如何更新我的 Docker 容器，使其没有特权？

解决方案

我更新了Dockerfile，如下所示：

# nginxinc/nginx-unprivileged:alpine-slim has container vulnerabilities that do not pass AquaScan, even after updating. 3/21/2023.
FROM nginx:alpine-slim
# implement changes required to run NGINX as an unprivileged user
RUN sed -i 's,listen       80;,listen       8080;,' /etc/nginx/conf.d/default.conf 
&& sed -i '/user  nginx;/d' /etc/nginx/nginx.conf 
&& sed -i 's,/var/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf 
&& sed -i "/^http {/a     proxy_temp_path /tmp/proxy_temp;n    client_body_temp_path /tmp/client_temp;n    fastcgi_temp_path /tmp/fastcgi_temp;n    uwsgi_temp_path /tmp/uwsgi_temp;n    scgi_temp_path /tmp/scgi_temp;n" /etc/nginx/nginx.conf 
# nginx user must own the cache and etc directory to write cache and tweak the nginx config    && chown -R $UID:0 /var/cache/nginx 
&& chmod -R g+w /var/cache/nginx 
&& chown -R $UID:0 /etc/nginx 
&& chmod -R g+w /etc/nginx
COPY --chown=nginx:nginx ./docker/nginx/nginx.conf /etc/nginx/conf.d/default.conf
WORKDIR /usr/share/nginx/html
USER nginx
EXPOSE 8080
COPY build .

现在，我的前端应用程序部署在容器中，通过AquaScan。