diff options
author | Piotr Bochenski <piotr.bochenski@nokia.com> | 2019-06-18 12:03:42 +0200 |
---|---|---|
committer | Marcin Migdal <marcin.migdal@nokia.com> | 2019-06-18 12:05:32 +0200 |
commit | 84a698216de659b5081311ada476ab6443cba982 (patch) | |
tree | 13261a05ff9369444624035a5af169ec1a1e6967 | |
parent | a7d645115b7b518fa1ac9eb8edd63f08b267f9eb (diff) |
Run PRH app as non-root user inside container
Change-Id: I50632fdfbcea55445be2ea70c54808ec991446ee
Issue-ID: DCAEGEN2-1558
Signed-off-by: Piotr Bochenski <piotr.bochenski@nokia.com>
-rw-r--r-- | prh-app-server/pom.xml | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/prh-app-server/pom.xml b/prh-app-server/pom.xml index 8bda3f07..3fd8dfd5 100644 --- a/prh-app-server/pom.xml +++ b/prh-app-server/pom.xml @@ -39,7 +39,9 @@ <prh.main.class>org.onap.dcaegen2.services.prh.MainApp</prh.main.class> <dependency.dir.name>libs</dependency.dir.name> <dependency.dir.location>${project.build.directory}/${dependency.dir.name}</dependency.dir.location> - <docker.artifact.dir>/opt</docker.artifact.dir> + + <docker.user.name>prh</docker.user.name> + <docker.user.dir>/home/${docker.user.name}</docker.user.dir> <docker.image.name>onap/${project.groupId}.${project.artifactId}</docker.image.name> </properties> @@ -115,7 +117,7 @@ <tag>latest</tag> </imageTags> <baseImage>openjdk:${java.version}-jre-alpine</baseImage> - <workdir>${docker.artifact.dir}</workdir> + <workdir>${docker.user.dir}</workdir> <resources> <resource> <directory>${dependency.dir.location}</directory> @@ -126,10 +128,14 @@ <include>${project.build.finalName}.jar</include> </resource> </resources> + <runs> + <run>adduser -h ${docker.user.dir} -D ${docker.user.name}; chmod -R a+w /var/log</run> + </runs> <exposes> <expose>8100</expose> <expose>8433</expose> </exposes> + <user>${docker.user.name}</user> <entryPoint>["java", "-jar", "${project.build.finalName}.jar"]</entryPoint> </configuration> <executions> |