From ad8941324949d50ed001ac7b94e1d12f0f43387b Mon Sep 17 00:00:00 2001 From: Damian Fajfer Date: Sat, 6 Apr 2024 02:54:52 +0200 Subject: [PATCH] Running gcups as non-root user --- gcups/Dockerfile | 9 ++++++--- gcups/init.sh | 6 ++++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/gcups/Dockerfile b/gcups/Dockerfile index b71f0d2..3154fe5 100644 --- a/gcups/Dockerfile +++ b/gcups/Dockerfile @@ -1,5 +1,5 @@ FROM docker.io/ubuntu:jammy-20240227 -RUN apt-get update && apt-get install --no-install-recommends -y wget gpg xvfb libgbm-dev libasound2 python3-pip && \ +RUN apt-get update && apt-get install --no-install-recommends -y wget gpg xvfb libgbm-dev libasound2 python3-pip dbus-user-session && \ wget -qO- https://gcups-static.greencell.global/csgsa-keyring.gpg | gpg --dearmor | dd of=/usr/share/keyrings/csgsa-keyring.gpg && \ echo "deb [arch=amd64 signed-by=/usr/share/keyrings/csgsa-keyring.gpg] https://gcups-static.greencell.global/deb stable non-free" | dd of=/etc/apt/sources.list.d/gcups.list && \ apt-get update -y && apt-get install --no-install-recommends -y gcups && \ @@ -8,9 +8,11 @@ RUN apt-get update && apt-get install --no-install-recommends -y wget gpg xvfb l python3 -m pip --no-cache-dir uninstall setuptools wheel && \ apt-get remove -y python3-pip && \ mkdir -m775 -p /opt/gcups/db/gcups-rxdb-1-settings && \ - rm -rf /opt/gcups/license /opt/gcups/manuals + rm -rf /opt/gcups/license /opt/gcups/manuals && rm -rf /tmp/* && \ + useradd -m gcups && chown -R gcups:gcups /opt/gcups && \ + mkdir /var/run/dbus && chown -R gcups:gcups /var/run/dbus -COPY init.sh populate-db.py db.txt /opt/ +COPY --chown=gcups:gcups init.sh populate-db.py db.txt /opt/ WORKDIR /opt RUN python3 populate-db.py @@ -18,4 +20,5 @@ ENV GCUPS_HTTP_PORT=8080 ENV GCUPS_PASSWORD=gcups123 EXPOSE $GCUPS_HTTP_PORT +USER gcups ENTRYPOINT ["/opt/init.sh"] diff --git a/gcups/init.sh b/gcups/init.sh index e726528..2003af2 100755 --- a/gcups/init.sh +++ b/gcups/init.sh @@ -6,6 +6,8 @@ service dbus start echo "GCUPS running on port: $GCUPS_HTTP_PORT" echo "Default webUI password: $GCUPS_PASSWORD" +echo -n "Running gcups " && xvfb-run gcups --version --no-sandbox -xvfb-run \ - gcups -vvv --no-sandbox +xvfb-run gcups --no-sandbox +echo "GCUPS webserver started" +tail -f /opt/gcups/log/error.log \ No newline at end of file