Allow setting the UID and GID of clamav at runtime #12
Conversation
If CLAMAV_UID/CLAMAV_GID are set, the userid and/or groupid of the clamav user is updated on startup. This can be helfull to gain the correct access rights on scandir mounts.
There was a problem hiding this comment.
In addition to my concern about the shadow dependency -- I'm slightly concerned that this will make it more difficult for us to add a variation of the image that is rootless and automatically runs as the clamav user. It's probably fine and we'd just have to note in documentation somewhere that the CLAMAV_UID and CLAMAV_GID options only apply to the version that starts as root.
That ties into a second concern that will need to document this option. If you're able to contribute documentation for these new options to:
- the readme in this repository
- https://github.com/Cisco-Talos/clamav-documentation/blob/main/src/manual/Installing/Docker.md that will help.
Finally, if you could add this same change to the docker-entrypoint.sh scripts under clamav/unstable, that would be great.
You may also wish to add it to the 0.105 variant, but I imagine most people are moving to the 1.0+ images. So I don't really mind either way.
| # For building static libraries with Mussels | ||
| git \ | ||
| patchelf \ | ||
| shadow \ |
There was a problem hiding this comment.
It doesn't seem like this needs to be added to the first image (the "builder" image) as the entrypoint script is based on the second image.
2 participants
If CLAMAV_UID/CLAMAV_GID are set, the userid and/or groupid of the clamav user is updated on startup. This can be helfull to gain the correct access rights on scandir mounts.