Do not run container as root

[verwilst]

Currently the container is running as root. The Helm chart on stable circumvents this by creating its own podsecuritypolicy that allows this. I would like to remove the PSP and make it use the default restricted profile.

Adding USER 33 to the Dockerfile, making it listen on port 8080 instead of 80, and not chowning the data dirs in the entrypoint should be enough to make it work.

[solidnerd]

I will look into it on the weekend. Bort Verwilst <notifications@github.com> schrieb am Fr. 20. Dez. 2019 um 16:51:

…

Currently the container is running as root. The Helm chart on stable circumvents this by creating its own podsecuritypolicy that allows this. I would like to remove the PSP and make it use the default restricted profile. Adding USER 33 to the Dockerfile, making it listen on port 8080 instead of 80, and not chowning the data dirs in the entrypoint should be enough to make it work. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#170?email_source=notifications&email_token=AAGYM33OADIUPXSEXBFUTDLQZTSX7A5CNFSM4J57TATKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IB76QGQ>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAGYM3YOK7PLPD63OUWWP53QZTSX7ANCNFSM4J57TATA> .