From d08b49a1d1747c7c10a60ae905ac7fcd86ce2721 Mon Sep 17 00:00:00 2001
From: Antonio Murdaca <amurdaca@redhat.com>
Date: Mon, 4 Nov 2024 14:07:03 +0100
Subject: [PATCH] Makefile/Dockerfile: fix nonroot user usage

When using distroless tag `nonroot` we don't need to use the USER
directive in the Dockerfile.
Plus, nonroot can't write to /app or anywhere else so we should prefix
the db path with nonroot's home as well in order to avoid a sketchy
permission denied.

Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
---
 Dockerfile | 1 -
 Makefile   | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 772aa34..0fa8009 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,7 +14,6 @@ FROM gcr.io/distroless/static-debian12:nonroot
 
 WORKDIR /app
 COPY --from=builder /app/fdo_server /app/fdo_server
-USER nonroot
 
 ENTRYPOINT ["./fdo_server"]
 CMD []
\ No newline at end of file
diff --git a/Makefile b/Makefile
index 9d2ada6..bb0aefd 100644
--- a/Makefile
+++ b/Makefile
@@ -26,7 +26,7 @@ build:
 # Run the Docker container with all flags
 run:
 	${CONTAINER_RUNTIME} run -v $(PWD)/app-data:/app-data:rw --name $(CONTAINER_NAME) -d --network=$(NETWORK) $(IMAGE_NAME) \
-		-db $(DB_PATH) \
+		-db /home/nonroot/$(DB_PATH) \
 		$(if $(DB_PASS),-db-pass $(DB_PASS)) \
 		$(DEBUG) \
 		-http $(HTTP_ADDR) \