From 70650063048900b4396a65203a7624d435cb9741 Mon Sep 17 00:00:00 2001 From: Victor Morales Date: Mon, 25 Feb 2019 08:07:55 -0800 Subject: Change Docker execution permissions The k8s pluging is running with root user in the Docker image, this execution can compromise the host system. Therefore, it's necessary to explicit change those permissions. Change-Id: I2455895662c68943f5c8800dfff1aaf6202bd870 Signed-off-by: Victor Morales Issue-ID: MULTICLOUD-492 --- deployments/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'deployments/Dockerfile') diff --git a/deployments/Dockerfile b/deployments/Dockerfile index 770f0e8d..d22aeb11 100644 --- a/deployments/Dockerfile +++ b/deployments/Dockerfile @@ -24,6 +24,7 @@ ENV OVN_CENTRAL_ADDRESS "127.0.0.1:6641" EXPOSE 8081 +RUN groupadd -r onap && useradd -r -g onap onap RUN apt-get update && apt-get install -y -qq apt-transport-https curl \ && echo "deb https://packages.wand.net.nz xenial main" > /etc/apt/sources.list.d/wand.list \ && curl https://packages.wand.net.nz/keyring.gpg -o /etc/apt/trusted.gpg.d/wand.gpg \ @@ -32,5 +33,8 @@ RUN apt-get update && apt-get install -y -qq apt-transport-https curl \ WORKDIR /opt/multicloud/k8s ADD ./k8plugin ./ ADD ./*.so ./ +RUN chown onap:onap /opt/multicloud/k8s -R + +USER onap CMD ["./k8plugin"] -- cgit 1.2.3-korg