From 45841231f18ab3ee1e2e12a516a6823bb3a6e0f6 Mon Sep 17 00:00:00 2001
From: yangyan <yangyanyj@chinamobile.com>
Date: Fri, 6 Mar 2020 10:49:46 +0800
Subject: Remove sudo capability for onap user for VF-C svnfm-nokiav2 docker

Change-Id: Ic3229e4363ce8bcfaf3f6620b83bb6222d1fc70c
Issue-ID: VFC-1640
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
---
 nokiav2/deployment/Dockerfile        | 2 ++
 nokiav2/deployment/Dockerfile.verify | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/nokiav2/deployment/Dockerfile b/nokiav2/deployment/Dockerfile
index 107327d2..3a05f106 100755
--- a/nokiav2/deployment/Dockerfile
+++ b/nokiav2/deployment/Dockerfile
@@ -15,6 +15,8 @@ COPY pom.xml pom.xml
 RUN VERSION=`echo -e "setns x=http://maven.apache.org/POM/4.0.0 \n  xpath /x:project/x:version/text() "| xmllint --shell pom.xml | grep content | sed 's/.*content=//'| sed 's/-SNAPSHOT//'` ; echo "Version $VERSION mode=$MODE"; wget -q -O driver.war "https://nexus.onap.org/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.vfc.nfvo.driver.vnfm.svnfm.nokiav2&a=driverwar&v=${VERSION}${MODE}&e=war"
 #Can be used for local builds instead of the previous line
 #COPY driver.war .
+RUN useradd  onap && chown onap:onap -R /service && chmod g+s /service && setfacl -d --set u:onap:rwx /service
+USER onap
 ENV JAVA_HOME /usr/lib/jvm/jre
 EXPOSE 8089
 ENTRYPOINT /service/docker-entrypoint.sh
diff --git a/nokiav2/deployment/Dockerfile.verify b/nokiav2/deployment/Dockerfile.verify
index 107327d2..3a05f106 100755
--- a/nokiav2/deployment/Dockerfile.verify
+++ b/nokiav2/deployment/Dockerfile.verify
@@ -15,6 +15,8 @@ COPY pom.xml pom.xml
 RUN VERSION=`echo -e "setns x=http://maven.apache.org/POM/4.0.0 \n  xpath /x:project/x:version/text() "| xmllint --shell pom.xml | grep content | sed 's/.*content=//'| sed 's/-SNAPSHOT//'` ; echo "Version $VERSION mode=$MODE"; wget -q -O driver.war "https://nexus.onap.org/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.vfc.nfvo.driver.vnfm.svnfm.nokiav2&a=driverwar&v=${VERSION}${MODE}&e=war"
 #Can be used for local builds instead of the previous line
 #COPY driver.war .
+RUN useradd  onap && chown onap:onap -R /service && chmod g+s /service && setfacl -d --set u:onap:rwx /service
+USER onap
 ENV JAVA_HOME /usr/lib/jvm/jre
 EXPOSE 8089
 ENTRYPOINT /service/docker-entrypoint.sh
-- 
cgit 1.2.3-korg