Run container as non-root `whoogle` user (#617)
Creates a non-root user ("whoogle"), and runs the container as that user.main
parent
09a0039a38
commit
ecb4277e69
|
@ -17,6 +17,8 @@ FROM python:3.8-alpine
|
|||
RUN apk add --update --no-cache tor curl bash openrc
|
||||
# libcurl4-openssl-dev
|
||||
|
||||
ARG DOCKER_USER=whoogle
|
||||
ARG DOCKER_USERID=927
|
||||
ARG config_dir=/config
|
||||
RUN mkdir -p -m 777 $config_dir
|
||||
VOLUME $config_dir
|
||||
|
@ -70,6 +72,13 @@ COPY run .
|
|||
# Allow writing symlinks to build dir
|
||||
RUN chown 102:102 app/static/build
|
||||
|
||||
# Create user/group to run as
|
||||
RUN adduser -D -g $DOCKER_USERID -u $DOCKER_USERID $DOCKER_USER
|
||||
# Fix ownership / permissions
|
||||
RUN chown -R ${DOCKER_USER}:${DOCKER_USER} /whoogle /var/lib/tor
|
||||
|
||||
USER $DOCKER_USER:$DOCKER_USER
|
||||
|
||||
EXPOSE $EXPOSE_PORT
|
||||
|
||||
HEALTHCHECK --interval=30s --timeout=5s \
|
||||
|
|
Loading…
Reference in New Issue