Skip to content
This repository has been archived by the owner on Apr 25, 2023. It is now read-only.

Commit

Permalink
Make athenapdf-service run as non-root user
Browse files Browse the repository at this point in the history 
 - Xvfb needs the directory /tmp/.X11-unix/ to be owned by root
 - headless chrome needs a writeable HOME directory
 - enables to run the image for example with "-u 101010:0"
 - the server can be run on OpenShift and K8s clusters with SCC
  • Loading branch information
@derkoe
derkoe committed May 6, 2019
1 parent 2791e6a commit fa5e36b
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions weaver/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,15 @@ RUN \
wget https://github.com/Yelp/dumb-init/releases/download/v1.0.0/dumb-init_1.0.0_amd64.deb \
&& dpkg -i dumb-init_*.deb \
&& rm dumb-init_*.deb \
&& mkdir -p /athenapdf-service/tmp/
&& mkdir -p /athenapdf-service/tmp/ \
&& mkdir -p /tmp/.X11-unix/ \
&& chmod 777 /tmp/.X11-unix/

COPY build/weaver /athenapdf-service/
WORKDIR /athenapdf-service/

ENV PATH /athenapdf-service/:$PATH
ENV PATH /athenapdf-service/:$PATH \
HOME=/tmp

COPY conf/ /athenapdf-service/conf/

Expand Down

0 comments on commit fa5e36b

Please sign in to comment.