Skip to content

andrewstucki/userdrop

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
main.go
main.go
 
 
passwd
passwd
 
 

Repository files navigation

Scratch container with ssl, non-root user, and CGO

Build with:

docker build . -t userdrop

Run with:

docker run --rm --cap-drop=all userdrop

Added configurations on top of normal scratch

  1. Binary build with CGO enabled by leveraging static musl that comes default in alpine containers
  2. Added ca-certificates package to a well-known path and then copied into scratch container for Go to load
  3. Added a basic passwd file to drop to a non-root user
  4. Run with all capabilities dropped
  5. For image size with an added initial memory footprint and boot-up time, packed the statically built executable with UPX

Output/Stats

docker inspect userdrop -f '{{.Size}}'
2250956
docker run --rm --cap-drop=all userdrop
Google returned a '200' status code.
Called into C function!
Running as: nobody

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages