-1
From node:16.10-stretch
WORKDIR /app
COPY . .
RUN apt-get update && npm install && apt-get install clamav-daemon -y && \
    freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
    echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \
    mkdir /unscanned_files && chmod -R 0777 /unscanned_files
RUN useradd -u 10101 clamav_user
RUN chmod -R 0777 /app/bootstrap.sh
USER clamav_user
CMD ["sh", "bootstrap.sh"]

Now docker build is creating fine for non-root users, but when we do docker run for the image built, it is giving a permission error. Error: Can't open /var/log/clamav/freshclam.log in append mode (check permission) mkdir: cannot create directory '/var/run/clamav' : Permission denied enter code here

what changes are required in this ClamAV docker file to run for non-root users without permission problems?? please help

Gaurav
  • 533
  • 5
  • 20
gabriel
  • 1
  • Why not use the official docker images? https://docs.clamav.net/manual/Installing/Docker.html#the-official-images-on-docker-hub – masseyb Nov 12 '21 at 13:40

1 Answers1

0
From node:16.10-stretch
WORKDIR /app
COPY . .
RUN apt-get update && npm install && apt-get install clamav-daemon -y && \
    freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
    echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \
    mkdir /unscanned_files && chmod -R 0777 /unscanned_files
RUN useradd -u 10101 clamav_user
RUN chmod -R 0777 /app/bootstrap.sh
RUN mkdir -p /var/run/clamav && chown -R clamav_user /var/run/clamav
USER clamav_user
CMD ["sh", "bootstrap.sh"]

on a side note, as optimization you should rearrange dockerfile in following manner

From node:16.10-stretch
COPY package.json /tmp
RUN apt-get update && npm --prefix /tmp/ install && apt-get install clamav-daemon -y && \
    freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
    echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \
    mkdir /unscanned_files && chmod -R 0777 /unscanned_files
RUN useradd -u 10101 clamav_user
RUN mkdir -p /var/run/clamav && chown -R clamav_user /var/run/clamav
WORKDIR /app
COPY . .
RUN chmod -R 0777 /app/bootstrap.sh
USER clamav_user
CMD ["sh", "bootstrap.sh"]

This will avoid building layer RUN apt-get update && npm install && apt-get install clamav-daemon -y && \ freshclam && echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \ echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.js && \ mkdir /unscanned_files && chmod -R 0777 /unscanned_files again as your source files are only changed

I am not sure what's in the bootstrap.sh you have, but i think the above changes will work for you.

Gaurav
  • 533
  • 5
  • 20