mirror of
https://github.com/davidallendj/opaal.git
synced 2025-12-20 03:27:02 -07:00
Dockerfile: Use /opaal dir owned by nobody so opaal can write
Without this, opaal, running as nobody, tries to write its sqlite db cache file to / which is owned by root. With this, an /opaal directory is created, owned by nobody, and the opaal binary is copied here. That way, it has permission to write its cache file here. Any config can be copied here as well.
This commit is contained in:
Devon Bautista
parent
87abf22916
commit
e3740c584e
1 changed files with 6 additions and 3 deletions
|
|
@ -2,12 +2,15 @@ FROM cgr.dev/chainguard/wolfi-base
|
|||
|
||||
RUN apk add --no-cache tini bash curl
|
||||
|
||||
RUN mkdir /opaal
|
||||
RUN chown 65534:65534 /opaal
|
||||
WORKDIR /opaal
|
||||
|
||||
# nobody 65534:65534
|
||||
USER 65534:65534
|
||||
|
||||
COPY opaal /opaal/opaal
|
||||
|
||||
COPY opaal /opaal
|
||||
|
||||
CMD [ "/opaal" ]
|
||||
CMD [ "/opaal/opaal" ]
|
||||
|
||||
ENTRYPOINT [ "/sbin/tini", "--" ]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue