From 38e175fa6762c27b85df450002e6458d9b0a41d6 Mon Sep 17 00:00:00 2001
From: "Timoney, Dan (dt5972)" <dtimoney@att.com>
Date: Thu, 21 Feb 2019 14:57:34 -0500
Subject: Run CCSDK dockers as non-root

Update CCSDK docker images to run as non-root user by default

Change-Id: Ia07c433a0e6f041d6684f24b765f4c1733b51162
Issue-ID: CCSDK-1099
Signed-off-by: Timoney, Dan (dt5972) <dtimoney@att.com>
---
 dgbuilder-docker/src/main/docker/Dockerfile | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'dgbuilder-docker')

diff --git a/dgbuilder-docker/src/main/docker/Dockerfile b/dgbuilder-docker/src/main/docker/Dockerfile
index 90ade01f..c1fd8dbd 100644
--- a/dgbuilder-docker/src/main/docker/Dockerfile
+++ b/dgbuilder-docker/src/main/docker/Dockerfile
@@ -2,12 +2,17 @@
 FROM onap/ccsdk-ubuntu-image:${project.docker.latestfulltag.version}
 MAINTAINER CCSDK  Team (onap-discuss@lists.onap.org)
 
+# Create non-root user
+RUN addgroup --system dgbuilder && adduser --system --ingroup dgbuilder dgbuilder
+
 # copy onap
-COPY opt /opt
+COPY --chown=dgbuilder:dgbuilder opt /opt
 WORKDIR /opt/onap/ccsdk/dgbuilder
 # Set the proxy if needed
 # RUN npm config set proxy http://your.proxy.com:8080
 #RUN npm install
 
 #ENTRYPOINT /bin/bash /opt/onap/ccsdk/dgbuilder/start sdnc1.0
+
+USER dgbuilder
 EXPOSE 3100
-- 
cgit 1.2.3-korg