-
Notifications
You must be signed in to change notification settings - Fork 577
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Volumes should not be defined in base images #140
Comments
First, we are embedding data in our redis container. (it's a choice) |
Second it! |
I also see this as an issue, albeit a small one. Every time you run a new redis container it creates a new anonymous volume. The docker and compose CLIs both provide ways of removing anonymous volumes when removing containers, but unless you are aware of these anonymous volumes being created you won't know to clean them up, and so they may continue to grow in number behind the scenes. |
@MrIceman,
We do not build images with malware installed (I did just pull and check them in case there was some sort of exploit of Docker Hub). The affected users are likely exposing their redis to the public internet where it is trivial to "hack". Edit: previous users with problems by "hackers", #44 (comment), #44 (comment), #44 (comment) |
@yosifkit you are right, it was my missing knowledge about the security of redis. I learned it the hard way. Sorry for this misinformation |
Hi, We have exactly the same problem with redis volume, is it planned to delete the instruction volume in redis Dockerfile or not ? In production have a many anon volume is not really clean for infrastructure exploitation. |
I ended up building my own image. Also see #175 |
You can remove the anonymous volumes by removing the container and its attached anomymous volumes. |
This is a similar request to docker-library/postgres#404: VOLUMEs should not be declared on the base image (even if "not used" as is in redis).
It gives you unnamed volumes (with a random id) that cannot be removed
You cannot override it (yet?), see Reset properties inherited from parent image moby/moby#3465
VOLUME can easily be declared in a child image/compose/swarm/etc
The text was updated successfully, but these errors were encountered: