summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSunder Tattavarada <statta@research.att.com>2020-04-03 16:41:42 +0000
committerGerrit Code Review <gerrit@onap.org>2020-04-03 16:41:42 +0000
commit1e40aa095a0999802fb59cd4ebaac6db42a21737 (patch)
tree4dfa925935b13712d8e9e2da8365b22bc80c9bc0
parent552f2d06e9a61bb3d93989cb9faef02d1ba15512 (diff)
parentedebaff8d9225b23adac727b983e2c3890cd7ee1 (diff)
Merge changes Ia6e96c72,If0cf112c,I3060de8b,I58fe7429
* changes: Migrate Dockerfile.widgetms to unprivileged user Migrate Dockerfile.sdk to unprivileged user Migrate Dockerfile.portal to unprivileged user Migrate Dockerfile.be to unprivileged user
-rw-r--r--deliveries/Dockerfile.be2
-rw-r--r--deliveries/Dockerfile.portal4
-rw-r--r--deliveries/Dockerfile.sdk4
-rw-r--r--deliveries/Dockerfile.widgetms2
4 files changed, 12 insertions, 0 deletions
diff --git a/deliveries/Dockerfile.be b/deliveries/Dockerfile.be
index afc39816..21bb1a2c 100644
--- a/deliveries/Dockerfile.be
+++ b/deliveries/Dockerfile.be
@@ -39,7 +39,9 @@ RUN cd ${PORTALCONTEXT} && unzip -q *.war && rm *.war
VOLUME ${TOMCATHOME}/logs
+# Switch to unprivileged user
RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal && chown -R portal:portal . && chmod -R 777 /etc/ssl/certs/java /var/
+USER portal
# Switch back to root
WORKDIR /
diff --git a/deliveries/Dockerfile.portal b/deliveries/Dockerfile.portal
index f12a3e30..cce3ed09 100644
--- a/deliveries/Dockerfile.portal
+++ b/deliveries/Dockerfile.portal
@@ -41,6 +41,10 @@ COPY ${FE_DIR} ${PORTALCONTEXT}/public
VOLUME ${TOMCATHOME}/logs
+# Switch to unprivileged user
+RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal
+USER portal
+
# Switch back to root
WORKDIR /
diff --git a/deliveries/Dockerfile.sdk b/deliveries/Dockerfile.sdk
index 5f96aaad..4757d8a4 100644
--- a/deliveries/Dockerfile.sdk
+++ b/deliveries/Dockerfile.sdk
@@ -38,6 +38,10 @@ RUN cd ${SDKCONTEXT} && unzip -q *.war && rm *.war
VOLUME ${TOMCATHOME}/logs
+# Switch to unprivileged user
+RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal
+USER portal
+
# Switch back to root
WORKDIR /
diff --git a/deliveries/Dockerfile.widgetms b/deliveries/Dockerfile.widgetms
index 82a2e4c6..8f4b1072 100644
--- a/deliveries/Dockerfile.widgetms
+++ b/deliveries/Dockerfile.widgetms
@@ -14,7 +14,9 @@ RUN sh -c 'touch /app.jar'
# Launch script
COPY start-wms.sh /
+# Switch to unprivileged user
RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal && mkdir logs / && chown -R portal:portal /start-wms.sh /tmp /etc/ssl/certs/java /logs && chmod -R 755 /start-wms.sh /etc/ssl/certs/java /logs /tmp
+USER portal
# Define default command
CMD /start-wms.sh