cn/dyndnsd
1
0
Fork 0
mirror of https://github.com/cmur2/dyndnsd.git synced 2024-12-22 00:54:22 +01:00
Code Releases Activity

docker: run as non-root user by default

Browse Source
This commit is contained in:
cn 2021-04-02 10:54:48 +02:00 committed by Christian Nicolai
parent 53af02398d
commit 6374837156
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@ -1,5 +1,11 @@
# Changelog # Changelog
## 3.4.0 (April 2, 2021)
IMPROVEMENTS:
- **change** Docker image to run as non-root user `65534` by default, limits attack surface for security and gives OpenShift compatibility
## 3.3.3 (April 1, 2021) ## 3.3.3 (April 1, 2021)
OTHER: OTHER:

6
docker/Dockerfile
View File

@ -12,4 +12,10 @@ RUN apk --no-cache add openssl ca-certificates && \
cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \ cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
apk del .build-deps apk del .build-deps
# Follow the principle of least privilege: run as unprivileged user.
# Running as non-root enables running this image in platforms like OpenShift
# that do not allow images running as root.
# User ID 65534 is usually user 'nobody'.
USER 65534
ENTRYPOINT ["dyndnsd", "/etc/dyndnsd/config.yml"] ENTRYPOINT ["dyndnsd", "/etc/dyndnsd/config.yml"]