Run container as non root

This commit is contained in:
Finn Herzfeld 2018-12-03 09:34:46 -08:00
parent 7214370650
commit 91c3750911
2 changed files with 2 additions and 1 deletions

View file

@ -12,4 +12,4 @@ build:signal-server:
- docker push ${CI_REGISTRY_IMAGE}/signal-server:${CI_COMMIT_SHA:0:8} - docker push ${CI_REGISTRY_IMAGE}/signal-server:${CI_COMMIT_SHA:0:8}
- docker push ${CI_REGISTRY_IMAGE}/signal-server:${CI_COMMIT_REF_SLUG} - docker push ${CI_REGISTRY_IMAGE}/signal-server:${CI_COMMIT_REF_SLUG}
- docker push ${CI_REGISTRY_IMAGE}/signal-server:${VERSION} - docker push ${CI_REGISTRY_IMAGE}/signal-server:${VERSION}
- echo "docker pull ${CI_REGISTRY_IMAGE}/signal-server:${CI_COMMIT_SHA:0:8}" - echo "docker pull ${CI_REGISTRY_IMAGE}/signal-server:${VERSION}"

View file

@ -10,4 +10,5 @@ RUN apt-get update && apt-get install -y openjdk-8-jre-headless
COPY --from=build /usr/local/src/Signal-Server/target/TextSecureServer-2.02.jar /usr/share/TextSecureServer.jar COPY --from=build /usr/local/src/Signal-Server/target/TextSecureServer-2.02.jar /usr/share/TextSecureServer.jar
RUN useradd signal RUN useradd signal
RUN chown -R signal /usr/share/TextSecureServer.jar RUN chown -R signal /usr/share/TextSecureServer.jar
USER signal
ENTRYPOINT ["java", "-jar", "/usr/share/TextSecureServer.jar"] ENTRYPOINT ["java", "-jar", "/usr/share/TextSecureServer.jar"]