From 1c9ec6db2d7296131b2baf4433bdeb0f228775db Mon Sep 17 00:00:00 2001 From: Filip Krzywka Date: Thu, 6 Jun 2019 11:24:36 +0200 Subject: Run container commands as non-root - 1410 uig/gid is arbitrary, note however that any volume mounted into container should limit permissions to this number - also reduced firstRequestDelay in configuration provided through local docker-compose Change-Id: I77eeebeec5931db5c04f8f6f24d7c6fe7a121015 Issue-ID: DCAEGEN2-1557 Signed-off-by: Filip Krzywka --- sources/hv-collector-main/Dockerfile | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'sources/hv-collector-main') diff --git a/sources/hv-collector-main/Dockerfile b/sources/hv-collector-main/Dockerfile index cfd4a7bb..36ada936 100644 --- a/sources/hv-collector-main/Dockerfile +++ b/sources/hv-collector-main/Dockerfile @@ -5,12 +5,19 @@ LABEL license.name="The Apache Software License, Version 2.0" LABEL license.url="http://www.apache.org/licenses/LICENSE-2.0" LABEL maintainer="Nokia Wroclaw ONAP Team" +ARG HV_VES_USER=hvves +ARG HV_VES_USER_ID_NUMBER=1410 + RUN apt-get update \ && apt-get install -y --no-install-recommends curl netcat \ && apt-get clean WORKDIR /opt/ves-hv-collector +RUN useradd --user-group --uid ${HV_VES_USER_ID_NUMBER} ${HV_VES_USER} + +USER ${HV_VES_USER} + ENTRYPOINT ["./entry.sh"] CMD ["--configuration-file /etc/ves-hv/configuration/base.json"] -- cgit 1.2.3-korg