From: Victor Morales <victor.morales@intel.com>
Date: Mon, 25 Feb 2019 16:07:55 +0000 (-0800)
Subject: Change Docker execution permissions
X-Git-Tag: 0.1.0~62
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=70650063048900b4396a65203a7624d435cb9741;p=multicloud%2Fk8s.git

Change Docker execution permissions

The k8s pluging is running with root user in the Docker image, this
execution can compromise the host system. Therefore, it's necessary
to explicit change those permissions.

Change-Id: I2455895662c68943f5c8800dfff1aaf6202bd870
Signed-off-by: Victor Morales <victor.morales@intel.com>
Issue-ID: MULTICLOUD-492
---

diff --git a/deployments/Dockerfile b/deployments/Dockerfile
index 770f0e8d..d22aeb11 100644
--- a/deployments/Dockerfile
+++ b/deployments/Dockerfile
@@ -24,6 +24,7 @@ ENV OVN_CENTRAL_ADDRESS "127.0.0.1:6641"
 
 EXPOSE 8081
 
+RUN groupadd -r onap && useradd -r -g onap onap
 RUN apt-get update && apt-get install -y -qq apt-transport-https curl \
  && echo "deb https://packages.wand.net.nz xenial main" > /etc/apt/sources.list.d/wand.list \
  && curl https://packages.wand.net.nz/keyring.gpg -o /etc/apt/trusted.gpg.d/wand.gpg \
@@ -32,5 +33,8 @@ RUN apt-get update && apt-get install -y -qq apt-transport-https curl \
 WORKDIR /opt/multicloud/k8s
 ADD ./k8plugin ./
 ADD ./*.so ./
+RUN chown onap:onap /opt/multicloud/k8s -R
+
+USER onap
 
 CMD ["./k8plugin"]