From eb500f46709dcc378f91efb659eeffdab966a57e Mon Sep 17 00:00:00 2001
From: Nick Jansen <n.jansen@sitepilot.io>
Date: Wed, 1 May 2024 11:00:54 +0200
Subject: [PATCH] Update Dockerfile to change ownership of s6 user directory

This commit modifies the Dockerfile to change the ownership of the s6 user directory to the runtime user and group. This change enhances security by restricting the permissions on the s6 directory.
---
 src/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Dockerfile b/src/Dockerfile
index d48000f..2d36bbf 100644
--- a/src/Dockerfile
+++ b/src/Dockerfile
@@ -24,7 +24,8 @@ RUN /runtime/bin/install curl xz-utils ca-certificates \
     && chown $RUNTIME_UID:$RUNTIME_GID /run \
     && curl -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-noarch.tar.xz -o - | tar Jxp -C / \
     && curl -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-$(uname -m).tar.xz -o - | tar Jxp -C / \
-    && curl -L https://github.com/jwilder/dockerize/releases/download/${DOCKERIZE_VERSION}/dockerize-linux-${TARGETARCH}-${DOCKERIZE_VERSION}.tar.gz -o - | tar xzf - -C /runtime/bin
+    && curl -L https://github.com/jwilder/dockerize/releases/download/${DOCKERIZE_VERSION}/dockerize-linux-${TARGETARCH}-${DOCKERIZE_VERSION}.tar.gz -o - | tar xzf - -C /runtime/bin \
+    && chown -R $RUNTIME_UID:$RUNTIME_GID /etc/s6-overlay/s6-rc.d/user
 
 COPY --chmod=755 ./runtime /