Harden Slurm Dockerfile; runtime secrets guidance #30
Description
Harden Slurm Dockerfile; runtime secrets guidance
Severity: Medium | Area: Containers | Labels: containers, hardening, docs
Files
- docker/slurm/Dockerfile
Acceptance Criteria
- Pin base; use non-root where feasible; avoid baking secrets for production (munge key)—document runtime provisioning in docker/README.md.
- Container remains functional for examples.
Rationale: Containers shouldn’t embed secrets; principle of least privilege.