From 70325cecbc0830d5f42c64d277273134263164fb Mon Sep 17 00:00:00 2001 From: MichaelMorris Date: Sun, 15 Mar 2020 16:59:42 +0000 Subject: Run pods as non-root user Change-Id: Ia95d58b0dbf498c4d6295e42c1c430de6493c11b Issue-ID: SDC-2798 Signed-off-by: MichaelMorris --- docker/docker_be/Dockerfile | 14 ++++++++------ docker/docker_be/startup.sh | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) (limited to 'docker/docker_be') diff --git a/docker/docker_be/Dockerfile b/docker/docker_be/Dockerfile index c9eccf6..6821956 100644 --- a/docker/docker_be/Dockerfile +++ b/docker/docker_be/Dockerfile @@ -1,8 +1,8 @@ -FROM onap/base_sdc-jetty:1.4.1 +FROM onap/base_sdc-jetty:1.6.0 -COPY chef-solo /root/chef-solo/ +COPY --chown=jetty:jetty chef-solo ${JETTY_BASE}/chef-solo/ -COPY chef-repo/cookbooks /root/chef-solo/cookbooks/ +COPY --chown=jetty:jetty chef-repo/cookbooks ${JETTY_BASE}/chef-solo/cookbooks/ ADD --chown=jetty:jetty target/dcae.war ${JETTY_BASE}/webapps/ @@ -10,8 +10,10 @@ USER root RUN apk add --no-cache python -COPY startup.sh /root/ +USER jetty -RUN chmod 770 /root/startup.sh +COPY --chown=jetty:jetty startup.sh ${JETTY_BASE}/ -ENTRYPOINT [ "/root/startup.sh" ] +RUN chmod 770 ${JETTY_BASE}/startup.sh + +ENTRYPOINT ${JETTY_BASE}/startup.sh diff --git a/docker/docker_be/startup.sh b/docker/docker_be/startup.sh index 3a2814f..fc56b2c 100644 --- a/docker/docker_be/startup.sh +++ b/docker/docker_be/startup.sh @@ -7,7 +7,7 @@ JAVA_OPTIONS=" ${JAVA_OPTIONS} -Dconfig.home=${JETTY_BASE}/config \ -Djavax.net.ssl.trustStorePassword=].][xgtze]hBhz*wy]}m#lf* \ -Djetty.console-capture.dir=${JETTY_BASE}/logs" -cd /root/chef-solo +cd /var/lib/jetty/chef-solo chef-solo -c solo.rb -E ${ENVNAME} status=$? -- cgit 1.2.3-korg