From 52d7ff3da4cd7c4146bdf753ef248a8de9a4f3ab Mon Sep 17 00:00:00 2001
From: Peter Hedenskog <peter@soulgalore.com>
Date: Mon, 24 Oct 2016 08:58:03 +0200
Subject: [PATCH] Don't run as root inside Docker (#1259)

---
 Dockerfile              | 18 ++++++++++++++----
 docker/scripts/start.sh |  2 +-
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 51e49cfe6..988b8d181 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,11 +1,21 @@
 FROM sitespeedio/webbrowsers:firefox-49.0-chrome-54.0
 
-RUN mkdir -p /usr/src/app
-WORKDIR /usr/src/app
+RUN useradd --user-group --create-home --shell /bin/false app
 
-COPY package.json /usr/src/app/
+ENV HOME=/home/app
+
+COPY package.json $HOME
+RUN chown -R app:app $HOME/*
+
+USER app
+WORKDIR $HOME
 RUN npm install --production
-COPY . /usr/src/app
+
+USER root
+COPY . $HOME
+
+RUN chown -R app:app $HOME/*
+USER app
 
 COPY docker/scripts/start.sh /start.sh
 
diff --git a/docker/scripts/start.sh b/docker/scripts/start.sh
index 5049a0592..b1a31aa49 100755
--- a/docker/scripts/start.sh
+++ b/docker/scripts/start.sh
@@ -10,4 +10,4 @@ echo 'Starting Xvfb ...'
 export DISPLAY=:99
 2>/dev/null 1>&2 Xvfb :99  -ac -nolisten tcp -screen 0 1500x1200x16 &
 sleep 1
-exec node --max-old-space-size=$MAX_OLD_SPACE_SIZE /usr/src/app/bin/sitespeed.js "$@"
+exec node --max-old-space-size=$MAX_OLD_SPACE_SIZE /home/app/bin/sitespeed.js "$@"