ADD: run imapfilter as a user not root
continuous-integration/drone Build is passing
Details
continuous-integration/drone Build is passing
Details
This commit is contained in:
parent
aea097240e
commit
ad9f7c30d6
|
@ -18,8 +18,20 @@ RUN mkdir -p /usr/local/share/imapfilter
|
||||||
|
|
||||||
COPY --from=builder /src/imapfilter/src/imapfilter /usr/local/bin/
|
COPY --from=builder /src/imapfilter/src/imapfilter /usr/local/bin/
|
||||||
COPY --from=builder /src/imapfilter/src/*.lua /usr/local/share/imapfilter/
|
COPY --from=builder /src/imapfilter/src/*.lua /usr/local/share/imapfilter/
|
||||||
|
|
||||||
|
# ensure every user can run imapfilter
|
||||||
|
RUN chmod a+x /usr/local/bin/imapfilter
|
||||||
|
|
||||||
ADD scripts/entryPoint.sh /entryPoint.sh
|
ADD scripts/entryPoint.sh /entryPoint.sh
|
||||||
|
|
||||||
RUN chmod +x /entryPoint.sh
|
RUN chmod +x /entryPoint.sh
|
||||||
|
|
||||||
|
# add a user for running imapfilter in the container
|
||||||
|
RUN addgroup imapfilter && adduser -D -G imapfilter imapfilter
|
||||||
|
# ensure a homedirectory for the user exists and has correct access rights
|
||||||
|
RUN mkdir -p /home/imapfilter && chown imapfilter.imapfilter /home/imapfilter
|
||||||
|
|
||||||
|
# run everything as the imapfilter user
|
||||||
|
USER imapfilter
|
||||||
|
|
||||||
ENTRYPOINT ["/sbin/tini", "--", "/entryPoint.sh"]
|
ENTRYPOINT ["/sbin/tini", "--", "/entryPoint.sh"]
|
|
@ -1,9 +1,9 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
export IMAPFILTER_HOME=/imapfilter/
|
export IMAPFILTER_HOME=/home/imapfilter/
|
||||||
|
|
||||||
if [ ! -e ${IMAPFILTER_HOME}/config.lua ]; then
|
if [ ! -e ${IMAPFILTER_HOME}/config.lua ]; then
|
||||||
echo "please provide a config.lua from a configmap"
|
echo "please provide a config.lua from a configmap or bindmount to ${IMAPFILTER_HOME}/config.lua"
|
||||||
exit 255
|
exit 255
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue