From f64c3f048bab34deb54e0b552de89388336d0067 Mon Sep 17 00:00:00 2001 From: Arjan Molenaar Date: Mon, 11 Sep 2023 16:28:01 +0200 Subject: [PATCH] feat: End Dockerfiles with non-root user Fixes hadolint rule DL3002. --- .hadolint.yaml | 1 - base/Dockerfile | 2 ++ capella/Dockerfile | 4 ++++ ease/Dockerfile | 3 +++ ease/debug/Dockerfile | 2 ++ eclipse/Dockerfile | 2 ++ t4c/Dockerfile | 2 ++ 7 files changed, 15 insertions(+), 1 deletion(-) diff --git a/.hadolint.yaml b/.hadolint.yaml index 5fd30331..ba5bb478 100644 --- a/.hadolint.yaml +++ b/.hadolint.yaml @@ -4,6 +4,5 @@ failure-threshold: warning override: info: - - DL3002 - DL3006 - DL3008 diff --git a/base/Dockerfile b/base/Dockerfile index ed6d7303..7dfde5d5 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -55,3 +55,5 @@ RUN ln -s "$(which python3.11)" /usr/bin/python && \ python -m venv /opt/.venv && \ chmod -R 777 /opt/.venv/bin/ && \ chmod -R 777 /opt/.venv/lib/python3.11/site-packages + +USER techuser diff --git a/capella/Dockerfile b/capella/Dockerfile index 14672a86..2c568ec3 100644 --- a/capella/Dockerfile +++ b/capella/Dockerfile @@ -71,6 +71,8 @@ FROM build_${BUILD_TYPE} ARG CAPELLA_VERSION +USER root + RUN apt-get update && \ apt-get install -y \ libxtst6 \ @@ -157,3 +159,5 @@ COPY startup.sh /startup.sh ENTRYPOINT [ "/tini", "--", "/startup.sh" ] ENV BASE_TYPE=capella + +USER techuser diff --git a/ease/Dockerfile b/ease/Dockerfile index c733c515..f5d9474b 100644 --- a/ease/Dockerfile +++ b/ease/Dockerfile @@ -109,4 +109,7 @@ RUN chmod +rx /etc/git_askpass.py COPY startup.sh /opt/startup.sh RUN chmod +x /opt/startup.sh + +USER techuser + ENTRYPOINT [ "/opt/startup.sh" ] diff --git a/ease/debug/Dockerfile b/ease/debug/Dockerfile index 0562a944..62848f97 100644 --- a/ease/debug/Dockerfile +++ b/ease/debug/Dockerfile @@ -25,3 +25,5 @@ RUN if [ "$NETWORK_ACCESS" = "restricted" ]; then \ fi && \ rm -rf /var/lib/apt/lists/* && \ rm -r /tmp/libs; + +USER techuser diff --git a/eclipse/Dockerfile b/eclipse/Dockerfile index 643f2c73..26834994 100644 --- a/eclipse/Dockerfile +++ b/eclipse/Dockerfile @@ -64,3 +64,5 @@ ENV ECLIPSE_INSTALLATION_PATH=/opt/eclipse ENV ECLIPSE_EXECUTABLE=/opt/eclipse/eclipse ENV BASE_TYPE=eclipse + +USER techuser diff --git a/t4c/Dockerfile b/t4c/Dockerfile index 42c7ea72..e49579d6 100644 --- a/t4c/Dockerfile +++ b/t4c/Dockerfile @@ -60,4 +60,6 @@ RUN chown techuser /opt/capella/capella.ini && \ WORKDIR /opt ENV BASE_TYPE=t4c +USER techuser + ENTRYPOINT [ "/tini", "--", "/docker_entrypoint.sh" ]