From 1c62f888445627e4083dbd23d6b0f998db924752 Mon Sep 17 00:00:00 2001 From: Tim Downey Date: Wed, 16 Dec 2020 15:54:17 -0800 Subject: [PATCH] Explicitly set diego-docker-app USER Sets the diego-docker-app user to 'nobody' so that the container can be run on Kubernetes clusters that have the `MustRunAsNonRoot` security policy --- diego-docker-app/Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/diego-docker-app/Dockerfile b/diego-docker-app/Dockerfile index 714d279..fd9e961 100644 --- a/diego-docker-app/Dockerfile +++ b/diego-docker-app/Dockerfile @@ -15,4 +15,7 @@ WORKDIR /myapp RUN adduser -D vcap +# set user to 'nobody' so that it is non-root +USER 65534 + CMD ["dockerapp"]