Final start command is run as root
#449
Labels
bug
Something isn't working
Comments
|
I wondered about this alongside alpine for some things. I could address this. Just need to dislodge my other PR first of the pipe. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an existing issue for this?
Describe the bug
The final start command is run as
rootin the deployed container.This is bad practice, and can open up vulnerabilities for the app run as
root.This also causes certain programs like
puppeteerto refuse to launch (ERROR:zygote_host_impl_linux.cc(90)] Running as root without --no-sandbox is not supported.)To reproduce
Build a project with Nixpacks.
Run the resulting OCI image.
The start command will be run as root.
Expected behavior
The start command should be deescalated and run as another PID.
Environment
Windows 11, Nixpacks v0.3.8
(affects all versions)
The text was updated successfully, but these errors were encountered: