summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPiotr Bochenski <piotr.bochenski@nokia.com>2019-06-18 12:03:42 +0200
committerMarcin Migdal <marcin.migdal@nokia.com>2019-06-18 12:05:32 +0200
commit84a698216de659b5081311ada476ab6443cba982 (patch)
tree13261a05ff9369444624035a5af169ec1a1e6967
parenta7d645115b7b518fa1ac9eb8edd63f08b267f9eb (diff)
Run PRH app as non-root user inside container
Change-Id: I50632fdfbcea55445be2ea70c54808ec991446ee Issue-ID: DCAEGEN2-1558 Signed-off-by: Piotr Bochenski <piotr.bochenski@nokia.com>
-rw-r--r--prh-app-server/pom.xml10
1 files changed, 8 insertions, 2 deletions
diff --git a/prh-app-server/pom.xml b/prh-app-server/pom.xml
index 8bda3f07..3fd8dfd5 100644
--- a/prh-app-server/pom.xml
+++ b/prh-app-server/pom.xml
@@ -39,7 +39,9 @@
<prh.main.class>org.onap.dcaegen2.services.prh.MainApp</prh.main.class>
<dependency.dir.name>libs</dependency.dir.name>
<dependency.dir.location>${project.build.directory}/${dependency.dir.name}</dependency.dir.location>
- <docker.artifact.dir>/opt</docker.artifact.dir>
+
+ <docker.user.name>prh</docker.user.name>
+ <docker.user.dir>/home/${docker.user.name}</docker.user.dir>
<docker.image.name>onap/${project.groupId}.${project.artifactId}</docker.image.name>
</properties>
@@ -115,7 +117,7 @@
<tag>latest</tag>
</imageTags>
<baseImage>openjdk:${java.version}-jre-alpine</baseImage>
- <workdir>${docker.artifact.dir}</workdir>
+ <workdir>${docker.user.dir}</workdir>
<resources>
<resource>
<directory>${dependency.dir.location}</directory>
@@ -126,10 +128,14 @@
<include>${project.build.finalName}.jar</include>
</resource>
</resources>
+ <runs>
+ <run>adduser -h ${docker.user.dir} -D ${docker.user.name}; chmod -R a+w /var/log</run>
+ </runs>
<exposes>
<expose>8100</expose>
<expose>8433</expose>
</exposes>
+ <user>${docker.user.name}</user>
<entryPoint>["java", "-jar", "${project.build.finalName}.jar"]</entryPoint>
</configuration>
<executions>