From e4320bcecb8eb7807d04d8cd542c9c5973fefd1d Mon Sep 17 00:00:00 2001 From: Ethorbit Date: Sat, 2 Mar 2024 17:15:02 -0800 Subject: [PATCH] Make docker image unprivileged --- Dockerfile | 10 ++++++++-- docker-compose.yml | 4 ++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6451f6f..312b7cf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,8 +9,14 @@ RUN make linux FROM alpine:3.12 - -RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/* +ARG UNAME="server-status" +ARG GNAME="server-status" +ARG UID=1000 +ARG GID=1000 WORKDIR /server-status COPY --from=0 /go/src/github.com/mgerb/ServerStatus/dist/ServerStatus-linux . ENTRYPOINT ./ServerStatus-linux +RUN addgroup -g ${GID} "${GNAME}" && adduser -D -u ${UID} -G "${GNAME}" "${UNAME}" &&\ + chown "${UNAME}":"${GNAME}" -R /server-status/ &&\ + apk update && apk add ca-certificates && rm -rf /var/cache/apk/* +USER ${UNAME} diff --git a/docker-compose.yml b/docker-compose.yml index a3c1096..6552c4a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,5 +3,9 @@ version: "3" services: server-status: image: mgerb/server-status:latest + build: + args: + UID: 1000 + GID: 1000 volumes: - ./config.json:/server-status/config.json