This repository has been archived by the owner on Jul 20, 2018. It is now read-only.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a proposal for resolving #23. It does two things:
app
is created in all images. The user is explicitly created with highuid
andgid
, in order to make collisions with the host improbable.CMD
commands are changed to execute asapp
instead ofroot
(usingsu -c ...
). This matters most foronbuild
, which is most likely to use the default command, but is also useful in the other variants (as an example for proper invocation).I decided not to use
USER app
for changing the user, because that would have unwanted side effects and would likely break many derivative images. For example, derivatives would have to change back toUSER root
in order to install additional distro packages.There is one caveat with this change. Apps can no longer write inside their src directory by default (as it is owned by
root
). IMHO this is a feature, not a bug - apps should not be able to modify their own source. They should use/home/app
for storage instead, or a volume, or another location with explicitly set permissions.