diff options
author | Sunder Tattavarada <statta@research.att.com> | 2020-04-03 16:41:42 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2020-04-03 16:41:42 +0000 |
commit | 1e40aa095a0999802fb59cd4ebaac6db42a21737 (patch) | |
tree | 4dfa925935b13712d8e9e2da8365b22bc80c9bc0 | |
parent | 552f2d06e9a61bb3d93989cb9faef02d1ba15512 (diff) | |
parent | edebaff8d9225b23adac727b983e2c3890cd7ee1 (diff) |
Merge changes Ia6e96c72,If0cf112c,I3060de8b,I58fe7429
* changes:
Migrate Dockerfile.widgetms to unprivileged user
Migrate Dockerfile.sdk to unprivileged user
Migrate Dockerfile.portal to unprivileged user
Migrate Dockerfile.be to unprivileged user
-rw-r--r-- | deliveries/Dockerfile.be | 2 | ||||
-rw-r--r-- | deliveries/Dockerfile.portal | 4 | ||||
-rw-r--r-- | deliveries/Dockerfile.sdk | 4 | ||||
-rw-r--r-- | deliveries/Dockerfile.widgetms | 2 |
4 files changed, 12 insertions, 0 deletions
diff --git a/deliveries/Dockerfile.be b/deliveries/Dockerfile.be index afc39816..21bb1a2c 100644 --- a/deliveries/Dockerfile.be +++ b/deliveries/Dockerfile.be @@ -39,7 +39,9 @@ RUN cd ${PORTALCONTEXT} && unzip -q *.war && rm *.war VOLUME ${TOMCATHOME}/logs +# Switch to unprivileged user RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal && chown -R portal:portal . && chmod -R 777 /etc/ssl/certs/java /var/ +USER portal # Switch back to root WORKDIR / diff --git a/deliveries/Dockerfile.portal b/deliveries/Dockerfile.portal index f12a3e30..cce3ed09 100644 --- a/deliveries/Dockerfile.portal +++ b/deliveries/Dockerfile.portal @@ -41,6 +41,10 @@ COPY ${FE_DIR} ${PORTALCONTEXT}/public VOLUME ${TOMCATHOME}/logs +# Switch to unprivileged user +RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal +USER portal + # Switch back to root WORKDIR / diff --git a/deliveries/Dockerfile.sdk b/deliveries/Dockerfile.sdk index 5f96aaad..4757d8a4 100644 --- a/deliveries/Dockerfile.sdk +++ b/deliveries/Dockerfile.sdk @@ -38,6 +38,10 @@ RUN cd ${SDKCONTEXT} && unzip -q *.war && rm *.war VOLUME ${TOMCATHOME}/logs +# Switch to unprivileged user +RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal +USER portal + # Switch back to root WORKDIR / diff --git a/deliveries/Dockerfile.widgetms b/deliveries/Dockerfile.widgetms index 82a2e4c6..8f4b1072 100644 --- a/deliveries/Dockerfile.widgetms +++ b/deliveries/Dockerfile.widgetms @@ -14,7 +14,9 @@ RUN sh -c 'touch /app.jar' # Launch script COPY start-wms.sh / +# Switch to unprivileged user RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal && mkdir logs / && chown -R portal:portal /start-wms.sh /tmp /etc/ssl/certs/java /logs && chmod -R 755 /start-wms.sh /etc/ssl/certs/java /logs /tmp +USER portal # Define default command CMD /start-wms.sh |