Hey! I'm trying to exec into our cerbos docker container to poke around, and I'm getting

OCI runtime exec failed: exec failed: unable to start container process: exec: "/bin/sh": stat /bin/sh: no such file or directory: unknown

How do you all exec in?

Hi Maggie, we ship a minimal Docker container (which doesn't even include a shell) to keep the security surface as small as possible. Are you trying to debug anything in particular?

Not really, just trying to poke. Another question while I'm docker inspecting, can you speak to the use of bind mounts and/or volumes in the Docker image? I'm seeing a bind mount when I inspect my container, but do you use volumes ever?

/policies

is specified as a volume in the Dockerfile. It's common to bind-mount that directory when using the disk storage driver, but it's not necessary to do so for other storage backends.

ah cool cool, thanks!