From b85e3528fbf66988410b52d1c3dc7bf776b5908a Mon Sep 17 00:00:00 2001
From: Gilles Filippini <pini@debian.org>
Date: Mon, 17 Jan 2022 17:55:10 +0100
Subject: [PATCH] build (docker): run as unpriviledged user duniter

Fix #23.
---
 docker/Dockerfile | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 7f127762c..6e5dec012 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -37,12 +37,15 @@ LABEL maintainer="Gilles Filippini <gilles.filippini@pini.fr>"
 LABEL version="0.0.0"
 LABEL description="Crypto-currency software (based on Substrate framework) to operate Äž1 libre currency"
 
-# Intall
-COPY --from=build /root/build/duniter /usr/local/bin/duniter
-COPY docker/docker-entrypoint /usr/local/bin/
+RUN adduser --home /var/lib/duniter duniter
 
 # Configuration
 # rpc, rpc-ws, p2p, telemetry 
 EXPOSE 9933 9944 30333 9615
 VOLUME /var/lib/duniter
 ENTRYPOINT ["docker-entrypoint"]
+USER duniter
+
+# Intall
+COPY --from=build /root/build/duniter /usr/local/bin/duniter
+COPY docker/docker-entrypoint /usr/local/bin/
-- 
GitLab