Dockerfile: create a nodepool user with uid 10001
This change creates an unprivileged user nodepool (uid 10001) to run the nodepool services. Change-Id: Ia4f598ec2d43409cbb80a33f35cf8fb129de9f72
This commit is contained in:
Tristan Cacqueray
parent
79388c2be8
commit
cabfbcd6ae
@ -25,6 +25,7 @@ COPY --from=builder /output/ /output
|
||||
RUN /output/install-from-bindep
|
||||
|
||||
### Containers should NOT run as root as a good practice
|
||||
RUN useradd -u 10001 -m -d /var/lib/nodepool -c "Nodepool Daemon" nodepool
|
||||
|
||||
# although this feels odd ... by default has group "shadow", meaning
|
||||
# uid_entrypoint can't update it. This is necessary for things like
|
||||
@ -35,7 +36,6 @@ RUN chmod g=u /etc/passwd /etc/shadow
|
||||
ENV APP_ROOT=/var/lib/nodepool
|
||||
ENV HOME=${APP_ROOT}
|
||||
ENV USER_NAME=nodepool
|
||||
RUN mkdir ${APP_ROOT}
|
||||
RUN chown 10001:1001 ${APP_ROOT}
|
||||
COPY tools/uid_entrypoint.sh /uid_entrypoint
|
||||
ENTRYPOINT ["/uid_entrypoint"]
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user