From 89246a95b0f9dd65aa6166693d240a91bdac4b19 Mon Sep 17 00:00:00 2001 From: rfaircloth-splunk Date: Wed, 3 Nov 2021 12:56:56 -0400 Subject: [PATCH] feat: Container as non root user Update Dockerfile Update Dockerfile fix Update entrypoint.sh Update entrypoint.sh Update entrypoint.sh --- Dockerfile | 4 ++++ entrypoint.sh | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 983c26a..8a4ac7c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,9 +14,12 @@ # limitations under the License. # FROM registry.access.redhat.com/ubi8/ubi +RUN groupadd -g 1001 celery \ + && useradd -m -u 1001 -g celery celery RUN curl -fsSL https://goss.rocks/install | GOSS_VER=v0.3.13 sh ARG PYTHON_RUNTIME_VERSION=3.8 + RUN cd /tmp ;\ dnf install tzdata curl wget nc python${PYTHON_RUNTIME_VERSION} python3-pip procps-ng -y ;\ dnf update -y ;\ @@ -27,4 +30,5 @@ COPY dist/*.whl /tmp RUN pip${PYTHON_RUNTIME_VERSION} install $(ls /tmp/*.whl); rm -f /tmp/*.whl WORKDIR /work +USER 1001 ENTRYPOINT [ "/work/entrypoint.sh" ] \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh index 9c56917..f2c0dcc 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -60,7 +60,7 @@ then sc4snmp-poller $@ & else echo starting sc4-snmp-worker - celery -A splunk_connect_for_snmp_poller.manager.celery_client worker -l INFO -n worker1 + celery -A splunk_connect_for_snmp_poller.manager.celery_client worker -l INFO -n worker1 || exit 1 fi pid="$!"