From 1dd4b38e77558ef6be349c9fc3aa1e8467f20356 Mon Sep 17 00:00:00 2001 From: Deepu Thomas Date: Wed, 3 Jun 2026 12:53:41 -0700 Subject: [PATCH] fix(container-base): remove explicit user="root" from containerconfig All five blocks (core, core-dev, distroless-minimal, distroless-base, distroless-debug) declared user="root", which kiwi maps to OCI Config.User="root" in the published image manifest. This diverges from Azure Linux 3.0 (Config.User=null) and from every mainstream distro base image (Debian, Ubuntu, Alpine, UBI, Fedora) which all leave Config.User unset. The OCI runtime default for an unset User is uid 0, so removing the attribute does not change effective runtime behavior - containers still run as root unless overridden. This realigns the 4.0 base images with 3.0 and the broader ecosystem. Fixes: AB#20607 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- base/images/container-base/container-base.kiwi | 5 ----- 1 file changed, 5 deletions(-) diff --git a/base/images/container-base/container-base.kiwi b/base/images/container-base/container-base.kiwi index 1ee97a5eddd..f81c9f76080 100644 --- a/base/images/container-base/container-base.kiwi +++ b/base/images/container-base/container-base.kiwi @@ -58,7 +58,6 @@ name="microsoft/azurelinux/base/core" tag="4.0" additionalnames=":latest" - user="root" workingdir="/"> @@ -69,7 +68,6 @@ @@ -81,7 +79,6 @@ name="microsoft/azurelinux/distroless/minimal" tag="4.0" additionalnames=":latest" - user="root" workingdir="/"> @@ -93,7 +90,6 @@ name="microsoft/azurelinux/distroless/base" tag="4.0" additionalnames=":latest" - user="root" workingdir="/"> @@ -105,7 +101,6 @@ name="microsoft/azurelinux/distroless/debug" tag="4.0" additionalnames=":latest" - user="root" workingdir="/">