From af1209a5ed25b9f1cd0c26fa008189eb37068083 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Orkun=20K=C3=BCl=C3=A7e?= Date: Thu, 30 Apr 2020 13:39:35 +0300 Subject: [PATCH] Improve docker security and volume mounts (#32) * change docker root * Dockerfile: permit user to access nscli --- Dockerfile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 92290747..f6dec5e4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,16 @@ FROM alpine:3.11 -ENV NSDHOME /root -ENV NSCLIHOME /root +ENV NSDHOME /app +ENV NSCLIHOME /app RUN apk update && \ apk upgrade && \ apk --no-cache add curl jq && \ - addgroup iovnsduser && \ - adduser -S -G iovnsduser iovnsduser -h "$NSDHOME" + addgroup iovnsuser && \ + adduser -S -G iovnsuser iovnsuser -h "$NSDHOME" -h "$NSCLIHOME" -# Run the container with iovnsduser by default. (UID=100, GID=1000) -USER iovnsduser +# Run the container with iovnsuser by default. (UID=100, GID=1000) +USER iovnsuser # p2p, rpc and prometheus port EXPOSE 46656 46657 46660 @@ -21,7 +21,7 @@ ARG NSDCLIBINARY=cmd/iovnscli/iovnscli COPY $NSDBINARY /usr/bin/iovnsd COPY $NSCLIBINARY /usr/bin/iovnscli -WORKDIR /root +WORKDIR /app # Run iovnsd by default, omit entrypoint to ease using container with iovnscli CMD ["iovnsd"]