Public | Automated Build

Last pushed: 4 months ago
Short Description
A Postgres image with a small footprint without privilege escalation; User stoic runs the server.
Full Description

PostgreSQL docker image based on Alpine Linux

This repository builds a docker image that accepts the same env vars as the
official postgres build.

This fork: no root|sudo|guso|chown|chgrp

This fork was made to start the docker container as the stoic user.
No privilege escalation takes place.
It fits the security requirements of our customers.
It requires that the host OS for the docker containers
has defined a stoic user with the gid and uid 40561:

# On CoreOS, Alpine etc:
addgroup -g 40561 stoic && adduser -u 40561 -G stoic -D stoic
# On debian:
groupadd -r stoic --gid=40561 && useradd -r -g stoic --uid=40561 stoic

Why?

Security constraints.

Ability to run in userspace with udocker/proot:

udocker create --name=postgres sutoiku/postgres:debian
udocker run -u stoic -v /tmp -v /run -v /tmp:/var/run/postgresql -e POSTGRES_LISTEN_ADDRESSES="\'127.0.0.1\'" -v /data/stoic/data/pgdata:/var/lib/postgresql/data -w / postgres

Build

$ make build

DockerHub

This image is published on DockerHub as docker pull sutoiku/postgres:debian.

Click here to see it's DockerHub homepage

Usage

This image works in the same way the official postgres docker image work.

It's documented on DockerHub in it's README: https://hub.docker.com/_/postgres/.

For example, you can start a basic PostgreSQL server, protected by a password,
listening on port 5432 by running the following:

$ docker run --name some-postgres -e POSTGRES_PASSWORD=mysecretpassword -d kiasaki/alpine-postgres

Next, you can start you app's container while linking it to the PostgreSQL
container you just created giving it access to it.

$ docker run --name some-app --link some-postgres:postgres -d application-that-uses-postgres

Your app will now be able to access POSTGRES_PORT_5432_TCP_ADDR and POSTGRES_PORT_5432_TCP_PORT environment variables.

License

MIT. See LICENSE file.

Docker Pull Command
Owner
sutoiku
Source Repository

Comments (0)