Update Dockerfile to change ownership of s6 user directory

This commit modifies the Dockerfile to change the ownership of the s6 user directory to the runtime user and group. This change enhances security by restricting the permissions on the s6 directory.
sitepilot · May 1, 2024 · eb500f4 · eb500f4
1 parent 8e29dc1
commit eb500f4
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/Dockerfile b/src/Dockerfile
@@ -24,7 +24,8 @@ RUN /runtime/bin/install curl xz-utils ca-certificates \
     && chown $RUNTIME_UID:$RUNTIME_GID /run \
     && curl -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-noarch.tar.xz -o - | tar Jxp -C / \
     && curl -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-$(uname -m).tar.xz -o - | tar Jxp -C / \
-    && curl -L https://github.com/jwilder/dockerize/releases/download/${DOCKERIZE_VERSION}/dockerize-linux-${TARGETARCH}-${DOCKERIZE_VERSION}.tar.gz -o - | tar xzf - -C /runtime/bin
+    && curl -L https://github.com/jwilder/dockerize/releases/download/${DOCKERIZE_VERSION}/dockerize-linux-${TARGETARCH}-${DOCKERIZE_VERSION}.tar.gz -o - | tar xzf - -C /runtime/bin \
+    && chown -R $RUNTIME_UID:$RUNTIME_GID /etc/s6-overlay/s6-rc.d/user
 
 COPY --chmod=755 ./runtime /