From 282f62fc30352fa1ea801c2ae7652e538a922eb4 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Sat, 22 Feb 2025 04:02:10 +0100
Subject: [PATCH] docker: run minedmap as unpriviledged user

---
 Dockerfile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index e052309..bb0e0ad 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,7 +9,12 @@ RUN strip target/release/minedmap
 
 FROM docker.io/library/alpine:latest
 
+RUN addgroup -g 1000 -S minedmap \
+    && adduser -S -D -H -u 1000 -h /output -s /sbin/nologin -G minedmap -g minedmap minedmap
+
 RUN apk add --no-cache libgcc tini
 
 COPY --from=builder /build/target/release/minedmap /bin/minedmap
 ENTRYPOINT [ "/sbin/tini", "--", "/bin/minedmap" ]
+
+USER minedmap:minedmap