summaryrefslogtreecommitdiffstats
path: root/saltstack-server/src/main
diff options
context:
space:
mode:
authorTimoney, Dan (dt5972) <dtimoney@att.com>2019-02-21 14:57:34 -0500
committerTimoney, Dan (dt5972) <dtimoney@att.com>2019-02-21 14:57:34 -0500
commit38e175fa6762c27b85df450002e6458d9b0a41d6 (patch)
treeffee3f46477dd521269f9a010d6c59ce71508b97 /saltstack-server/src/main
parenta794b4f8e543361e237f70aeae6bca2347f8dfee (diff)
Run CCSDK dockers as non-root
Update CCSDK docker images to run as non-root user by default Change-Id: Ia07c433a0e6f041d6684f24b765f4c1733b51162 Issue-ID: CCSDK-1099 Signed-off-by: Timoney, Dan (dt5972) <dtimoney@att.com>
Diffstat (limited to 'saltstack-server/src/main')
-rw-r--r--saltstack-server/src/main/docker/Dockerfile10
1 files changed, 9 insertions, 1 deletions
diff --git a/saltstack-server/src/main/docker/Dockerfile b/saltstack-server/src/main/docker/Dockerfile
index eeebef4c..3226e472 100644
--- a/saltstack-server/src/main/docker/Dockerfile
+++ b/saltstack-server/src/main/docker/Dockerfile
@@ -10,4 +10,12 @@ RUN yum clean all && \
EXPOSE 4505 4506
-CMD /usr/bin/salt-master -d; /bin/bash
+# Create non root user
+RUN groupadd --system saltstack && useradd --system -g saltstack saltstack
+RUN chown -R saltstack /etc/salt /var/cache/salt /var/log/salt
+RUN mkdir /var/run/salt && chown saltstack:saltstack /var/run/salt
+
+USER saltstack
+
+# Run salt-master in foreground (not as a daemon)
+CMD /usr/bin/salt-master \ No newline at end of file