Parity Docker containers run as root

[briskycat]

Docker images defined in https://github.com/paritytech/parity/tree/master/docker run with UID 0, which is not very secure: although "containerized" root user has fewer capabilities than the real root, Docker developers recommend running container processes as unprivileged users.
Even if I specify unprivileged UID:GID in the --user option of the docker run command I still can not run these containers in unprivileged mode because of permissions violation. The images are configured so that the data directory is located in the /root directory of the image, which is owned by root.
It is possible to remap root user inside a Docker container to an unprivileged user on the host, but this is not covered on the wiki page.
It would also be nice if the images had special mount points for external data volumes marked by the Docker VOLUME directive.

[tomusdrw]

@paritytech/ci Please have a look.

@briskycat PRs are very welcome.

[JohnnySheffield]

We have encountered similar issue with current docker images, and are preparing a PR for non-root CentOS image, as current one is not suitable for deploying on OpenShift (Kubernetes).

We had no luck in building current Parity CentOS Docker image, so we went on and created our own. Current image is wget-ing the rpm package, but we would like to build it from source.

The Dockerfile (and the Parity OpenShift template) is currently available here, and the non-root image is published on dockerhub

Can you please check out our current Dockerfile and give feedback is it PR ready, and provide us with info is this code still used for building rpm package.

Cheers!

pinging @Dec-

[folsen]

@JohnnySheffield (Going over stale issues) Did you ever create that PR, is there any more help you need from us?