steve
/
geoserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

perform cleanup before geoserver user is set as current user

pull/45/head
Andre Henn 2024-02-09 10:00:28 +01:00
parent 2de74a9bd1
commit 577a428c9c
No known key found for this signature in database
GPG Key ID: 776670F973DDECAA
1 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Dockerfile
View File

@ -100,6 +100,18 @@ COPY *.sh /opt/
# CIS Docker benchmark: Remove setuid and setgid permissions in the images to prevent privilege escalation attacks within containers. # CIS Docker benchmark: Remove setuid and setgid permissions in the images to prevent privilege escalation attacks within containers.
RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
# cleanup
RUN apt purge -y \
&& apt autoremove --purge -y \
&& rm -rf /tmp/ \
&& rm -rf $CATALINA_HOME/webapps/ROOT \
&& rm -rf $CATALINA_HOME/webapps/docs \
&& rm -rf $CATALINA_HOME/webapps/examples \
&& rm -rf $CATALINA_HOME/webapps/host-manager \
&& rm -rf $CATALINA_HOME/webapps/manager
# GeoServer user => restrict access to $CATALINA_HOME and GeoServer directories # GeoServer user => restrict access to $CATALINA_HOME and GeoServer directories
# See also CIS Docker benchmark and docker best practices # See also CIS Docker benchmark and docker best practices
RUN chmod +x /opt/*.sh \ RUN chmod +x /opt/*.sh \
@ -112,16 +124,6 @@ RUN chmod +x /opt/*.sh \
USER geoserver USER geoserver
# cleanup
RUN apt purge -y \
&& apt autoremove --purge -y \
&& rm -rf /tmp/ \
&& rm -rf $CATALINA_HOME/webapps/ROOT \
&& rm -rf $CATALINA_HOME/webapps/docs \
&& rm -rf $CATALINA_HOME/webapps/examples \
&& rm -rf $CATALINA_HOME/webapps/host-manager \
&& rm -rf $CATALINA_HOME/webapps/manager
WORKDIR /opt WORKDIR /opt
ENTRYPOINT ["/opt/startup.sh"] ENTRYPOINT ["/opt/startup.sh"]