Code Review / multicloud / k8s.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: b568c2b)
Change Docker execution permissions 16/79116/1
authorVictor Morales <victor.morales@intel.com>
Mon, 25 Feb 2019 16:07:55 +0000 (08:07 -0800)
committerVictor Morales <victor.morales@intel.com>
Mon, 25 Feb 2019 16:07:55 +0000 (08:07 -0800)
The k8s pluging is running with root user in the Docker image, this
execution can compromise the host system. Therefore, it's necessary
to explicit change those permissions.

Change-Id: I2455895662c68943f5c8800dfff1aaf6202bd870
Signed-off-by: Victor Morales <victor.morales@intel.com>
Issue-ID: MULTICLOUD-492

deployments/Dockerfile patch | blob | history

diff --git a/deployments/Dockerfile b/deployments/Dockerfile
index 770f0e8..d22aeb1 100644 (file)
--- a/deployments/Dockerfile
+++ b/deployments/Dockerfile
@@ -24,6 +24,7 @@ ENV OVN_CENTRAL_ADDRESS "127.0.0.1:6641"
 
 EXPOSE 8081
 
+RUN groupadd -r onap && useradd -r -g onap onap
 RUN apt-get update && apt-get install -y -qq apt-transport-https curl \
  && echo "deb https://packages.wand.net.nz xenial main" > /etc/apt/sources.list.d/wand.list \
  && curl https://packages.wand.net.nz/keyring.gpg -o /etc/apt/trusted.gpg.d/wand.gpg \
@@ -32,5 +33,8 @@ RUN apt-get update && apt-get install -y -qq apt-transport-https curl \
 WORKDIR /opt/multicloud/k8s
 ADD ./k8plugin ./
 ADD ./*.so ./
+RUN chown onap:onap /opt/multicloud/k8s -R
+
+USER onap
 
 CMD ["./k8plugin"]
To contain a POC for Kubernetes plugin