From d941d9be879512cbb6be3e0d98642f876bab1269 Mon Sep 17 00:00:00 2001
From: Cédric Ollivier <cedric.ollivier@orange.com>
Date: Tue, 12 Apr 2022 11:11:03 +0200
Subject: Define xtesting user to harden security
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It applies security guidelines even if everybody was already
free to harden his own containers via the python package.

Change-Id: Ia9936d158c02b4e5c86386cb046ff7e35af07f03
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
---
 docker/core/Dockerfile | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'docker/core/Dockerfile')

diff --git a/docker/core/Dockerfile b/docker/core/Dockerfile
index c91c636e..668561f1 100644
--- a/docker/core/Dockerfile
+++ b/docker/core/Dockerfile
@@ -24,6 +24,9 @@ RUN apk -U upgrade && \
         -chttps://git.opnfv.org/functest-xtesting/plain/upper-constraints.txt?h=$BRANCH \
         /src/functest-xtesting && \
     rm -r /src/functest-xtesting upper-constraints.txt && \
+    addgroup -g 1000 xtesting && adduser -u 1000 -G xtesting -D xtesting && \
+    mkdir -p /var/lib/xtesting/results && chown -R xtesting: /var/lib/xtesting && \
     apk del .build-deps
 COPY testcases.yaml /usr/lib/python3.9/site-packages/xtesting/ci/testcases.yaml
+USER xtesting
 CMD ["run_tests", "-t", "all"]
-- 
cgit 1.2.3-korg