From 7b4bec46bb1559d643c5a9733610b7d79a037c5f Mon Sep 17 00:00:00 2001
From: Gilles Filippini <pini@debian.org>
Date: Mon, 17 Jan 2022 17:55:10 +0100
Subject: [PATCH] build (docker): run as unpriviledged user duniter

Fix #23.
---
 docker/Dockerfile | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index cc930872f..4a6847a3e 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -35,12 +35,15 @@ LABEL maintainer="Gilles Filippini <gilles.filippini@pini.fr>"
 LABEL version="0.0.0"
 LABEL description="Crypto-currency software (based on Substrate framework) to operate Äž1 libre currency"
 
-# Intall
-COPY --from=build /root/build/duniter /usr/local/bin/duniter
-COPY docker/docker-entrypoint /usr/local/bin/
+RUN adduser --home /var/lib/duniter duniter
 
 # Configuration
 # rpc, rpc-ws, p2p, telemetry
 EXPOSE 9933 9944 30333 9615
 VOLUME /var/lib/duniter
 ENTRYPOINT ["docker-entrypoint"]
+USER duniter
+
+# Intall
+COPY --from=build /root/build/duniter /usr/local/bin/duniter
+COPY docker/docker-entrypoint /usr/local/bin/
-- 
GitLab