Run container as non-root `whoogle` user (#617)

Creates a non-root user ("whoogle"), and runs the container as that user.
main
ras07 2022-01-21 14:51:51 -06:00 committed by GitHub
parent 09a0039a38
commit ecb4277e69
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions

View File

@ -17,6 +17,8 @@ FROM python:3.8-alpine
RUN apk add --update --no-cache tor curl bash openrc
# libcurl4-openssl-dev
ARG DOCKER_USER=whoogle
ARG DOCKER_USERID=927
ARG config_dir=/config
RUN mkdir -p -m 777 $config_dir
VOLUME $config_dir
@ -70,6 +72,13 @@ COPY run .
# Allow writing symlinks to build dir
RUN chown 102:102 app/static/build
# Create user/group to run as
RUN adduser -D -g $DOCKER_USERID -u $DOCKER_USERID $DOCKER_USER
# Fix ownership / permissions
RUN chown -R ${DOCKER_USER}:${DOCKER_USER} /whoogle /var/lib/tor
USER $DOCKER_USER:$DOCKER_USER
EXPOSE $EXPOSE_PORT
HEALTHCHECK --interval=30s --timeout=5s \