docker: ensure application files are owned by root

We really don't want the layers user to be able to write to the application code / settings in /opt/workdir or /opt/bin within the layersapp container - only selected directories under /opt. It appears that we only need to set the ownership on /opt/workdir for now. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
2025-07-19 03:49:10 +02:00 · 2019-05-09 17:21:35 +12:00 · 2019-05-09 17:21:35 +12:00 · 145ddcf4ba
commit 145ddcf4ba
parent 3cd5976a7a
1 changed files with 1 additions and 1 deletions
--- a/2
+++ b/2
@ -60,7 +60,7 @@ COPY docker/migrate.sh /opt/migrate.sh

 RUN mkdir /opt/workdir \
 	&& adduser --system --uid=500 layers \
-	&& chown -R layers /opt
+	&& chown -R layers /opt/workdir
 USER layers

 # Always copy in .gitconfig and proxy helper script (they need editing to be active)