Run Docker with Non-Root Internal Users - Run Docker with non-root internal users and for containers that do not support non-root internal users. - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Configure Cortex XSOAR Server to execute containers as non-root internal users.

1. Select Settings → About → Troubleshooting → Add Server Configuration.

2. Add the following:

   Key	Value
   docker.run.internal.asuser	true

3. Click Save.

4. Reset the running containers using one of the following methods:

   From the Cortex XSOAR CLI, type the following command.

   /reset_containers

   Alternatively, restart the Cortex XSOAR Server.

5. From the Cortex XSOAR CLI, type the following command to check if the container is running as a non-root internal user:

   !py script="import os;print(os.getuid())"

   If the server configuration was added successfully and the container is running with a non-root internal user, the output is a non-zero UID.

   If the server configuration was not configured correctly and the container is running with an internal root user, the output is 0.

For containers that do not support non-root internal users.

1. Select Settings → About → Troubleshooting → Add Server Configuration.

2. Add the following:

   Key	Value
   docker.run.internal.asuser.ignore	A CSV list of container names. The Cortex XSOAR server matches the container names according to the prefixes of the key values.

   For example, docker.run.internal.asuser.ignore=demisto/python3:,demisto/python:

   The Cortex XSOAR server matches the key values for the following containers:

   demisto/python:1.3-alpine

   demisto/python:2.7.16.373

   demisto/python3:3.7.3.928

   demisto/python3:3.7.4.977

   The : character should be used to limit the match to the full name of the container. For example, using the : character does not find demisto/python-deb:2.7.16.373.