From 2a705f07f5c57f29dd5f58aba3ede34b317a5079 Mon Sep 17 00:00:00 2001
From: till <till@php.net>
Date: Sat, 20 Jan 2024 19:16:56 +0100
Subject: [PATCH] Update(docker): run as non-root (nobody/nogroup)

Resolves: #185
---
 Dockerfile | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index a075c57..fa8e0d7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,9 @@
 FROM debian:stable-slim
 
+# nobody / nogroup
+ARG DNSBL_USER=65534
+ARG DNSBL_GROUP=65534
+
 ENV DNSBL_EXP_RESOLVER=ubound:53
 ENV DNSBL_EXP_RBLS=/etc/dnsbl-exporter/rbls.ini
 ENV DNSBL_EXP_TARGETS=/etc/dnsbl-exporter/targets.ini
@@ -10,6 +14,9 @@ RUN mkdir -p /etc/dnsbl-exporter
 COPY rbls.ini /etc/dnsbl-exporter/
 COPY targets.ini /etc/dnsbl-exporter/
 
+RUN chown -R $DNSBL_USER:$DNSBL_GROUP /etc/dnsbl-exporter
+USER $DNSBL_USER:$DNSBL_GROUP
+
 EXPOSE 9211
 
 ENTRYPOINT ["/usr/bin/dnsbl-exporter"]