👻 Improve running as non-root (#473) (#475)

With this change we can at least run as non-root. I would also proprose moving binaries that need to be accessible to all users be installed in /usr/local/bin. But as of right now it seems we have configs (or something) hard coded to this location. https://github.com/konveyor/java-analyzer-bundle/blob/main/Dockerfile#L41 https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s09.html Signed-off-by: Jason Montleon <[email protected]> Signed-off-by: Jason Montleon <[email protected]> Co-authored-by: Jason Montleon <[email protected]>
konveyor · Jan 25, 2024 · 4fc199d · 4fc199d
1 parent 586965a
commit 4fc199d
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -25,7 +25,7 @@ RUN microdnf install gcc-c++ python-devel python3-devel -y
 RUN python3 -m ensurepip --upgrade
 RUN python3 -m pip install python-lsp-server
 
-COPY --from=jaeger-builder /go/bin/all-in-one-linux /usr/bin/
+COPY --from=jaeger-builder /go/bin/all-in-one-linux /usr/local/bin/all-in-one-linux
 
 COPY --from=builder /analyzer-lsp/konveyor-analyzer /usr/bin/konveyor-analyzer
 COPY --from=builder /analyzer-lsp/konveyor-analyzer-dep /usr/bin/konveyor-analyzer-dep
@@ -35,6 +35,7 @@ COPY --from=builder /analyzer-lsp/external-providers/golang-dependency-provider/
 COPY provider_container_settings.json /analyzer-lsp/provider_settings.json
 
 WORKDIR /analyzer-lsp
+RUN chgrp -R 0 /analyzer-lsp && chmod -R g=u /analyzer-lsp
 
 EXPOSE 16686