From 4fc199dfddc606215e13722fdb33dfe186b9d17a Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 25 Jan 2024 14:08:42 -0500
Subject: [PATCH] :ghost: Improve running as non-root (#473) (#475)

With this change we can at least run as non-root.

I would also proprose moving binaries that need to be accessible to all
users be installed in /usr/local/bin. But as of right now it seems we
have configs (or something) hard coded to this location.


https://github.com/konveyor/java-analyzer-bundle/blob/main/Dockerfile#L41

https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s09.html

Signed-off-by: Jason Montleon <jmontleo@redhat.com>

Signed-off-by: Jason Montleon <jmontleo@redhat.com>
Co-authored-by: Jason Montleon <jmontleo@redhat.com>
---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index bc8940cf..ef7cdfb9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -25,7 +25,7 @@ RUN microdnf install gcc-c++ python-devel python3-devel -y
 RUN python3 -m ensurepip --upgrade
 RUN python3 -m pip install python-lsp-server
 
-COPY --from=jaeger-builder /go/bin/all-in-one-linux /usr/bin/
+COPY --from=jaeger-builder /go/bin/all-in-one-linux /usr/local/bin/all-in-one-linux
 
 COPY --from=builder /analyzer-lsp/konveyor-analyzer /usr/bin/konveyor-analyzer
 COPY --from=builder /analyzer-lsp/konveyor-analyzer-dep /usr/bin/konveyor-analyzer-dep
@@ -35,6 +35,7 @@ COPY --from=builder /analyzer-lsp/external-providers/golang-dependency-provider/
 COPY provider_container_settings.json /analyzer-lsp/provider_settings.json
 
 WORKDIR /analyzer-lsp
+RUN chgrp -R 0 /analyzer-lsp && chmod -R g=u /analyzer-lsp
 
 EXPOSE 16686