How do I run my Go application in the scratch container as the user "nobody?"

Issue

I don’t want to run anything in a docker container as root.
And I want minimalistic images.

I can run my compiled Go app in the scratch-image without a problem.
But when I don’t want it to run as root (i assume its running as root)
and define USER nobody in the dockerfile I get

014/10/25 06:07:10 Error response from daemon: Cannot start container 
4822f34e54e20bb580f8cd1d38d7be3c828f28595c2bebad6d827a17b4c2fe21: 
finalize namespace setup user get supplementary groups Unable to find user nobody

here is my dockerfile

FROM scratch
ADD lichtpunkt_go_linux_amd64 /lichtpunkt_go_linux_amd64
ADD web /web
USER nobody
CMD ["./lichtpunkt_go_linux_amd64"]
EXPOSE 3001

EDIT ————

turns out that scratch is empty, very empty.

RUN useradd would execute /bin/sh -c useradd
but there is no /bin/sh .
RUN [“useradd”] would exec directly.
but there is no useradd.
i d have to add rootfs.tar and build stuff from zero.

i ll use debian as i don’t wont to run anything as root within a container
because …

Treat root within a container as if it is root outside of the
container

Solution

turns out that scratch is empty, very empty.

RUN useradd would execute /bin/sh -c useradd but there is no /bin/sh . RUN [“useradd”] would exec directly. but there is no useradd. i d have to add rootfs.tar and build stuff from zero.

i ll use debian as i don’t wont to run anything as root within a container because …

Treat root within a container as if it is root outside of the
container

http://opensource.com/business/14/7/docker-security-selinux

Answered By – somedude

Answer Checked By – Candace Johnson (GoLangFix Volunteer)

Leave a Reply

Your email address will not be published.