absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-08 12:19:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't run apps in Docker as root

Browse Source
This commit is contained in:
Luke Parker
2023-07-30 07:23:14 -04:00
parent 9b79c4dc0c
commit 4c801df4f2
7 changed files with 56 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
orchestration/processor/Dockerfile
View File

@@ -35,14 +35,18 @@ RUN --mount=type=cache,target=/root/.cargo \
FROM debian:bookworm-slim as image
LABEL description="STAGE 2: Copy and Run"
WORKDIR /home/serai
# Copy necessary files to run node
COPY --from=builder /serai/bin/serai-processor /bin/
COPY --from=builder /serai/AGPL-3.0 .
# Upgrade packages and install openssl
RUN apt update && apt upgrade -y && apt install -y libssl-dev
# Switch to a non-root user
RUN useradd --system --create-home --shell /sbin/nologin processor
USER processor
WORKDIR /home/processor
# Copy necessary files to run node
COPY --from=builder --chown=processsor /serai/bin/serai-processor /bin/
COPY --from=builder --chown=processsor /serai/AGPL-3.0 .
# Run processor
CMD ["serai-processor"]