summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVictor Morales <victor.morales@intel.com>2019-02-25 08:07:55 -0800
committerVictor Morales <victor.morales@intel.com>2019-02-25 08:07:55 -0800
commit70650063048900b4396a65203a7624d435cb9741 (patch)
treea9a53a972cdb3dc97e7539c40e424d4dc2cba88e
parentb568c2b3067ed7ea0f2efbc4f8b33c32298d5cba (diff)
Change Docker execution permissions
The k8s pluging is running with root user in the Docker image, this execution can compromise the host system. Therefore, it's necessary to explicit change those permissions. Change-Id: I2455895662c68943f5c8800dfff1aaf6202bd870 Signed-off-by: Victor Morales <victor.morales@intel.com> Issue-ID: MULTICLOUD-492
-rw-r--r--deployments/Dockerfile4
1 files changed, 4 insertions, 0 deletions
diff --git a/deployments/Dockerfile b/deployments/Dockerfile
index 770f0e8d..d22aeb11 100644
--- a/deployments/Dockerfile
+++ b/deployments/Dockerfile
@@ -24,6 +24,7 @@ ENV OVN_CENTRAL_ADDRESS "127.0.0.1:6641"
EXPOSE 8081
+RUN groupadd -r onap && useradd -r -g onap onap
RUN apt-get update && apt-get install -y -qq apt-transport-https curl \
&& echo "deb https://packages.wand.net.nz xenial main" > /etc/apt/sources.list.d/wand.list \
&& curl https://packages.wand.net.nz/keyring.gpg -o /etc/apt/trusted.gpg.d/wand.gpg \
@@ -32,5 +33,8 @@ RUN apt-get update && apt-get install -y -qq apt-transport-https curl \
WORKDIR /opt/multicloud/k8s
ADD ./k8plugin ./
ADD ./*.so ./
+RUN chown onap:onap /opt/multicloud/k8s -R
+
+USER onap
CMD ["./k8plugin"]