harden(deploy): run SMCP container as non-root (uid 10001)#6
Merged
Conversation
The SMCP image ran as root (no USER directive). The target cluster (FluxCD/registry deploy) enforces the restricted PodSecurity Standard, which requires runAsNonRoot — the root image would be rejected outright. Changes: - Create a uid/gid 10001 account by appending to /etc/passwd directly. AL2023's minimal base ships no shadow-utils (no useradd); the manual entry adds zero packages, keeping the CVE surface minimal per the ADR-0011 AL2023 rebase. - Relocate the TU workspace from /root/.tooluniverse (mode 0700, root-only) to the app HOME; set HOME + TU_DATA_DIR accordingly. - Add USER 10001 after every root-owned build step (pip install, served-skills COPY/RUN write to /app). served-skills are cp'd world-readable, so no chown is needed there. - docker-compose volume mount follows to /home/app/.tooluniverse. Verified with a local podman build: PID 1 runs as uid 10001, the workspace is writable, /app is read-only, all 76 served-skill bodies are readable, and the server binds :8000 with no permission errors. Deploy follow-ups (cannot be fixed in-image): - K8s pods need securityContext runAsUser: 10001 + fsGroup: 10001 so the PVC mounted at /home/app/.tooluniverse is writable. - sempart's host .env must repoint TU_DATA_DIR to /home/app/.tooluniverse/cache, since env_file overrides the image ENV.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Run the SMCP container as a non-root user (uid 10001) instead of root.
Why
The image had no
USERdirective, so it ran as root. The target FluxCD/registry deploy enforces the restricted PodSecurity Standard, which requiresrunAsNonRoot: true— a root image is rejected at admission. This is a prerequisite for that deploy path (builds on the AL2023 rebase, #5 / ADR-0011).Changes
deploy/Dockerfile— after every root-owned build step:10001(app)by appending to/etc/passwd+/etc/groupdirectly. AL2023's minimal base has noshadow-utils(nouseradd); the manual entry adds zero packages, preserving the minimal CVE surface that motivated the AL2023 rebase./root/.tooluniverse(mode0700, root-only) to/home/app/.tooluniverse; setHOME+TU_DATA_DIRaccordingly.USER 10001(numeric, sorunAsNonRootvalidates the non-zero uid without name resolution).deploy/docker-compose.yml— volume mount follows to/home/app/.tooluniverse.Verification (local podman build)
uid=10001(app)✓TU_DATA_DIRwritable;/appread-only to the app user ✓:8000in ~10s, no permission/read-only errors ✓Deploy follow-ups (not fixable in-image)
securityContext: { runAsNonRoot: true, runAsUser: 10001, fsGroup: 10001 }—fsGroupmakes the PVC mounted at/home/app/.tooluniversewritable (a fresh PVC mounts root-owned, unlike a compose named volume which inherits the image dir's 10001 ownership)..envmust repointTU_DATA_DIRto/home/app/.tooluniverse/cache, sinceenv_fileoverrides the imageENV. The existing volume holds only ~72 KB of disposable cache, so the path switch loses nothing.