mirror of
https://github.com/jessfraz/dockerfiles.git
synced 2024-11-27 04:16:45 +01:00
Add a shim to znc
This serves to do two things: 1) chown /znc to znc:znc, which is really handy if the znc user inside the docker container has a new uid, because the files are stored on the host filesystem. 2) to drop privs to the znc user, to reduce the attack surface.
This commit is contained in:
parent
0c699d40b8
commit
16a78e70ce
|
@ -7,6 +7,7 @@ RUN apt-get update && apt-get install -y \
|
|||
libperl-dev \
|
||||
pkg-config \
|
||||
curl \
|
||||
sudo \
|
||||
--no-install-recommends
|
||||
|
||||
# get the source
|
||||
|
@ -15,7 +16,21 @@ RUN curl -sSL http://znc.in/releases/znc-latest.tar.gz | tar -v -C /znc-tmp -xz
|
|||
RUN mv /znc-tmp/znc* /znc; rm -rf /znc-tmp
|
||||
|
||||
# install it
|
||||
RUN cd /znc; ./configure; make; make install
|
||||
RUN cd /znc; ./configure; make -j8; make install
|
||||
RUN rm -rf /znc
|
||||
RUN mkdir /znc
|
||||
ADD znc-shim /usr/local/bin/znc-shim
|
||||
|
||||
RUN adduser \
|
||||
--system \
|
||||
--home=/znc \
|
||||
--shell=/bin/sh \
|
||||
--no-create-home \
|
||||
--group \
|
||||
znc
|
||||
|
||||
WORKDIR /znc
|
||||
ENTRYPOINT ["/usr/local/bin/znc-shim"]
|
||||
|
||||
# make basic config
|
||||
# RUN znc --makeconf
|
||||
|
@ -23,4 +38,4 @@ RUN cd /znc; ./configure; make; make install
|
|||
# add local config
|
||||
# ADD conf /.znc
|
||||
|
||||
# CMD [ "znc", "-f", "-r" ]
|
||||
# CMD [ "znc", "-f", "-r" ]
|
||||
|
|
11
znc/znc-shim
Executable file
11
znc/znc-shim
Executable file
|
@ -0,0 +1,11 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
ZNC_DIR="/znc"
|
||||
ZNC_OWNER=$(stat -c "%U" ${ZNC_DIR})
|
||||
|
||||
if [ "${ZNC_OWNER}" != "znc" ]; then
|
||||
chown -R znc:znc ${ZNC_DIR}
|
||||
fi
|
||||
|
||||
exec sudo -u znc "$@"
|
Loading…
Reference in New Issue
Block a user