Replies: 2 comments 2 replies
-
I faced similar issues when trying to run the container in OpenShift, which is quite more strict than base Kubernetes. E.g. containers generally start with a random user, which resulted in
For now I just gave it a more powerful ServiceAccount to work with. But that ain't a solution ✌ Happy to contribute and make this more robust. Also please convert this back to an issue, as the deployment is not working as-is. |
Beta Was this translation helpful? Give feedback.
-
I think it's a meaningful security issue to even have this Dockerfile as-is (and likewise for the ollama/ollama image). Relegating it to a discussion doesn't seem appropriate. It's been standard practice to avoid running as root for years. |
Beta Was this translation helpful? Give feedback.
-
Is your feature request related to a problem? Please describe.
Docker containers running as root are dangerous. It is a best practice to write your Dockerfile such that it drops privileges to another user ID before starting up, or, alternatively, write it in such a way that the
--user
setting in Docker will work as expected. Currently the Dockerfile included with this project depends completely on the context of the root user and will not function if you try to run it any other way.Describe the solution you'd like
Use either the privilege dropping strategy (preferably with a UID/GID environment variable as many other containers use) or support the --user param correctly.
Beta Was this translation helpful? Give feedback.
All reactions