diff options
author | Cédric Ollivier <cedric.ollivier@orange.com> | 2022-04-12 11:11:03 +0200 |
---|---|---|
committer | Cédric Ollivier <cedric.ollivier@orange.com> | 2022-04-14 17:13:44 +0200 |
commit | d941d9be879512cbb6be3e0d98642f876bab1269 (patch) | |
tree | 45e2b3436a7c86e99083c88c752fd2c4e1854bbb | |
parent | 2ee3d64d2d92e6f9a04c8043aa1ac3210941857f (diff) |
Define xtesting user to harden security
It applies security guidelines even if everybody was already
free to harden his own containers via the python package.
Change-Id: Ia9936d158c02b4e5c86386cb046ff7e35af07f03
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
-rw-r--r-- | docker/core/Dockerfile | 3 | ||||
-rw-r--r-- | docker/mts/Dockerfile | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/docker/core/Dockerfile b/docker/core/Dockerfile index c91c636e..668561f1 100644 --- a/docker/core/Dockerfile +++ b/docker/core/Dockerfile @@ -24,6 +24,9 @@ RUN apk -U upgrade && \ -chttps://git.opnfv.org/functest-xtesting/plain/upper-constraints.txt?h=$BRANCH \ /src/functest-xtesting && \ rm -r /src/functest-xtesting upper-constraints.txt && \ + addgroup -g 1000 xtesting && adduser -u 1000 -G xtesting -D xtesting && \ + mkdir -p /var/lib/xtesting/results && chown -R xtesting: /var/lib/xtesting && \ apk del .build-deps COPY testcases.yaml /usr/lib/python3.9/site-packages/xtesting/ci/testcases.yaml +USER xtesting CMD ["run_tests", "-t", "all"] diff --git a/docker/mts/Dockerfile b/docker/mts/Dockerfile index eae61aab..ae32d8b8 100644 --- a/docker/mts/Dockerfile +++ b/docker/mts/Dockerfile @@ -7,6 +7,7 @@ ENV JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk ENV NGN_JAVA_HOME=${JAVA_HOME}/bin ENV MAVEN_OPTS=$MAVEN_OPTS +USER root COPY mts-installer.properties /src/mts-installer.properties RUN case $(uname -m) in x86_64) \ apk --no-cache add --update openjdk8-jre && \ @@ -22,4 +23,5 @@ RUN case $(uname -m) in x86_64) \ rm -rf /root/.m2/ ${APP_FOLDER}/tutorial /src/mts-installer.properties /src/git-mts && \ apk del .build-deps;; esac COPY testcases.yaml /usr/lib/python3.9/site-packages/xtesting/ci/testcases.yaml +USER xtesting CMD ["run_tests", "-t", "all"] |