Merge pull request #125 from maxsokolovsky/run-as-non-root-in-dockerfile

Run container as a non-root user
2025-04-28 03:10:32 +00:00 · 2023-09-13 17:58:54 -04:00 · 2023-09-13 17:58:54 -04:00 · 7e38c1de95
commit 7e38c1de95
parent 5df31b9c15 5b630912b3
1 changed files with 10 additions and 1 deletions
--- a/11
+++ b/11
@ -7,8 +7,17 @@ RUN \
    cd /src && \
    CGO_ENABLED=0 go build -ldflags "-extldflags -static -s" -o /steve

-FROM registry.suse.com/bci/bci-micro:15.5.11.2
+FROM registry.suse.com/bci/bci-micro:15.5
+
+ARG user=steve
+
+RUN echo "$user:x:1000:1000::/home/$user:/bin/bash" >> /etc/passwd && \
+    echo "$user:x:1000:" >> /etc/group && \
+    mkdir /home/$user && \
+    chown -R $user:$user /home/$user
+
 COPY --from=build /steve /usr/bin/steve
 # Hack to make golang do files,dns search order
 ENV LOCALDOMAIN=""
+USER $user
 ENTRYPOINT ["/usr/bin/steve"]