Скачать или смотреть How to make docker container read only (Use 1080 for better resolution)

How to make docker container read only (Use 1080 for better resolution)

HowToContainerReadOnlyDockerCantonese廣東話HowToMakeContainerReadOnly

Скачать How to make docker container read only (Use 1080 for better resolution) бесплатно в качестве 4к (2к / 1080p)

У нас вы можете скачать бесплатно How to make docker container read only (Use 1080 for better resolution) или посмотреть видео с ютуба в максимальном доступном качестве.

Для скачивания выберите вариант из формы ниже:

Информация по загрузке:

Cкачать музыку How to make docker container read only (Use 1080 for better resolution) бесплатно в формате MP3:

Если иконки загрузки не отобразились, ПОЖАЛУЙСТА, НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если у вас возникли трудности с загрузкой, пожалуйста, свяжитесь с нами по контактам, указанным в нижней части страницы.
Спасибо за использование сервиса video2dn.com

Описание к видео How to make docker container read only (Use 1080 for better resolution)

How to make your container read-only

The reason why we need to set container read-only
It is part of security in CIS Docker benchmark
5.12 Mount container's root filesystem as read only

[Prerequisite]
Docker on Linux
Internet access
Basic script language knowledge

[What we cover today]
We will create a read-only container using the read-only flag in docker run command.
About the read-only flag
To check container if it is read-only, we can execute below command

docker ps --quiet | xargs docker inspect --format '{{.Id}}:ReadonlyRootfs={{.HostConfig.ReadonlyRootfs}}'

[General Steps]
Define a set of user/group which executes the container
Write a custom docker file
To change user id that match with created user id and group.
Build it and tag to another image

docker build -t cis/postgres -f Dockerfile .

Prepare your custom docker run command and execute it.
Common Case: I can’t start the docker after setting read-only flag
Reason : process cannot start due to the file read-only permission, the user cannot write file.
Solution : Use volume flag to mapp all container path to host file system
Be careful of user id inside the container
Demo : Postgres

[Demo : Postgres]
Before we start, we need to prepare
Folder paths on linux host which used to map to container file system
E.g. /var/lib/postgres
A new user, used to run the container, should be the same as postgres in the container.
docker exec -it postgres bash
grep postgres /etc/passwd (on container)
useradd postgres -u 101 -g 101 (on linux host)
The following script is used to create a read-only container.

FROM postgres:9.5

RUN usermod postgres -u 101 -g 101

CMD ["postgres"]

#!/bin/bash

export POSTGRESQL_HOME=/var/lib/postgresql

rm -rf $POSTGRESQL_HOME
mkdir -p $POSTGRESQL_HOME/data
chown postgres:postgres -R $POSTGRESQL_HOME
chmod 755 -R /var/lib/postgres

docker run -d \
--restart=on-failures:5 \
--user=postgres \
--name=postgres \
-v $POSTGRESQL_HOME/data:/var/lib/postgresql/data \
-v $POSTGRESQL_HOME/var/run:/var/run \
--publish=192.168.0.4:5432:5432 \
--health-cmd='stat /etc/passwd || exit 1' \
--volume /var/lib/postgres/data:/data \
-e POSTGRES_PASSWORD=password123 \
--read-only \
cis/postgres:latest

Reference
https://www.docker.com/
https://www.postgresql.org/

Комментарии

Информация по комментариям в разработке