absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-09 04:39:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't run apps in Docker as root

Browse Source
This commit is contained in:
Luke Parker
2023-07-30 07:23:14 -04:00
parent 9b79c4dc0c
commit 4c801df4f2
7 changed files with 56 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
orchestration/serai/Dockerfile
View File

@@ -35,14 +35,18 @@ RUN --mount=type=cache,target=/root/.cargo \
FROM debian:bookworm-slim as image
LABEL description="STAGE 2: Copy and Run"
# Upgrade packages
RUN apt update && apt upgrade -y
# Switch to a non-root user
RUN useradd --system --home /home/serai --shell /sbin/nologin serai
USER serai
WORKDIR /home/serai
# Copy necessary files to run node
COPY --from=builder /serai/bin/serai-node /bin/
COPY --from=builder /serai/AGPL-3.0 .
# Upgrade packages
RUN apt update && apt upgrade -y
COPY --from=builder --chown=serai /serai/bin/serai-node /bin/
COPY --from=builder --chown=serai /serai/AGPL-3.0 .
# Run node
EXPOSE 30333 9615 9933 9944