academy/mq-container
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MQ 9.1.5 image changes (#62)

Browse Source 
* Upgraded to MQ 9.1.5, upgraded to unzippable install, run as random UID (1001 by default)

* Updated docker tests for MQ 915 random UID

* Added warning to crtmqdir for 10 rc, added trace option to crtmqdir

* Removed dev users from dockerfile
This commit is contained in:
Luke J Powlett
2020-03-03 15:02:36 +00:00
parent 1a7a9236b7
commit c9bac5b544
22 changed files with 153 additions and 311 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/security.md
View File

@@ -4,7 +4,7 @@
### User
The MQ server image is run using the "mqm" user, with a fixed UID and GID of 888.
The MQ server image is run using with UID 1001, though this can be any UID, with a fixed GID of 0 (root).
### Capabilities
@@ -16,7 +16,7 @@ docker run \
--env LICENSE=accept \
--env MQ_QMGR_NAME=QM1 \
--detach \
ibm-mqadvanced-server:9.1.4.0-amd64
ibm-mqadvanced-server:9.1.5.0-amd64
```
The MQ Advanced for Developers image does require the "chown", "setuid", "setgid" and "audit_write" capabilities (plus "dac_override" if you're using an image based on Red Hat Enterprise Linux). This is because it uses the "sudo" command to change passwords inside the container. For example, in Docker, you could do the following:
@@ -31,5 +31,5 @@ docker run \
--env LICENSE=accept \
--env MQ_QMGR_NAME=QM1 \
--detach \
ibm-mqadvanced-server-dev:9.1.4.0-amd64
ibm-mqadvanced-server-dev:9.1.5.0-amd64
```