docker: run minedmap as unpriviledged user

2025-03-04 17:23:33 +01:00 · 2025-02-22 04:02:10 +01:00 · 2025-02-22 04:02:10 +01:00 · 282f62fc30
commit 282f62fc30
parent 7bc15f97de
1 changed files with 5 additions and 0 deletions
--- a/5
+++ b/5
@ -9,7 +9,12 @@ RUN strip target/release/minedmap

 FROM docker.io/library/alpine:latest

+RUN addgroup -g 1000 -S minedmap \
+    && adduser -S -D -H -u 1000 -h /output -s /sbin/nologin -G minedmap -g minedmap minedmap
+
 RUN apk add --no-cache libgcc tini

 COPY --from=builder /build/target/release/minedmap /bin/minedmap
 ENTRYPOINT [ "/sbin/tini", "--", "/bin/minedmap" ]
+
+USER minedmap:minedmap