From fb052f21e8da61a50a8c44334cbec138a48c7debb891381eb1704ee6707b2daf Mon Sep 17 00:00:00 2001 From: Vasily Ulyanov Date: Thu, 13 Oct 2022 16:56:03 +0000 Subject: [PATCH] Accepting request 1010512 from home:vulyanov:branches:Virtualization - Create an unprivileged user to run as non-root - Align the installed packages with the upstream OBS-URL: https://build.opensuse.org/request/show/1010512 OBS-URL: https://build.opensuse.org/package/show/Virtualization/cdi-uploadserver-container?expand=0&rev=14 --- Dockerfile | 14 +++++++++++--- cdi-uploadserver-container.changes | 6 ++++++ 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index deaeec9..38f2d47 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,8 +23,16 @@ LABEL org.opensuse.reference="%%REGISTRY%%/%%TAGPREFIX%%/cdi-uploadserver:%%PKG_ # endlabelprefix RUN zypper -n install \ - qemu-tools qemu-block-curl tar util-linux \ - containerized-data-importer-uploadserver && \ - zypper clean -a + containerized-data-importer-uploadserver \ + curl \ + libnbd \ + qemu-tools \ + shadow \ + tar \ + util-linux && \ + zypper clean -a && \ + useradd -u 1001 --create-home -s /bin/bash cdi-uploadserver +WORKDIR /home/cdi-uploadserver +USER 1001 ENTRYPOINT [ "/usr/bin/virt-cdi-uploadserver", "-alsologtostderr" ] diff --git a/cdi-uploadserver-container.changes b/cdi-uploadserver-container.changes index f846bcc..5fb5958 100644 --- a/cdi-uploadserver-container.changes +++ b/cdi-uploadserver-container.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Oct 13 14:52:40 UTC 2022 - Vasily Ulyanov + +- Create an unprivileged user to run as non-root +- Align the installed packages with the upstream + ------------------------------------------------------------------- Thu Aug 4 07:48:37 UTC 2022 - Vasily Ulyanov