From 82210d4e35df8ea097cf0a8060127df1fa4cd2e8 Mon Sep 17 00:00:00 2001
From: MichaelMorris <michael.morris@est.tech>
Date: Sun, 15 Mar 2020 17:03:03 +0000
Subject: Run pods as non-root user

Change-Id: I039195f4de688f9106ebbae9d4f16d8425c223ea
Issue-ID: SDC-2798
Signed-off-by: MichaelMorris <michael.morris@est.tech>
---
 docker/Dockerfile | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index fcbf836..757a602 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -24,11 +24,13 @@ RUN mkdir -p /run/nginx /run/gunicorn && \
     chmod 0770 /var/lib/nginx/tmp /run/gunicorn && \
     chmod 0664 /run/nginx/nginx.pid
 
-COPY app /srv/
+USER nginx
 
-COPY docker/docker-entrypoint.sh /srv/
+COPY --chown=nginx:nginx app /srv/
 
-COPY nginx/nginx.conf /etc/nginx/nginx.conf
+COPY --chown=nginx:nginx docker/docker-entrypoint.sh /srv/
+
+COPY --chown=nginx:nginx nginx/nginx.conf /etc/nginx/nginx.conf
 
 RUN chmod +x /srv/tosca_server.py && \
     chmod +x /srv/docker-entrypoint.sh
-- 
cgit 1.2.3-korg