Add option to run under specific UID/GID #27
Comments
|
I think that this might relate to issues, where plugin dependencies cannot get installed. Since the scripts only get called on container start, I don't see much potential for container takeovers. Do you have any special concerns or see potential attacks? |
|
My concerns are not specifically to homebridge per se, but it was proven before that it's possible to get out of the container, so I got used to not run anything that is not needed as root inside Docker. If you take a look at linuxserver.io containers, you can pass environment variables (UID/GID) to the container and it will do all necessary things as root (like installing scripts) but whenever run the actual program (homebridge in this case), they switch the id/gid to whatever you specified on the variables. This seems like a sensible approach that might be applicable to this case, I guess. |
|
I can understand you concerns, but won't be able to add such feature via env variable any time soon. Feel free to add a PR! |
Is this possible right now? Can't find. I'm not all too comfortable running it as root. That would be a great addition!
The text was updated successfully, but these errors were encountered: