questions about uid change between jammy and bionic stack #188
Replies: 3 comments 3 replies
-
Security. We have made changes such that the build uid and run uid are different so that at runtime, what you can actually write to is limited.
If you have an application that writes to the local file system...
I'm not aware of any other changes that we made, but I suspect someone on the @paketo-buildpacks/builders-maintainers or @paketo-buildpacks/stacks-maintainers can confirm. You would also want to just watch out for any changes in Ubuntu from Bionic to Jammy that might affect your application. The impact of this will vary depending on your language runtime. |
Beta Was this translation helpful? Give feedback.
-
Hi @dmikusa Our customers are trying to migrate Bionic to Jammy OS, they also care about the security |
Beta Was this translation helpful? Give feedback.
-
Hi @dmikusa , I use the latest builder paketobuildpacks/builder to build the image and find the layer and workspace folder owner is still 1000, is there any gap? |
Beta Was this translation helpful? Give feedback.
-
In bionic stack, the uid is the same between build and runtime phases,
But in jammy stack, the uid in build phase is 1001, but in the runtime phase is 1002.
When upgrading bionic stack to jammy stack, it may need to so some code change, like if we have some logic that copy/write files in
/workspace
dir, it will throw exceptions.What's the reason to change the uid, and are there any guide to migrate bionic stack to jammy stack smoothly? I think there are other changes too.
Beta Was this translation helpful? Give feedback.
All reactions