From 09d2b4380cf0f9c45f1d440149c881cd04a784af Mon Sep 17 00:00:00 2001 From: Lorenzo Garuti Date: Thu, 4 Mar 2021 10:02:26 +0100 Subject: [PATCH 1/2] Run orchestrator as non root user --- docker/Dockerfile | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docker/Dockerfile b/docker/Dockerfile index 530f7a375..3ab1f62ea 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -41,3 +41,22 @@ COPY --from=build /etc/orchestrator.conf.json /etc/orchestrator.conf.json WORKDIR /usr/local/orchestrator ADD docker/entrypoint.sh /entrypoint.sh CMD /entrypoint.sh + +ENV USER=docker +ENV UID=1000 +ENV GID=1000 + +RUN addgroup -g $GID $USER +RUN adduser \ + --disabled-password \ + --gecos "" \ + --home /usr/local/orchestrator \ + --ingroup "$USER" \ + --no-create-home \ + --uid "$UID" \ + "$USER" + +RUN mkdir -p /app/data && chown -R docker:docker /app \ + && chown -R docker:docker /etc/orchestrator.conf.json + +USER docker \ No newline at end of file From 4ba07a6f4f976acf89d1beaef8faa90557ba511d Mon Sep 17 00:00:00 2001 From: Lorenzo Garuti Date: Mon, 27 Sep 2021 12:08:54 +0200 Subject: [PATCH 2/2] Changed chown destination. If the /usr/local/orchestrator directory is owned by root the container won't start. The error is: FATAL unable to open database file: no such file or directory --- docker/Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 89fa5e97f..a239882f7 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -56,7 +56,6 @@ RUN adduser \ --uid "$UID" \ "$USER" -RUN mkdir -p /app/data && chown -R docker:docker /app \ - && chown -R docker:docker /etc/orchestrator.conf.json +RUN chown -R docker:docker /usr/local/orchestrator -USER docker \ No newline at end of file +USER docker