Use non root for containers

2023-11-13 03:36:10 -07:00
parent f6b2186824
commit d607c9c821
2 changed files with 20 additions and 4 deletions
--- a/Dockerfile.slim
+++ b/Dockerfile.slim
@@ -32,12 +32,20 @@ ENV WHITELIST_LIBRARY_TYPE  ''
 ENV BLACKLIST_USERS  ''
 ENV WHITELIST_USERS  ''

+
+RUN addgroup --system jellyplex_user && \
+    adduser --system --no-create-home jellyplex_user --ingroup jellyplex_user && \
+    mkdir -p /app && \
+    chown -R jellyplex_user:jellyplex_user /app
+
 WORKDIR /app

-COPY ./requirements.txt ./
+COPY --chown=jellyplex_user:jellyplex_user ./requirements.txt ./

 RUN pip install --no-cache-dir -r requirements.txt

-COPY . .
+COPY --chown=jellyplex_user:jellyplex_user . .
+
+USER jellyplex_user

 CMD ["python", "-u", "main.py"]