Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to run Blaze as Container with Read-Only Filesystem #1712

Open
alexanderkiel opened this issue May 7, 2024 · 0 comments
Open

Allow to run Blaze as Container with Read-Only Filesystem #1712

alexanderkiel opened this issue May 7, 2024 · 0 comments
Labels
operation Operational issues like monitoring and maintenance.

Comments

@alexanderkiel
Copy link
Member

It is best practise to run containers with read-only root filesystem [1], [2].

The only situation were Blaze like to write a file is while loading the RocksDB shared library. However we can mount a tmpfs at this location. Because the shared library will be also executed, the temps has to be mounted with execute option which isn't the default.

The proposed solution would be to use a separate directory vor RocksDB and mount a tmpfs with execute option there.

docker run -p 8080:8080 --read-only --tmpfs /app/rocksdb:exec -e ROCKSDB_SHAREDLIB_DIR=/app/rocksdb -v blaze-data:/app/data --rm blaze:latest
@alexanderkiel alexanderkiel added the operation Operational issues like monitoring and maintenance. label May 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
operation Operational issues like monitoring and maintenance.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alexanderkiel