Skip to content

Commit

Permalink
Non-root users for all templates
Browse files Browse the repository at this point in the history 
Update all python-flask templates to use a non-root user

Signed-off-by: Burton Rheutan <[email protected]>
  • Loading branch information
@burtonr @alexellis
burtonr authored and alexellis committed Jun 7, 2019
1 parent f016955 commit ccf3ba6
Show file tree
Hide file tree
Showing 3 changed files with 60 additions and 18 deletions.
26 changes: 20 additions & 6 deletions template/python27-flask/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,20 +8,34 @@ ARG ADDITIONAL_PACKAGE
# Alternatively use ADD https:// (which will not be cached by Docker builder)
RUN apk --no-cache add ${ADDITIONAL_PACKAGE}

WORKDIR /root/
# Add non root user
RUN addgroup -S app && adduser app -S -G app
RUN chown app /home/app

USER app

ENV PATH=$PATH:/home/app/.local/bin

WORKDIR /home/app/

COPY index.py .
COPY requirements.txt .
USER root
RUN pip install -r requirements.txt
COPY index.py .
USER app

RUN mkdir -p function
RUN touch ./function/__init__.py
WORKDIR /root/function/
WORKDIR /home/app/function/
COPY function/requirements.txt .
RUN pip install -r requirements.txt
RUN pip install --user -r requirements.txt

WORKDIR /home/app/

WORKDIR /root/
COPY function function
USER root
COPY function function
RUN chown -R app:app ./
USER app

ENV fprocess="python index.py"
ENV cgi_headers="true"
Expand Down
26 changes: 20 additions & 6 deletions template/python3-flask-armhf/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,20 +9,34 @@ RUN apk --no-cache add curl \

RUN apk --no-cache add musl-dev gcc make openssl-dev libffi-dev

WORKDIR /root/
# Add non root user
RUN addgroup -S app && adduser app -S -G app
RUN chown app /home/app

USER app

ENV PATH=$PATH:/home/app/.local/bin

WORKDIR /home/app/

COPY index.py .
COPY requirements.txt .
USER root
RUN pip install -r requirements.txt
COPY index.py .
USER app

RUN mkdir -p function
RUN touch ./function/__init__.py
WORKDIR /root/function/
WORKDIR /home/app/function/
COPY function/requirements.txt .
RUN pip install -r requirements.txt
RUN pip install --user -r requirements.txt

WORKDIR /home/app/

WORKDIR /root/
COPY function function
USER root
COPY function function
RUN chown -R app:app ./
USER app

ENV fprocess="python index.py"

Expand Down
26 changes: 20 additions & 6 deletions template/python3-flask/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,20 +7,34 @@ RUN chmod +x /usr/bin/fwatchdog
ARG ADDITIONAL_PACKAGE
RUN apk --no-cache add musl-dev gcc make ${ADDITIONAL_PACKAGE}

WORKDIR /root/
# Add non root user
RUN addgroup -S app && adduser app -S -G app
RUN chown app /home/app

USER app

ENV PATH=$PATH:/home/app/.local/bin

WORKDIR /home/app/

COPY index.py .
COPY requirements.txt .
USER root
RUN pip install -r requirements.txt
COPY index.py .
USER app

RUN mkdir -p function
RUN touch ./function/__init__.py
WORKDIR /root/function/
WORKDIR /home/app/function/
COPY function/requirements.txt .
RUN pip install -r requirements.txt
RUN pip install --user -r requirements.txt

WORKDIR /home/app/

WORKDIR /root/
COPY function function
USER root
COPY function function
RUN chown -R app:app ./
USER app

ENV fprocess="python index.py"

Expand Down

0 comments on commit ccf3ba6

Please sign in to comment.