Merge pull request #196 from Luzilla/run-non-root

Update(docker): run as non-root (nobody/nogroup)
Luzilla · Jan 20, 2024 · 165358e · 165358e
2 parents e9a16fa + 2a705f0
commit 165358e
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,9 @@
 FROM debian:stable-slim
 
+# nobody / nogroup
+ARG DNSBL_USER=65534
+ARG DNSBL_GROUP=65534
+
 ENV DNSBL_EXP_RESOLVER=ubound:53
 ENV DNSBL_EXP_RBLS=/etc/dnsbl-exporter/rbls.ini
 ENV DNSBL_EXP_TARGETS=/etc/dnsbl-exporter/targets.ini
@@ -10,6 +14,9 @@ RUN mkdir -p /etc/dnsbl-exporter
 COPY rbls.ini /etc/dnsbl-exporter/
 COPY targets.ini /etc/dnsbl-exporter/
 
+RUN chown -R $DNSBL_USER:$DNSBL_GROUP /etc/dnsbl-exporter
+USER $DNSBL_USER:$DNSBL_GROUP
+
 EXPOSE 9211
 
 ENTRYPOINT ["/usr/bin/dnsbl-exporter"]