Change Docker execution permissions

The k8s pluging is running with root user in the Docker image, this execution can compromise the host system. Therefore, it's necessary to explicit change those permissions. Change-Id: I2455895662c68943f5c8800dfff1aaf6202bd870 Signed-off-by: Victor Morales <victor.morales@intel.com> Issue-ID: MULTICLOUD-492
author: Victor Morales <victor.morales@intel.com> 2019-02-25 08:07:55 -0800
committer: Victor Morales <victor.morales@intel.com> 2019-02-25 08:07:55 -0800
commit: 70650063048900b4396a65203a7624d435cb9741 (patch)
tree: a9a53a972cdb3dc97e7539c40e424d4dc2cba88e
parent: b568c2b3067ed7ea0f2efbc4f8b33c32298d5cba (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/deployments/Dockerfile b/deployments/Dockerfile
index 770f0e8d..d22aeb11 100644
--- a/deployments/Dockerfile
+++ b/deployments/Dockerfile
@@ -24,6 +24,7 @@ ENV OVN_CENTRAL_ADDRESS "127.0.0.1:6641"
 
 EXPOSE 8081
 
+RUN groupadd -r onap && useradd -r -g onap onap
 RUN apt-get update && apt-get install -y -qq apt-transport-https curl \
  && echo "deb https://packages.wand.net.nz xenial main" > /etc/apt/sources.list.d/wand.list \
  && curl https://packages.wand.net.nz/keyring.gpg -o /etc/apt/trusted.gpg.d/wand.gpg \
@@ -32,5 +33,8 @@ RUN apt-get update && apt-get install -y -qq apt-transport-https curl \
 WORKDIR /opt/multicloud/k8s
 ADD ./k8plugin ./
 ADD ./*.so ./
+RUN chown onap:onap /opt/multicloud/k8s -R
+
+USER onap
 
 CMD ["./k8plugin"]
author	Victor Morales <victor.morales@intel.com>	2019-02-25 08:07:55 -0800
committer	Victor Morales <victor.morales@intel.com>	2019-02-25 08:07:55 -0800
commit	70650063048900b4396a65203a7624d435cb9741 (patch)
tree	a9a53a972cdb3dc97e7539c40e424d4dc2cba88e
parent	b568c2b3067ed7ea0f2efbc4f8b33c32298d5cba (diff)