diff options
author | Timoney, Dan (dt5972) <dtimoney@att.com> | 2019-02-21 14:57:34 -0500 |
---|---|---|
committer | Timoney, Dan (dt5972) <dtimoney@att.com> | 2019-02-21 14:57:34 -0500 |
commit | 38e175fa6762c27b85df450002e6458d9b0a41d6 (patch) | |
tree | ffee3f46477dd521269f9a010d6c59ce71508b97 /dgbuilder-docker | |
parent | a794b4f8e543361e237f70aeae6bca2347f8dfee (diff) |
Run CCSDK dockers as non-root
Update CCSDK docker images to run as non-root user by default
Change-Id: Ia07c433a0e6f041d6684f24b765f4c1733b51162
Issue-ID: CCSDK-1099
Signed-off-by: Timoney, Dan (dt5972) <dtimoney@att.com>
Diffstat (limited to 'dgbuilder-docker')
-rw-r--r-- | dgbuilder-docker/src/main/docker/Dockerfile | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/dgbuilder-docker/src/main/docker/Dockerfile b/dgbuilder-docker/src/main/docker/Dockerfile index 90ade01f..c1fd8dbd 100644 --- a/dgbuilder-docker/src/main/docker/Dockerfile +++ b/dgbuilder-docker/src/main/docker/Dockerfile @@ -2,12 +2,17 @@ FROM onap/ccsdk-ubuntu-image:${project.docker.latestfulltag.version} MAINTAINER CCSDK Team (onap-discuss@lists.onap.org) +# Create non-root user +RUN addgroup --system dgbuilder && adduser --system --ingroup dgbuilder dgbuilder + # copy onap -COPY opt /opt +COPY --chown=dgbuilder:dgbuilder opt /opt WORKDIR /opt/onap/ccsdk/dgbuilder # Set the proxy if needed # RUN npm config set proxy http://your.proxy.com:8080 #RUN npm install #ENTRYPOINT /bin/bash /opt/onap/ccsdk/dgbuilder/start sdnc1.0 + +USER dgbuilder EXPOSE 3100 |