Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Invalid
-
1.3.0
-
None
-
Docker
Description
When running GUACD-Docker image, in order to inject private CA certificates into the certificate store, one is supposed to run update-ca-certificates in order to rebuild the ca_certificates.crt file in /etc/ssl/certs folder to include the additional CAs. I was able to place the 3 root certificates via a bind mount into /usr/local/share/ca-certificates. When I run update-ca-certificates as a command in the docker container at entrypoint, it fails due to a permissions limitation.
The error message shown is that the command does not have permission to create the symbolic link in the folder /etc/ssl/certs and the docker image will fail to deploy.
ln: failed to create symbolic link '/etc/ssl/certs/xxxxxxxx.pem': Permission denied
{{}}The guacd-docker image runs under user guacd and not root, so even if I exec into the container I can't run it manually either. I realize this is a good security measure but I'm wondering how to do this properly?
I'm hoping that guacd reads /etc/ssl/certs/ca_certificates.crt to authenticate RDP connections, but I won't be able to RDP and verify the any certificate based off my private PKI infrastructure until I can add trusted roots to that store.