-1 
From node:16.10-stretch
WORKDIR /app
COPY . .
RUN apt-get update && npm install && apt-get install clamav-daemon -y && \
    freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
    echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \
    mkdir /unscanned_files && chmod -R 0777 /unscanned_files
RUN useradd -u 10101 clamav_user
RUN chmod -R 0777 /app/bootstrap.sh
USER clamav_user
CMD ["sh", "bootstrap.sh"]

现在 docker build 为非 root 用户创建正常,但是当我们为构建的图像执行 docker run 时,它给出了权限错误。错误:无法以附加模式打开/var/log/clamav/freshclam.log(检查权限) mkdir:无法创建目录'/var/run/clamav':权限被拒绝在此处输入代码

此 ClamAV docker 文件需要哪些更改才能在没有权限问题的情况下为非 root 用户运行?请帮忙

4

1 回答 1

0 
From node:16.10-stretch
WORKDIR /app
COPY . .
RUN apt-get update && npm install && apt-get install clamav-daemon -y && \
    freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
    echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \
    mkdir /unscanned_files && chmod -R 0777 /unscanned_files
RUN useradd -u 10101 clamav_user
RUN chmod -R 0777 /app/bootstrap.sh
RUN mkdir -p /var/run/clamav && chown -R clamav_user /var/run/clamav
USER clamav_user
CMD ["sh", "bootstrap.sh"]

附带说明一下,作为优化,您应该以下列方式重新排列 dockerfile

From node:16.10-stretch
COPY package.json /tmp
RUN apt-get update && npm --prefix /tmp/ install && apt-get install clamav-daemon -y && \
    freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
    echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \
    mkdir /unscanned_files && chmod -R 0777 /unscanned_files
RUN useradd -u 10101 clamav_user
RUN mkdir -p /var/run/clamav && chown -R clamav_user /var/run/clamav
WORKDIR /app
COPY . .
RUN chmod -R 0777 /app/bootstrap.sh
USER clamav_user
CMD ["sh", "bootstrap.sh"]

这将避免RUN apt-get update && npm install && apt-get install clamav-daemon -y && \ freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \ echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \ mkdir /unscanned_files && chmod -R 0777 /unscanned_files 再次构建层,因为您的源文件仅被更改

我不确定您的 bootstrap.sh 中有什么,但我认为上述更改对您有用。

于 2021-11-12T10:17:45.093 回答