run as non-root user? #1
Description
Hi, I've been extending some of your images to add a docker user and run the scripts as that user, rather than the root user, to decrease the attack surface when executing untrusted code. Is that something you'd be interested in merging in if I submitted PRs to make it work across all the docker-exec images?
For context, we're looking at possibly replacing a big portion of our old code execution framework @ https://github.com/instructure/straitjacket with these containers. We'd still lock them down with apparmor profiles as well, but running as a non-root user would make me more comfortable, since docker isn't completely hardened against untrusted code.