Don't run Bundler as root. Bundler can ask for sudo if it is needed

[slackwarelinux]

Don't run Bundler as root. Bundler can ask for sudo if it is needed, and
installing your bundle as root will break this application for all non-root
users on this machine.
Could not locate Gemfile
Could not locate Gemfile

docker-compose.yml
version: '2'
services:
redis:
image: litaio/redis:3.0.1
restart: on-failure
container_name: litaio-redis
hostname: redis
volumes:
- /docker/Litaio/redis:/var/lib/redis
lita:
image: litaio/lita
restart: on-failure
container_name: litaio-lita
hostname: redis
volumes:
- /docker/Litaio/bundle:/var/bundle
links:
- redis:redis
ports:
- "8080:8080"

[jimmycuadra]

I haven't been able to find a definitive answer on whether or not this matters. The naive assumption is that because the whole application is inside a container, it doesn't matter what the user inside the container is. However, there is always the risk of exploitable vulnerabilities in the container runtime or the kernel that could allow an attacker to escape the container. What I am unclear about is whether the application's process inside the container being root or not has any affect on container escapes. I am not sure what the current state of Docker is w/r/t how root inside the container is mapped to users on the host (user namespaces was supposed to be the answer to this, IIRC).

Long story short: I'd like to find someone who knows what they're talking about who can answer conclusively on whether or not a root vs. non-root inside a container matters (preferably with details about why it matters and/or examples of a root process in a container escaping to the host).

[victorsosa]

I had the same issue and fixed it using this:

https://stackoverflow.com/questions/55909543/you-must-use-bundler-2-or-greater-with-this-lockfile-when-running-docker-compos

[victorsosa]

But now I am getting another issue after the previous fix:

[vns@betito alfred]$ sudo docker run --name lita --link redis -v /var/bundle:/var/bundle -p 8080:8080 docker.peopleware.do:5000/alfred:1.0.0
Don't run Bundler as root. Bundler can ask for sudo if it is needed, and
installing your bundle as root will break this application for all non-root
users on this machine.
Using bundler 2.0.2
Using httpclient 2.8.3
Using oj 3.10.0
Using cleverbot_io 2.0.2
Using concurrent-ruby 1.1.5
Using ffi 1.11.3
Using ethon 0.12.0
Using multipart-post 2.1.1
Using faraday 0.17.1
Using rack 1.6.11
Using url_mount 0.2.1
Using http_router 0.11.2
Using i18n 1.7.0
Using ice_nine 0.11.2
Using multi_json 1.14.1
Using nio4r 2.5.2
Using puma 4.3.0
Using rb-readline 0.5.5
Using redis 4.1.3
Using redis-namespace 1.6.0
Using thor 0.20.3
Using lita 4.7.1
Using typhoeus 1.3.1
Using whatsapp 0.1.5
Bundle complete! 3 Gemfile dependencies, 24 gems now installed.
Gems in the groups development and test were not installed.
Bundled gems are installed into `/var/bundle`
Type "exit" or "quit" to end the session.
stty: standard input: Inappropriate ioctl for device
Lita > 
[vns@betito alfred]$ 

Note:
stty: standard input: Inappropriate ioctl for device

and after that the program stop; I look for that in the internet and it seems to be a issue with the standard input