Bryan,What version of kernel-headers are you seeing in the image. I think this might be some kind of mistake with the scanning. I have a vague recollection that some scanners mess up kernel headers. The kernel headers is just code, so it can't really have vulnerabilities. If I understand the problem correctly:1. You don't really have a security vulnerability problem2.The scanner might be giving you a false positive3. And/Or, the kernel-headers really might not be getting updated
On Sun, Oct 6, 2019 at 9:01 AM <bryan.hepworth@gmail.com> wrote:Hi all
Not sure this is the best place to ask or not, scenario is as follows: -
building container with podman locally to check it does build - trying it in quay.io and I'm bumping up against a vulnerability I can't seem to correct which I'm thinking is something I'm doing.
I'm uploading a Dockerfile (for want of a better file name) to start the build, but it always finds a vulnerability in kernel-headers for ubi7 which I can't seem to get to update from the build despite yum -y update - it's the gcc package that it loads up.
Dockerfile looks like this: -
FROM registry.access.redhat.com/ubi7/ubi
RUN yum -y update && yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && yum -y update && yum -y install python2 && yum -y install make && yum -y install gcc && yum -y install redhat-rpm-config && yum -y install zlib-devel && yum -y install bzip2 && yum -y install xz-devel && yum -y install python2-devel && yum -y install git && yum -y install python2-pip && yum -y install wget && yum -y install sudo && yum -y install bash && yum clean all
CMD ["/bin/bash"]
USER 0
RUN curl -o miniconda.sh https://repo.continuum.io/miniconda/Miniconda2-latest-Linux-x86_64.sh
RUN bash miniconda.sh -b -p /opt/miniconda
RUN ln -s /opt/miniconda/bin/python /usr/local/bin/python
RUN ln -s /opt/miniconda/bin/pip /usr/local/bin/pip
RUN ln -s /opt/miniconda/bin/conda /usr/local/bin/conda
RUN conda config --add channels defaults
RUN conda config --add channels bioconda
RUN conda config --add channels conda-forge
RUN conda init bash
RUN echo y | conda create -n clairvoyante-conda-env -c bioconda clairvoyante
The quay.io creation is here: -
https://quay.io/repository/bryanhepworth/clairvoyante?tab=tags
Any help most gratefully received.
Bryan
_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io
--_______________________________________________--Scott McCarty, RHCA Product Management - Containers, Red Hat Enterprise Linux & OpenShift Email: smccarty@redhat.com Phone: 312-660-3535 Cell: 330-807-1043 Web: http://crunchtools.comHave questions on Red Hat UBI? Check out the official FAQ: https://red.ht/2yaUcez
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io