rancher/steve
1
0
Fork 0
mirror of https://github.com/rancher/steve.git synced 2025-06-27 15:27:14 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #125 from maxsokolovsky/run-as-non-root-in-dockerfile

Browse Source 
Run container as a non-root user
This commit is contained in:
Max Sokolovsky 2023-09-13 17:58:54 -04:00 committed by GitHub
commit 7e38c1de95
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Dockerfile
View File

@ -7,8 +7,17 @@ RUN \
cd /src && \ cd /src && \
CGO_ENABLED=0 go build -ldflags "-extldflags -static -s" -o /steve CGO_ENABLED=0 go build -ldflags "-extldflags -static -s" -o /steve
FROM registry.suse.com/bci/bci-micro:15.5.11.2 FROM registry.suse.com/bci/bci-micro:15.5
ARG user=steve
RUN echo "$user:x:1000:1000::/home/$user:/bin/bash" >> /etc/passwd && \
echo "$user:x:1000:" >> /etc/group && \
mkdir /home/$user && \
chown -R $user:$user /home/$user
COPY --from=build /steve /usr/bin/steve COPY --from=build /steve /usr/bin/steve
# Hack to make golang do files,dns search order # Hack to make golang do files,dns search order
ENV LOCALDOMAIN="" ENV LOCALDOMAIN=""
USER $user
ENTRYPOINT ["/usr/bin/steve"] ENTRYPOINT ["/usr/bin/steve"]