From 38e175fa6762c27b85df450002e6458d9b0a41d6 Mon Sep 17 00:00:00 2001
From: "Timoney, Dan (dt5972)" <dtimoney@att.com>
Date: Thu, 21 Feb 2019 14:57:34 -0500
Subject: Run CCSDK dockers as non-root

Update CCSDK docker images to run as non-root user by default

Change-Id: Ia07c433a0e6f041d6684f24b765f4c1733b51162
Issue-ID: CCSDK-1099
Signed-off-by: Timoney, Dan (dt5972) <dtimoney@att.com>
---
 saltstack-server/src/main/docker/Dockerfile | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'saltstack-server')

diff --git a/saltstack-server/src/main/docker/Dockerfile b/saltstack-server/src/main/docker/Dockerfile
index eeebef4c..3226e472 100644
--- a/saltstack-server/src/main/docker/Dockerfile
+++ b/saltstack-server/src/main/docker/Dockerfile
@@ -10,4 +10,12 @@ RUN yum clean all && \
 
 EXPOSE 4505 4506
 
-CMD /usr/bin/salt-master -d; /bin/bash
+# Create non root user
+RUN groupadd --system saltstack && useradd --system -g saltstack saltstack
+RUN chown -R saltstack /etc/salt /var/cache/salt /var/log/salt
+RUN mkdir /var/run/salt && chown saltstack:saltstack /var/run/salt
+
+USER saltstack
+
+# Run salt-master in foreground (not as a daemon)
+CMD /usr/bin/salt-master
\ No newline at end of file
-- 
cgit 1.2.3-korg