Don't run as root inside Docker (#1259)

2016-10-24 08:58:03 +02:00 · 2016-10-24 08:58:03 +02:00 · 52d7ff3da4
parent 45246ec02d
commit 52d7ff3da4
2 changed files with 15 additions and 5 deletions
--- a/18
+++ b/18
@ -1,11 +1,21 @@
 FROM sitespeedio/webbrowsers:firefox-49.0-chrome-54.0

-RUN mkdir -p /usr/src/app
-WORKDIR /usr/src/app
+RUN useradd --user-group --create-home --shell /bin/false app

-COPY package.json /usr/src/app/
+ENV HOME=/home/app
+
+COPY package.json $HOME
+RUN chown -R app:app $HOME/*
+
+USER app
+WORKDIR $HOME
 RUN npm install --production
-COPY . /usr/src/app
+
+USER root
+COPY . $HOME
+
+RUN chown -R app:app $HOME/*
+USER app

 COPY docker/scripts/start.sh /start.sh

--- a/docker/scripts/start.sh
+++ b/docker/scripts/start.sh
@ -10,4 +10,4 @@ echo 'Starting Xvfb ...'
 export DISPLAY=:99
 2>/dev/null 1>&2 Xvfb :99  -ac -nolisten tcp -screen 0 1500x1200x16 &
 sleep 1
-exec node --max-old-space-size=$MAX_OLD_SPACE_SIZE /usr/src/app/bin/sitespeed.js "$@"
+exec node --max-old-space-size=$MAX_OLD_SPACE_SIZE /home/app/bin/sitespeed.js "$@"