I’ve been experimenting further with looking into recent Go CVEs and had seen several across the last few months coming out of the Mattermost repo. The Docker compose setup wasn’t as plug-and-play as I’ve run into in the past, so some items had to be done differently as I was setting it up on an Intel Mac Mini. As a warning for those with M1 Macs — it doesn’t have a Docker image, so you’d have to build it yourself.
The two most helpful items I found are below:
From the first link, I made the suggested edits to the two security_opt sections within the .yml, and noted the chown problem he was looking into. He ran specific Podman commands that aren’t a 1:1 fit for Orbstack, which is what led me to the second URL. Apparently UID 501 is the “first created interactive user”, which is also normally the admin user, on a Mac. So I used that to replace the 2000 value located within the recommended commands for the Mattermost Docker setup.
mkdir -p ./volumes/app/mattermost/{config,data,logs,plugins,client/plugins,bleve-indexes}
sudo chown -R 501:501 ./volumes/app/mattermostAfter that, I spun it up and didn’t run into any further issues with the container crashing immediately due to permission issues. If you want to double-check your UID, just use the following command: id.
Who knows if there will be further fallout from the changes, but if I run into anything I’ll come back here and update the post.
This is a collection of my cybersecurity notes & projects.
I graduated from Dakota State University with a MS in Cyber Defense & BS in Cyber Operations. Since then I've worked as a Malware Analyst with the U.S. Army Cyber Command, and am now a Web Application Security Consultant.
I'm a big fan of open security standards for applications and workflow automation when it comes to security testing. The easier it is to identify and replicate, the more secure everyone's apps can be! My other writings and projects are scattered across the web, but can be found in the links page.
Contact me: