianon tianon mentioned this pull request Dec 12, 2016
Merged
This was referenced Jan 19, 2017
Merged
Merged
@tianon tianon mentioned this pull request Aug 29, 2017
Closed
@qedrakmar qedrakmar mentioned this pull request Dec 1, 2017
Closed
@tianon tianon mentioned this pull request Dec 21, 2017
Merged
@tianon tianon mentioned this pull request Jan 4, 2018
Closed
9 tasks
@tianon tianon mentioned this pull request Mar 19, 2018
Merged
This was referenced Nov 1, 2018
Merged
Open
lag-linaro pushed a commit to lag-linaro/fluentd-docker-image that referenced this pull request Nov 16, 2018
Do not manually fix permissions issues by manipulating /etc/passwd
3f6bae6 
If permissions problems exist, they should be overcome properly.

For examples see:

  LINK: docker-library/rabbitmq#60
  LINK: docker-library/cassandra#48
  LINK: docker-library/mongo#81
  LINK: redis/docker-library-redis#48
  LINK: docker-library/mysql#161
  LINK: MariaDB/mariadb-docker#59
  LINK: docker-library/percona#21
  LINK: docker-library/ghost#54
  LINK: docker-library/postgres#253

As suggested by @tianon

  LINK: docker-library/official-images#3724 (comment)

This is part of an effort to make FluentD part of Docker's Official Images.

Signed-off-by: Lee Jones <lee.jones@linaro.org>
lag-linaro pushed a commit to lag-linaro/fluentd-docker-image that referenced this pull request Nov 19, 2018
Do not manually fix permissions issues by manipulating /etc/passwd
450a194 
If permissions problems exist, they should be overcome properly.

For examples see:

  LINK: docker-library/rabbitmq#60
  LINK: docker-library/cassandra#48
  LINK: docker-library/mongo#81
  LINK: redis/docker-library-redis#48
  LINK: docker-library/mysql#161
  LINK: MariaDB/mariadb-docker#59
  LINK: docker-library/percona#21
  LINK: docker-library/ghost#54
  LINK: docker-library/postgres#253

As suggested by @tianon

  LINK: docker-library/official-images#3724 (comment)

This is part of an effort to make FluentD part of Docker's Official Images.

Signed-off-by: Lee Jones <lee.jones@linaro.org>
lag-linaro pushed a commit to lag-linaro/fluentd-docker-image that referenced this pull request Nov 23, 2018
Do not manually fix permissions issues by manipulating /etc/passwd
8859ab1 
If permissions problems exist, they should be overcome properly.

For examples see:

  LINK: docker-library/rabbitmq#60
  LINK: docker-library/cassandra#48
  LINK: docker-library/mongo#81
  LINK: redis/docker-library-redis#48
  LINK: docker-library/mysql#161
  LINK: MariaDB/mariadb-docker#59
  LINK: docker-library/percona#21
  LINK: docker-library/ghost#54
  LINK: docker-library/postgres#253

As suggested by @tianon

  LINK: docker-library/official-images#3724 (comment)

This is part of an effort to make FluentD part of Docker's Official Images.

Signed-off-by: Lee Jones <lee.jones@linaro.org>
lag-linaro pushed a commit to lag-linaro/fluentd-docker-image that referenced this pull request Nov 30, 2018
Do not manually fix permissions issues by manipulating /etc/passwd
e9c1c17 
If permissions problems exist, they should be overcome properly.

For examples see:

  LINK: docker-library/rabbitmq#60
  LINK: docker-library/cassandra#48
  LINK: docker-library/mongo#81
  LINK: redis/docker-library-redis#48
  LINK: docker-library/mysql#161
  LINK: MariaDB/mariadb-docker#59
  LINK: docker-library/percona#21
  LINK: docker-library/ghost#54
  LINK: docker-library/postgres#253

As suggested by @tianon

  LINK: docker-library/official-images#3724 (comment)

This is part of an effort to make FluentD part of Docker's Official Images.

Signed-off-by: Lee Jones <lee.jones@linaro.org>
lag-linaro pushed a commit to lag-linaro/fluentd-docker-image that referenced this pull request Dec 19, 2018
Do not manually fix permissions issues by manipulating /etc/passwd
34ed7d5 
If permissions problems exist, they should be overcome properly.

For examples see:

  LINK: docker-library/rabbitmq#60
  LINK: docker-library/cassandra#48
  LINK: docker-library/mongo#81
  LINK: redis/docker-library-redis#48
  LINK: docker-library/mysql#161
  LINK: MariaDB/mariadb-docker#59
  LINK: docker-library/percona#21
  LINK: docker-library/ghost#54
  LINK: docker-library/postgres#253

As suggested by @tianon

  LINK: docker-library/official-images#3724 (comment)

This is part of an effort to make FluentD part of Docker's Official Images.

Signed-off-by: Lee Jones <lee.jones@linaro.org>
@yosifkit yosifkit mentioned this pull request Feb 12, 2019
Merged
@tianon tianon mentioned this pull request May 17, 2019
Closed
@yosifkit yosifkit mentioned this pull request Sep 30, 2019
Closed
@tianon tianon mentioned this pull request Apr 20, 2021
Closed
@yosifkit yosifkit mentioned this pull request Nov 10, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tianon @yosifkit @albttx