[local] Disable IPv6 and add CONFIG_KEYS to kernel #5
Conversation
datadog-compute-robot
force-pushed
the
datadog
branch
from
c463300
to
c067d6f
Compare
zaymat
changed the title
zaymat
force-pushed
the
mayeul/ipv6-nat
branch
2 times, most recently
from
44abaf6
to
6a0a9d5
Compare
![datadog-datadog-prod-us1[bot]](https://avatars.githubusercontent.com/u/365230?s=60&v=4){kind=small}
tools/packaging/kernel/Dockerfile
Outdated
| RUN apt-get update && apt-get install -y \ | ||
| flex \ | ||
| bison \ | ||
| libelf-dev \ | ||
| xz-utils \ | ||
| gcc \ | ||
| make \ | ||
| patch \ | ||
| bc \ | ||
| python3-pip |
There was a problem hiding this comment.
⚪ Code Quality Violation
package make should have version pinned (...read more)
When using apt-get install, pin the version to avoid unwanted upgrades and undefined behavior.
tools/packaging/kernel/Dockerfile
Outdated
|
|
||
| # Install AWS CLI | ||
|
|
||
| RUN pip3 install awscli |
There was a problem hiding this comment.
⚪ Code Quality Violation
| RUN pip3 install awscli | |
| RUN pip3 install --no-cache-dir awscli |
use --no-cache-dir to avoid caching (...read more)
This rule states that Dockerfiles should not use a cache when installing packages. When building Docker images, Docker has a built-in caching mechanism that reuses instructions from previous builds, which can speed up the build process. However, when installing packages, this can lead to outdated packages being used, which might have security vulnerabilities or bugs.
It is important to avoid using a cache when installing packages because it ensures that the latest version of a package is always used. This reduces the risk of security vulnerabilities and bugs, and ensures that your application has the most up-to-date and secure dependencies.
When installing packages with pip in a Dockerfile, use the --no-cache-dir option. This tells pip not to use a cache when installing packages, which ensures that the latest version of the package is always used. For example, instead of writing RUN pip install django, write RUN pip install --no-cache-dir django.
tools/packaging/kernel/Dockerfile
Outdated
| ARG GOLANG_VERSION=1.22.2 | ||
| ARG TARGETARCH | ||
|
|
||
| USER root |
There was a problem hiding this comment.
🟠 Code Vulnerability
last user should not be root (...read more)
Do not use root as the last user because your container runs with the root user. Always use a user with lower privileges.
zaymat
force-pushed
the
mayeul/ipv6-nat
branch
from
6a0a9d5
to
3534f95
Compare
No description provided.