From 4cd69c9d436df86f99a32149b2f76e1de9be232d Mon Sep 17 00:00:00 2001 From: Arnob Kumar Saha Date: Thu, 23 Nov 2023 21:05:00 +0600 Subject: [PATCH] Run init-container as non-root user for 6.0 (#28) Signed-off-by: Arnob kumar saha --- Dockerfile | 2 +- install.sh | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7cac58c..5e3f697 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM debian:stretch as builder +FROM debian:bookworm as builder ENV DEBIAN_FRONTEND noninteractive ENV DEBCONF_NONINTERACTIVE_SEEN true diff --git a/install.sh b/install.sh index 36f60d5..c8e0472 100644 --- a/install.sh +++ b/install.sh @@ -49,7 +49,6 @@ if [[ "$SSL_MODE" != "disabled" ]] && [[ -f "$client_pem" ]]; then envsubst '${INJECT_USER}' <${INIT_DIR}/replicaset.sh >${DEST_DIR}/replicaset.sh envsubst '${INJECT_USER}' <${INIT_DIR}/sharding.sh >${DEST_DIR}/sharding.sh envsubst '${INJECT_USER}' <${INIT_DIR}/mongos.sh >${DEST_DIR}/mongos.sh - rm ${INIT_DIR}/replicaset.sh ${INIT_DIR}/mongos.sh ${INIT_DIR}/sharding.sh chmod -c 755 ${DEST_DIR}/replicaset.sh ${DEST_DIR}/sharding.sh ${DEST_DIR}/mongos.sh fi @@ -69,6 +68,5 @@ fi if [ -f "/keydir-readonly/key.txt" ]; then cp /keydir-readonly/key.txt /data/configdb/key.txt - chmod 600 /data/configdb/key.txt - chown -R 1001:0 /data/configdb/key.txt + chmod 400 /data/configdb/key.txt fi