Code Review / ccsdk / distribution.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Run CCSDK dockers as non-root
[ccsdk/distribution.git] / saltstack-server / src / main / docker / Dockerfile
diff --git a/saltstack-server/src/main/docker/Dockerfile b/saltstack-server/src/main/docker/Dockerfile
index eeebef4..3226e47 100644 (file)
--- a/saltstack-server/src/main/docker/Dockerfile
+++ b/saltstack-server/src/main/docker/Dockerfile
@@ -10,4 +10,12 @@ RUN yum clean all && \
 
 EXPOSE 4505 4506
 
-CMD /usr/bin/salt-master -d; /bin/bash
+# Create non root user
+RUN groupadd --system saltstack && useradd --system -g saltstack saltstack
+RUN chown -R saltstack /etc/salt /var/cache/salt /var/log/salt
+RUN mkdir /var/run/salt && chown saltstack:saltstack /var/run/salt
+
+USER saltstack
+
+# Run salt-master in foreground (not as a daemon)
+CMD /usr/bin/salt-master
\ No newline at end of file
CCSDK distribution packaging (e.g. docker containers)