Skip to content

Commit

Permalink
Dockerfile: Run houndd as unprivileged user
Browse files Browse the repository at this point in the history 
Being root in a container is like being root on the host machine[1]. Houndd
doesn't need root priviliges so it can be run as unprivileged user.

[1] https://stackoverflow.com/questions/19054029/security-of-docker-as-it-runs-as-root-user
  • Loading branch information
Fabien Bochu committed Feb 26, 2016
1 parent 22f3250 commit 3059a4c
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,10 @@ FROM golang

COPY . /go/src/github.com/etsy/hound
ONBUILD COPY config.json /hound/
RUN adduser --uid 999 --gecos ,,, --disabled-password --home /hound hound
RUN go-wrapper install github.com/etsy/hound/cmds/houndd

USER hound
EXPOSE 6080

ENTRYPOINT ["/go/bin/houndd", "-conf", "/hound/config.json"]

0 comments on commit 3059a4c

Please sign in to comment.