empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 00:45:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updated .dockerignore and added non-root user to Dockerfile (#143)

Browse Source 
Running applications as root (default Docker user) is not a good security practice. The goal of this PR is to run the Fleet application as a non-root user. 

For development you can still access the container as root with the following command: `docker run -it --user=0 <fleetdm container ID> bash`
This commit is contained in:
CptOfEvilMinions 2020-12-22 10:23:17 -06:00 committed by GitHub
parent 19816cee1a
commit f735317f07
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.dockerignore
View File

@ -1,2 +1,3 @@
*
!build/
!build/binary-bundle/linux/fleet
!build/binary-bundle/linux/fleetctl

4
Dockerfile
View File

@ -3,6 +3,10 @@ MAINTAINER Fleet Developers <engineering@fleetdm.com>
RUN apk --update add ca-certificates
# Create FleetDM group and user
RUN addgroup -S fleet && adduser -S fleet -G fleet
COPY ./build/binary-bundle/linux/fleet ./build/binary-bundle/linux/fleetctl /usr/bin/
USER fleet
CMD ["fleet", "serve"]