Non-root support

How to run the container with non-root access via Docker Container

Step 1: get the docker image from docker hub (Refer to: Run image published on OPSWAT Docker Hub)

Step 2: launch docker image with non-root option

Info
  • specific UID:GID = 1000:1000 to enable non-root support

  • beside that, below environment variable require to run the doc

    • MD_USER=admin

    • MD_PWD=admin

    • ACCEPT_EULA=true

    • DB_USER=postgres

    • DB_PWD=postgres

    • DB_MODE=1

    • DB_HOST=localhost

    • DB_PORT=5432

    • DB_TYPE=local

docker run --user 1000:1000 -it \ -e MD_USER=admin -e MD_PWD=admin \ -e ACCEPT_EULA=true -e DB_HOST=localhost \ -e DB_MODE=1 -e DB_TYPE=local -e DB_USER=postgres -e DB_PWD=posgres \ -e DB_PORT=5432 opswat/metadefendericapsrv-debian:5.8.0

Step 3: verify the UID:GID works properly

run command inside container to see the process mdicapsrv is running

ps -ef

Non-root access on Kubernetes

Step 1: Download help chart of MD ICAP Server from Github

Step 2: Modify UID:GID to run as non-root

create file override.values.yaml to override default value

ACCEPT_EULA: false mdicapsrv_user: admin # Initial admin user for the MD ICAP Server web interface mdicapsrv_password: admin # Initial admin password for the MD ICAP Server web interface, if not set it will be randomly generated mdicapsrv_license_key: <SET_LICENSE_KEY_HERE> # A valid license key, **this value is mandatory** icap_components: md_icapsrv: securityContext: runAsUser: 1000 # Specify the UID of the user, id is 1000 runAsGroup: 1000 # Specify the GID of the group, id is 1000 runAsNonRoot: true allowPrivilegeEscalation: false

Step 3: deploy the helm chart with override values

helm install mdicapsrv -n default -f override.values.yaml .

Step 4: verify the pod and mdicapsrv are running



How to customer the UID and GID value?

The default value of UID and GID is 1000, these default value can be customized via Docker toolkit on My OPSWAT Portal and rebuild a new image (refer to Using build tool kit with your own docker image)

Step 1: modify RUN_UID and RUN_GID value in file Dockerfile

Step 2: Rebuild docker image

cd <build-kit-directory> docker build --build-arg VERSION=5.8.0 -t oharbor.opswat.com/icap/mdicapsrv-debian:5.8.0 .