steve
/
geoserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove setuid and setgid permissions in the images to prevent privilege escalation attacks within containers

pull/39/head
Andre Henn 2023-12-12 14:42:59 +01:00
parent b108b4be06
commit 626b4775ba
No known key found for this signature in database
GPG Key ID: 776670F973DDECAA
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfile
View File

@ -136,6 +136,10 @@ RUN cd $CATALINA_HOME/lib \
# copy scripts # copy scripts
COPY *.sh /opt/ COPY *.sh /opt/
# CIS Docker benchmark: Remove setuid and setgid permissions in the images to prevent privilege escalation attacks within containers.
RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
# GeoServer user => restrict access to $CATALINA_HOME and GeoServer directories # GeoServer user => restrict access to $CATALINA_HOME and GeoServer directories
# See also CIS Docker benchmark and docker best practices # See also CIS Docker benchmark and docker best practices
RUN chmod +x /opt/*.sh \ RUN chmod +x /opt/*.sh \