Fix bug 1705 - Adding non-root user to run RO
Change-Id: I3b5ccbd3efe4284996c81ebc65fc4adf53e9914e
Signed-off-by: sousaedu <eduardo.sousa@canonical.com>
diff --git a/docker/RO/Dockerfile b/docker/RO/Dockerfile
index 4e7d548..eed0575 100644
--- a/docker/RO/Dockerfile
+++ b/docker/RO/Dockerfile
@@ -91,10 +91,21 @@
COPY --from=INSTALL /usr/bin/genisoimage /usr/bin/genisoimage
COPY --from=INSTALL /etc/protocols /etc/protocols
-VOLUME /var/log/osm
-
EXPOSE 9090
+# Creating the user for the app
+RUN groupadd -g 1000 appuser && \
+ useradd -u 1000 -g 1000 -d /app appuser && \
+ mkdir -p /app/osm_ro && \
+ mkdir -p /app/storage/kafka && \
+ mkdir /app/log && \
+ chown -R appuser:appuser /app
+
+WORKDIR /app/osm_ro
+
+# Changing the security context
+USER appuser
+
# Two mysql databases are needed (DB and DB_OVIM). Can be hosted on same or separated containers
# These ENV must be provided
ENV RO_DB_HOST=""
@@ -136,4 +147,3 @@
CMD curl --silent --fail http://localhost:9090/ro || exit 1
CMD ["python3", "-u", "-m", "osm_ng_ro.ro_main"]
-