Searching in

Enter search term to find items
to navigate, to select, and to close

Container Security: Running as Non-Root

Posted on by Nithin Mohan TK 1 min read

By default, Docker containers run as `root`. If a container breakout vulnerability exists, the attacker gains root access to the host.

The Fix

Create a dedicated user in your Dockerfile.

FROM mcr.microsoft.com/dotnet/aspnet:5.0
WORKDIR /app
COPY . .

# Create user
RUN adduser --disabled-password --gecos "" appuser
USER appuser

ENTRYPOINT ["dotnet", "MyApp.dll"]

Enforce this in Kubernetes using `securityContext`: `runAsNonRoot: true`.

Discover more from C4: Container, Code, Cloud & Context

Subscribe to get the latest posts sent to your email.

Posted in Uncategorized

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.