Login/Register
How do you uninstall APK and PIP from Docker Image?
Asked Answered
Solved pipalpine-linux
E

2

15

I'm working on some "common sense" hardening of one of my docker containers and my line of thinking suggests that I could attempt to uninstall APK and PIP from the Alpine linux image after I finish installing all of my dependencies.

I'm having a hard time finding any information on doing so. My line of thinking is that the container is ephemeral so there would never be a need to install anything to a running container.

Essary answered 29/1, 2019 at 15:30 Comment(3)
IMHO it makes sense to remove pip for example as you wont install anything in production unless there is a need for that and it should be in a few cases. however I would leave apk there so i can install pip if i have to.. Also running the container as non root would prevent a non root user to use apk itselfStumper
any suggestion on the removal of pip itself? I've not been successful.Essary
Could you explain what already have you tried and what kind of issues you have faced ?Stumper
C
20

You should be able to remove pip by uninstalling the py-pip package:

apk del py-pip

Followed by deleting pip's cache:

# rm -rf /<HOME_DIR>/.cache/pip

Then, for removing apk, delete the apk binary and folders:

# rm -f /sbin/apk
# rm -rf /etc/apk
# rm -rf /lib/apk
# rm -rf /usr/share/apk
# rm -rf /var/lib/apk

I haven't done Docker hardening/jailing myself, but removing the package manager seems like a common practice for reducing the possible attack surface. Here's an interesting post taking a similar approach:

Carrageen answered 29/1, 2019 at 19:31 Comment(1)
Great info, thanks. When I run the apk del py-pip it returns no error, but if I attempt a pip command afterwards it still works. So far the only thing I've been able to do is rm the pip from /usr/local/bin.Essary
J
9

For removing apk, this will also work and ensure proper removal: apk --purge del apk-tools

Jedlicka answered 13/8, 2021 at 18:4 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.