Run the container as a non-root user #7

New Issue

2026-06-17T17:12:34+01:00

lyrathorpe commented

2026-06-17 17:12:34 +01:00

The Dockerfile runs the process as root. The proxy needs no root privileges at runtime (ports 110/25 are published via the host mapping, not bound inside a restricted namespace requiring CAP_NET_BIND_SERVICE in the default Docker config — confirm during implementation).

Fix:

Create a dedicated non-root user in the Dockerfile and switch to it with USER before CMD.
Verify the published port mapping still works (docker run -p 110:110 -p 25:25 ...).

Acceptance:

The container process runs as a non-root UID.
POP3/SMTP remain reachable via the documented port mapping.

The Dockerfile runs the process as root. The proxy needs no root privileges at runtime (ports 110/25 are published via the host mapping, not bound inside a restricted namespace requiring CAP_NET_BIND_SERVICE in the default Docker config — confirm during implementation). Fix: - Create a dedicated non-root user in the Dockerfile and switch to it with USER before CMD. - Verify the published port mapping still works (docker run -p 110:110 -p 25:25 ...). Acceptance: - The container process runs as a non-root UID. - POP3/SMTP remain reachable via the documented port mapping.

lyrathorpe added the security label 2026-06-17 17:12:34 +01:00

lyrathorpe referenced this issue from a commit

2026-06-17 17:22:30 +01:00

chore: run container as non-root user

lyrathorpe referenced a pull request that will close this issue

2026-06-17 17:22:56 +01:00

Run container as non-root user #11

lyrathorpe referenced this issue from a commit

2026-06-17 17:33:24 +01:00

Run container as non-root user (#11)

lyrathorpe closed this issue

2026-06-17 17:33:24 +01:00