zlacker

[parent] [thread] 3 comments
1. flower+(OP)[view] [source] 2025-12-18 06:48:58
Readonly and rootless are my two requirements for Docker containers. Most images can't run readonly because they try to create a user in some startup script. Since I want my UIDs unique to isolate mounted directories, this is meaningless. I end up having to wrap or copy Dockerfiles to make them behave reasonably.

Having such a nice layered buildsystem with mountpoints, I'm amazed Docker made readonly an afterthought.

replies(1): >>subscr+M6
2. subscr+M6[view] [source] 2025-12-18 07:59:08
>>flower+(OP)
I like steering docker runs with docker-compose, especially with .env files - easy to store in repositories, easy to customise and have sane defaults.
replies(1): >>flower+Mv
◧◩
3. flower+Mv[view] [source] [discussion] 2025-12-18 11:53:47
>>subscr+M6
Yeah agreed. I use docker-compose. But it doesn't help if the Docker images try to update /etc/passwd, or force a hardcoded UID, or run some install.sh at runtime instead of buildtime.
replies(1): >>subscr+Dxj
◧◩◪
4. subscr+Dxj[view] [source] [discussion] 2025-12-25 14:50:30
>>flower+Mv
Oh, absolutely. Some things some images try to do are just silly.
[go to top]