aboutsummaryrefslogtreecommitdiffstats
path: root/docker/core
diff options
context:
space:
mode:
authorCédric Ollivier <cedric.ollivier@orange.com>2022-04-12 11:11:03 +0200
committerCédric Ollivier <cedric.ollivier@orange.com>2022-04-14 17:13:44 +0200
commitd941d9be879512cbb6be3e0d98642f876bab1269 (patch)
tree45e2b3436a7c86e99083c88c752fd2c4e1854bbb /docker/core
parent2ee3d64d2d92e6f9a04c8043aa1ac3210941857f (diff)
Define xtesting user to harden security
It applies security guidelines even if everybody was already free to harden his own containers via the python package. Change-Id: Ia9936d158c02b4e5c86386cb046ff7e35af07f03 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
Diffstat (limited to 'docker/core')
-rw-r--r--docker/core/Dockerfile3
1 files changed, 3 insertions, 0 deletions
diff --git a/docker/core/Dockerfile b/docker/core/Dockerfile
index c91c636e..668561f1 100644
--- a/docker/core/Dockerfile
+++ b/docker/core/Dockerfile
@@ -24,6 +24,9 @@ RUN apk -U upgrade && \
-chttps://git.opnfv.org/functest-xtesting/plain/upper-constraints.txt?h=$BRANCH \
/src/functest-xtesting && \
rm -r /src/functest-xtesting upper-constraints.txt && \
+ addgroup -g 1000 xtesting && adduser -u 1000 -G xtesting -D xtesting && \
+ mkdir -p /var/lib/xtesting/results && chown -R xtesting: /var/lib/xtesting && \
apk del .build-deps
COPY testcases.yaml /usr/lib/python3.9/site-packages/xtesting/ci/testcases.yaml
+USER xtesting
CMD ["run_tests", "-t", "all"]