docker: run as non-root user by default

This commit is contained in:
cn 2021-04-02 10:54:48 +02:00
parent 9c50ae24ce
commit df5efaf20f
2 changed files with 12 additions and 0 deletions

View File

@ -1,5 +1,11 @@
# Changelog
## 3.4.0 (April 2, 2021)
IMPROVEMENTS:
- **change** Docker image to run as non-root user `65534` by default, limits attack surface for security and gives OpenShift compatibility
## 3.3.3 (April 1, 2021)
OTHER:

View File

@ -12,4 +12,10 @@ RUN apk --no-cache add openssl ca-certificates && \
cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
apk del .build-deps
# Follow the principle of least privilege: run as unprivileged user.
# Running as non-root enables running this image in platforms like OpenShift
# that do not allow images running as root.
# User ID 65534 is usually user 'nobody'.
USER 65534
ENTRYPOINT ["dyndnsd", "/etc/dyndnsd/config.yml"]