Do not mount /etc/passwd and /etc/group files

The goal is of this volume mount was to translate usernames from ids. However this is not really necessary, and exposes the full content of the passwd and group file from the host to the container. Moreover, on systems like MacOS where docker runs into an internal Linux VM, the content of the file /etc/passwd is completely irrelevant.
Azure · Oct 2, 2024 · 59b3248 · 59b3248
1 parent d8d44aa
commit 59b3248
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/avm b/avm
@@ -27,7 +27,7 @@ fi
 # Check if we are running in a container
 # If we are then just run make directly
 if [ -z "$AVM_IN_CONTAINER" ]; then
-  $CONTAINER_RUNTIME run --pull always --user "$(id -u):$(id -g)" --rm $AZURE_VOLUME -v /etc/passwd:/etc/passwd -v /etc/group:/etc/group -v "$(pwd)":/src -w /src -e GITHUB_REPOSITORY -e ARM_SUBSCRIPTION_ID -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make "$1"
+  $CONTAINER_RUNTIME run --pull always --user "$(id -u):$(id -g)" --rm $AZURE_VOLUME -v "$(pwd)":/src -w /src -e GITHUB_REPOSITORY -e ARM_SUBSCRIPTION_ID -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make "$1"
 else
   make "$1"
 fi