Skip to content

Commit

Permalink
Merge pull request #17 from iris-connect/feature/nonrootimage
Browse files Browse the repository at this point in the history 
chore: creates and uses the non-privileged user iris in EPS Docker files
  • Loading branch information
@adewes
adewes authored Sep 24, 2021
2 parents 48aa25c + b0b5a25 commit c4066f6
Show file tree
Hide file tree
Showing 8 changed files with 49 additions and 6 deletions.
7 changes: 7 additions & 0 deletions .scripts/entrypoint-eps.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
#!/bin/sh

if ! su iris -c "find ./settings -type f -exec cat {} > /dev/null +"; then
chown -R iris:iris ./settings
fi

exec su iris -c "./eps $*"
7 changes: 7 additions & 0 deletions .scripts/entrypoint-proxy.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
#!/bin/sh

if ! su iris -c "find ./settings -type f -exec cat {} > /dev/null +"; then
chown -R iris:iris ./settings
fi

exec su iris -c "./proxy $*"
7 changes: 7 additions & 0 deletions .scripts/entrypoint-sd.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
#!/bin/sh

if ! su iris -c "find ./settings -type f -exec cat {} > /dev/null +"; then
chown -R iris:iris ./settings
fi

exec su iris -c "./sd $*"
9 changes: 7 additions & 2 deletions docker/Eps.dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,11 @@ COPY . .
RUN make

FROM alpine:latest

# Create a group and user
RUN addgroup --gid 9999 iris && adduser --disabled-password --gecos '' --uid 9999 -G iris -s /bin/ash iris

WORKDIR /app
COPY --from=builder /go/bin/eps /app/eps
ENTRYPOINT ["./eps"]
COPY --from=builder /go/bin/eps /app/.scripts/entrypoint-eps.sh /app/

ENTRYPOINT ["/bin/sh", "./entrypoint-eps.sh"]
6 changes: 6 additions & 0 deletions docker/InternalServer.dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,12 @@ COPY . .
RUN make examples

FROM alpine:latest

# Create a group and user
RUN addgroup --gid 9999 iris && adduser --disabled-password --gecos '' --uid 9999 -G iris -s /bin/ash iris
# Change to non-root privilege
USER iris:iris

WORKDIR /app
COPY --from=builder /go/bin/internal-server /app/internal-server
ENTRYPOINT ["./internal-server"]
9 changes: 7 additions & 2 deletions docker/Proxy.dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,11 @@ COPY . .
RUN make

FROM alpine:latest

# Create a group and user
RUN addgroup --gid 9999 iris && adduser --disabled-password --gecos '' --uid 9999 -G iris -s /bin/ash iris

WORKDIR /app
COPY --from=builder /go/bin/proxy /app/proxy
ENTRYPOINT ["./proxy"]
COPY --from=builder /go/bin/proxy /app/.scripts/entrypoint-proxy.sh /app/

ENTRYPOINT ["/bin/sh", "./entrypoint-proxy.sh"]
1 change: 1 addition & 0 deletions docker/Scripts.dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ RUN apk add --update bash
RUN apk add --update coreutils && rm -rf /var/cache/apk/*
RUN bash --version
RUN bash

WORKDIR /app
COPY . .
ENTRYPOINT [ "make" ]
9 changes: 7 additions & 2 deletions docker/Sd.dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,11 @@ COPY . .
RUN make

FROM alpine:latest

# Create a group and user
RUN addgroup --gid 9999 iris && adduser --disabled-password --gecos '' --uid 9999 -G iris -s /bin/ash iris

WORKDIR /app
COPY --from=builder /go/bin/sd /app/sd
ENTRYPOINT ["./sd"]
COPY --from=builder /go/bin/sd /app/.scripts/entrypoint-sd.sh /app/

ENTRYPOINT ["/bin/sh", "./entrypoint-sd.sh"]

0 comments on commit c4066f6

Please sign in to comment.